bump libnDPI to a944514ddec73f79704f55aab1423e39f4ce7a03

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

812 files changed, 7104 insertions, 4318 deletions

diff --git a/test/results/1kxun.pcap.out b/test/results/1kxun.pcap.out
index 682cf32d1..40a0c8c9e 100644
--- a/test/results/1kxun.pcap.out
+++ b/test/results/1kxun.pcap.out
@@ -190,7 +190,9 @@
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1470104379954937,"flow_dst_last_pkt_time":1470104379954670,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379954937,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUgpAAIAG5u3AqHMIarkjbsHGAFDBDvahiK55D1AQAQRxcwAA"}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1470104379955007,"flow_dst_last_pkt_time":1470104379954670,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379955007,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUgpAAIAG5u3AqHMIarkjbsHGAFDBDvahiK55D1AQAQRxcwAA"}
 01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104379916887,"flow_src_last_pkt_time":1470104379956802,"flow_dst_last_pkt_time":1470104379954670,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379956802,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"jp.kankan.1kxun.mobi","http": {"url":"jp.kankan.1kxun.mobi\/api\/movies\/mp4script\/10410?definition=true","code":0,"content_type":"","user_agent":""}}}
-02143{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":441,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1470104379916887,"flow_src_last_pkt_time":1470104380141237,"flow_dst_last_pkt_time":1470104380142241,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":714,"flow_dst_tot_l4_payload_len":20160,"midstream":0,"thread_ts_usec":1470104380142241,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":26,"avg":14506.6,"max":146838,"stddev":33179.1,"var":1100853504.0,"ent":2.6,"data": [56,37783,37994,70,1795,58,38952,109751,153,146838,45,329,66,113,56,463,29,236,62,115,388,44,244,36267,36544,26,410,130,482,92,113]},"pktlen": {"min":40,"avg":693.6,"max":1300,"stddev":612.0,"var":374554.6,"ent":4.3,"data": [52,52,52,40,40,397,397,46,1300,1300,40,40,1300,1300,1300,1300,40,40,1300,1300,1300,40,40,1300,1300,40,40,1300,1300,1300,1300,1300]},"bins": {"c_to_s": [12,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,0,1,1,1,1,1],"entropies": [4.540471077,4.540471077,4.955154896,4.784183979,4.784183979,5.758289814,5.758289814,4.303872585,5.568258762,4.972586632,4.784183979,4.784183979,4.816908836,5.305360317,5.245053291,5.141684532,4.684184074,4.684184074,5.953328609,5.139973164,5.197480202,4.784183979,4.784183979,5.838756561,5.133826733,4.734184265,4.734184265,4.452571869,4.709616661,4.691545486,5.564413548,5.160192013]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
+01215{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":412,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":3,"flow_first_seen":1470104379903616,"flow_src_last_pkt_time":1470104379941736,"flow_dst_last_pkt_time":1470104379989294,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":336,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":672,"flow_dst_tot_l4_payload_len":1260,"midstream":0,"thread_ts_usec":1470104379989294,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"jp.kankan.1kxun.mobi","http": {"url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json","code":200,"content_type":"application\/json","user_agent":""}}}
+01229{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":418,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":3,"flow_first_seen":1470104379916887,"flow_src_last_pkt_time":1470104379956860,"flow_dst_last_pkt_time":1470104380103373,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":714,"flow_dst_tot_l4_payload_len":1260,"midstream":0,"thread_ts_usec":1470104380103373,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"jp.kankan.1kxun.mobi","http": {"url":"jp.kankan.1kxun.mobi\/api\/movies\/mp4script\/10410?definition=true","code":200,"content_type":"text\/xml","user_agent":""}}}
+02273{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":441,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1470104379916887,"flow_src_last_pkt_time":1470104380141237,"flow_dst_last_pkt_time":1470104380142241,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":714,"flow_dst_tot_l4_payload_len":20160,"midstream":0,"thread_ts_usec":1470104380142241,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":26,"avg":14506.6,"max":146838,"stddev":33179.1,"var":1100853504.0,"ent":2.6,"data": [56,37783,37994,70,1795,58,38952,109751,153,146838,45,329,66,113,56,463,29,236,62,115,388,44,244,36267,36544,26,410,130,482,92,113]},"pktlen": {"min":40,"avg":693.6,"max":1300,"stddev":612.0,"var":374554.6,"ent":4.3,"data": [52,52,52,40,40,397,397,46,1300,1300,40,40,1300,1300,1300,1300,40,40,1300,1300,1300,40,40,1300,1300,40,40,1300,1300,1300,1300,1300]},"bins": {"c_to_s": [12,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,0,1,1,1,1,1],"entropies": [4.540471077,4.540471077,4.955154896,4.784183979,4.784183979,5.758289814,5.758289814,4.303872585,5.568258762,4.972586632,4.784183979,4.784183979,4.816908836,5.305360317,5.245053291,5.141684532,4.684184074,4.684184074,5.953328609,5.139973164,5.197480202,4.784183979,4.784183979,5.838756561,5.133826733,4.734184265,4.734184265,4.452571869,4.709616661,4.691545486,5.564413548,5.160192013]},"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104380188079,"flow_src_last_pkt_time":1470104380188079,"flow_dst_last_pkt_time":1470104380188079,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104380188079,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1470104380188079,"flow_dst_last_pkt_time":1470104380188079,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104380188079,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhRAAIAGEmDAqHMI2vSHqsHHI4t8ty1+AAAAAIACIAAqAAAAAgQE7AEDAwgBAQQC"}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1470104380188122,"flow_dst_last_pkt_time":1470104380188079,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104380188122,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhRAAIAGEmDAqHMI2vSHqsHHI4t8ty1+AAAAAIACIAAqAAAAAgQE7AEDAwgBAQQC"}
@@ -255,6 +257,7 @@
 01473{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104381895304,"flow_src_last_pkt_time":1470104381978984,"flow_dst_last_pkt_time":1470104381968167,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":432,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104381978984,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"183.131.48.145","http": {"url":"183.131.48.145\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8","code":0,"content_type":"","user_agent":""}}}
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1470104382036037,"flow_dst_last_pkt_time":1470104381935187,"flow_idle_time":200000000,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1470104382036037,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J0UAAAERi6vAqGUh4AAA\/ORYFOsAI152CJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"}
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1470104382038651,"flow_dst_last_pkt_time":1470104381935396,"flow_idle_time":200000000,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1470104382038651,"pkt":"AQBeAAD8cPGh+Cr9CABFAAA3fUUAAAERlcPAqAUJ4AAA\/ORYFOsAI76OCJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"}
+01602{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":566,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":3,"flow_first_seen":1470104381895304,"flow_src_last_pkt_time":1470104381979038,"flow_dst_last_pkt_time":1470104382051994,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":633,"flow_src_tot_l4_payload_len":864,"flow_dst_tot_l4_payload_len":633,"midstream":0,"thread_ts_usec":1470104382051994,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"183.131.48.145","http": {"url":"183.131.48.145\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8","code":302,"content_type":"","user_agent":""}}}
 00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104382053678,"flow_src_last_pkt_time":1470104382053678,"flow_dst_last_pkt_time":1470104382053678,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382053678,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1470104382053678,"flow_dst_last_pkt_time":1470104382053678,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104382053678,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UjJAAIAGjM3AqHMIt4MwkMHNAFBSJ8A7AAAAAIACIABfkwAAAgQE7AEDAwgBAQQC"}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1470104382053709,"flow_dst_last_pkt_time":1470104382053678,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104382053709,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UjJAAIAGjM3AqHMIt4MwkMHNAFBSJ8A7AAAAAIACIABfkwAAAgQE7AEDAwgBAQQC"}
@@ -263,7 +266,7 @@
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1470104382123077,"flow_dst_last_pkt_time":1470104382122949,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104382123077,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUjRAAIAGjNfAqHMIt4MwkMHNAFBSJ8A8K2Hi01AQ\/\/CxaAAA"}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1470104382123103,"flow_dst_last_pkt_time":1470104382122949,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104382123103,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUjRAAIAGjNfAqHMIt4MwkMHNAFBSJ8A8K2Hi01AQ\/\/CxaAAA"}
 01544{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":577,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1470104382053678,"flow_src_last_pkt_time":1470104382125031,"flow_dst_last_pkt_time":1470104382122949,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":503,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382125031,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"183.131.48.144","http": {"url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":0,"content_type":"","user_agent":""}}}
-01571{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":3,"flow_first_seen":1470104382053678,"flow_src_last_pkt_time":1470104382125065,"flow_dst_last_pkt_time":1470104382192288,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":1006,"flow_dst_tot_l4_payload_len":281,"midstream":0,"thread_ts_usec":1470104382192288,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"183.131.48.144","http": {"url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":206,"content_type":"video\/mp4","user_agent":""}}}
+01686{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":3,"flow_first_seen":1470104382053678,"flow_src_last_pkt_time":1470104382125065,"flow_dst_last_pkt_time":1470104382192288,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":1006,"flow_dst_tot_l4_payload_len":281,"midstream":0,"thread_ts_usec":1470104382192288,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"183.131.48.144","http": {"url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":206,"content_type":"video\/mp4","user_agent":""}}}
 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104382241911,"flow_src_last_pkt_time":1470104382241911,"flow_dst_last_pkt_time":1470104382241911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382241911,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1470104382241911,"flow_dst_last_pkt_time":1470104382241911,"flow_idle_time":200000000,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104382241911,"pkt":"AQBef\/\/6uKxvwfbSCABFAAChJ0YAAAERfELAqGUh7\/\/\/+ti9B2wAjWL8TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":587,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104382241911,"flow_src_last_pkt_time":1470104382241911,"flow_dst_last_pkt_time":1470104382241911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104382241911,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}}
@@ -292,7 +295,7 @@
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1470104384085549,"flow_dst_last_pkt_time":1470104378045830,"flow_idle_time":200000000,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104384085549,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEMAAAER2QfAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1470104384085672,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_usec":1470104384085672,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAshosLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACAt0="}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1470104384289461,"flow_dst_last_pkt_time":1470104381217586,"flow_idle_time":200000000,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104384289461,"pkt":"AQBef\/\/6CJ4BzeuNCABFAAChFFAAAAER7zTAqAUl7\/\/\/+t\/tB2wAjbvITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-02281{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":622,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1470104382053678,"flow_src_last_pkt_time":1470104384990940,"flow_dst_last_pkt_time":1470104384790982,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":1006,"flow_dst_tot_l4_payload_len":9497,"midstream":0,"thread_ts_usec":1470104384990940,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":26,"avg":183050.5,"max":862765,"stddev":252834.9,"var":63925489664.0,"ent":3.6,"data": [31,69271,69368,26,1928,34,67940,1399,6083,291,73959,37,665858,862765,47,408647,411020,37,251400,251827,47,336785,335976,58,329935,190,130781,55,599505,799208,58]},"pktlen": {"min":40,"avg":369.3,"max":1064,"stddev":452.5,"var":204736.5,"ent":3.9,"data": [52,52,46,40,40,543,543,46,321,1064,1064,40,40,1064,40,40,1064,40,40,1064,40,40,1064,40,40,1064,1064,40,40,1064,40,40]},"bins": {"c_to_s": [18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,1,0,0,1,0,0],"entropies": [4.463547707,4.463547707,4.611080170,4.784183979,4.784183979,5.504161358,5.504161358,4.457919598,5.616157532,3.396698952,2.285910130,4.834183693,4.834183693,2.224251509,4.834183693,4.834183693,2.277304173,4.834183693,4.834183693,2.234616041,4.834183693,4.834183693,2.318356037,4.834183693,4.834183693,2.277927399,2.247195482,4.834183693,4.834183693,2.248827934,4.834183693,4.834183693]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
+02396{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":622,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1470104382053678,"flow_src_last_pkt_time":1470104384990940,"flow_dst_last_pkt_time":1470104384790982,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":1006,"flow_dst_tot_l4_payload_len":9497,"midstream":0,"thread_ts_usec":1470104384990940,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":26,"avg":183050.5,"max":862765,"stddev":252834.9,"var":63925489664.0,"ent":3.6,"data": [31,69271,69368,26,1928,34,67940,1399,6083,291,73959,37,665858,862765,47,408647,411020,37,251400,251827,47,336785,335976,58,329935,190,130781,55,599505,799208,58]},"pktlen": {"min":40,"avg":369.3,"max":1064,"stddev":452.5,"var":204736.5,"ent":3.9,"data": [52,52,46,40,40,543,543,46,321,1064,1064,40,40,1064,40,40,1064,40,40,1064,40,40,1064,40,40,1064,1064,40,40,1064,40,40]},"bins": {"c_to_s": [18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,1,0,0,1,0,0],"entropies": [4.463547707,4.463547707,4.611080170,4.784183979,4.784183979,5.504161358,5.504161358,4.457919598,5.616157532,3.396698952,2.285910130,4.834183693,4.834183693,2.224251509,4.834183693,4.834183693,2.277304173,4.834183693,4.834183693,2.234616041,4.834183693,4.834183693,2.318356037,4.834183693,4.834183693,2.277927399,2.247195482,4.834183693,4.834183693,2.248827934,4.834183693,4.834183693]},"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1470104385005874,"flow_dst_last_pkt_time":1470104376017777,"flow_idle_time":200000000,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1470104385005874,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRUAAAQRv17AqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1470104385211573,"flow_dst_last_pkt_time":1470104382241911,"flow_idle_time":200000000,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104385211573,"pkt":"AQBef\/\/6uKxvwfbSCABFAAChJ0oAAAERfD7AqGUh7\/\/\/+ti9B2wAjWL8TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1470104385211727,"flow_dst_last_pkt_time":1470104382242882,"flow_idle_time":200000000,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104385211727,"pkt":"AQBef\/\/6cPGh+Cr9CABFAAChfwAAAAERhKDAqAUJ7\/\/\/+ti8B2wAjcMVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
@@ -682,7 +685,7 @@
 00947{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1433,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448739,"flow_src_last_pkt_time":1470104382858294,"flow_dst_last_pkt_time":1470104382448739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433238541,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00958{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1433,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433238541,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1436,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_src_last_pkt_time":1470104433649184,"flow_dst_last_pkt_time":1470104398932814,"flow_idle_time":200000000,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1470104433649184,"pkt":"\/\/\/\/\/\/\/\/AAK2Qbs6CABFAABEAABAAEARd0fAqAK6\/\/\/\/\/4AAB5sAMBr8aWNSVlNvVTlBQUJYWldKRFlXeHNBSFZ0Ukc5c2IzSlRhWFJCYldVQQ=="}
-00572{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1440,"source":"1kxun.pcap","alias":"nDPId-test","packets-captured":1440,"packets-processed":1439,"total-skipped-flows":0,"total-l4-payload-len":552863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":109,"total-detection-updates":11,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":685,"global_ts_usec":1654385119050609}
+00572{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1440,"source":"1kxun.pcap","alias":"nDPId-test","packets-captured":1440,"packets-processed":1439,"total-skipped-flows":0,"total-l4-payload-len":552863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":109,"total-detection-updates":14,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":688,"global_ts_usec":1654385119050609}
 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1440,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":3285032704,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_usec":1654385119050609,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOAZpAAEAGaiXAqAJ+rGhdXO4iBNJ6yTZonxdjWoAYAfbPKwAAAQEICmbWNa+8oaeIR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE3IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBMVFJDT1VPdEIwdHRrSnJIdUhaRHRnPT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="}
 01448{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1440,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi","http": {"url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385117","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}}
@@ -789,8 +792,8 @@
 00756{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104391199899,"flow_src_last_pkt_time":1470104391199954,"flow_dst_last_pkt_time":1470104391208758,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00945{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045747,"flow_src_last_pkt_time":1470104378454823,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":4,"flow_first_seen":1470104377754759,"flow_src_last_pkt_time":1470104422868933,"flow_dst_last_pkt_time":1470104422913733,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":414,"flow_dst_max_l4_payload_len":1218,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":1218,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
-00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1470104379903616,"flow_src_last_pkt_time":1470104379989707,"flow_dst_last_pkt_time":1470104379989529,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":336,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":672,"flow_dst_tot_l4_payload_len":1993,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
-00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":28,"flow_first_seen":1470104379916887,"flow_src_last_pkt_time":1470104380338807,"flow_dst_last_pkt_time":1470104380144205,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":714,"flow_dst_tot_l4_payload_len":32291,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
+01087{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1470104379903616,"flow_src_last_pkt_time":1470104379989707,"flow_dst_last_pkt_time":1470104379989529,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":336,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":672,"flow_dst_tot_l4_payload_len":1993,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
+01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":28,"flow_first_seen":1470104379916887,"flow_src_last_pkt_time":1470104380338807,"flow_dst_last_pkt_time":1470104380144205,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":714,"flow_dst_tot_l4_payload_len":32291,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":4,"flow_first_seen":1470104378906497,"flow_src_last_pkt_time":1470104424049934,"flow_dst_last_pkt_time":1470104424115083,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":420,"flow_dst_max_l4_payload_len":734,"flow_src_tot_l4_payload_len":842,"flow_dst_tot_l4_payload_len":734,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00901{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1470104378005826,"flow_src_last_pkt_time":1470104378005826,"flow_dst_last_pkt_time":1470104378007003,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00755{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1470104378005826,"flow_src_last_pkt_time":1470104378005826,"flow_dst_last_pkt_time":1470104378007003,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -832,8 +835,8 @@
 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378454680,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00913{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104428908615,"flow_dst_last_pkt_time":1470104428908687,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5537,"flow_dst_tot_l4_payload_len":595,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00769{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104428908615,"flow_dst_last_pkt_time":1470104428908687,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5537,"flow_dst_tot_l4_payload_len":595,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01071{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":4,"flow_first_seen":1470104381895304,"flow_src_last_pkt_time":1470104382125381,"flow_dst_last_pkt_time":1470104382124370,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":633,"flow_src_tot_l4_payload_len":864,"flow_dst_tot_l4_payload_len":633,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":260,"flow_dst_packets_processed":159,"flow_first_seen":1470104382053678,"flow_src_last_pkt_time":1470104433698291,"flow_dst_last_pkt_time":1470104433789634,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":1006,"flow_dst_tot_l4_payload_len":160025,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
+01186{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":4,"flow_first_seen":1470104381895304,"flow_src_last_pkt_time":1470104382125381,"flow_dst_last_pkt_time":1470104382124370,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":633,"flow_src_tot_l4_payload_len":864,"flow_dst_tot_l4_payload_len":633,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01197{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":260,"flow_dst_packets_processed":159,"flow_first_seen":1470104382053678,"flow_src_last_pkt_time":1470104433698291,"flow_dst_last_pkt_time":1470104433789634,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":1006,"flow_dst_tot_l4_payload_len":160025,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
 00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104378901305,"flow_src_last_pkt_time":1470104378901349,"flow_dst_last_pkt_time":1470104378905035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":66,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":66,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
 00852{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00765{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518258,"flow_src_last_pkt_time":1470104402518258,"flow_dst_last_pkt_time":1470104402518258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -1184,13 +1187,13 @@
 01153{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2508,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":3,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229374771,"flow_idle_time":3285032704,"pkt_caplen":548,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":548,"pkt_l4_len":514,"thread_ts_usec":1654385229376461,"pkt":"tKXvZygQnLbQ0+MzCABFAAIWbkpAAEAGIaPAqAJ+NB2xsZDsAFBe8KPGSC8RAoAYAfaq\/QAAAQEICgB7lmTzZF3LZXFkc3BzPTUyJTJDNzElMkM1NyUyQzY2JTJDNjMlMkM0NSUyQzU4JTJDMiUyQzY4JTJDNTUlMkM3MCUyQzI4JTJDNDYlMkM2OSUyQzYyJTJDNjUlMkM1MSUyQzYxJTJDNDMlMkM1OSUyQzE1JTJDOSUyQzcyJTJDNTMlMkM2NyZyZmVjcG09MCZyZXNwdD0xJnNpcD0xNzIuMzEuMS4yMzImb3J0ZD0yJmJkbj1jb20uc2NlbmV3YXkua2Fua2FuLm1hcmtldDMma2V5PXBsYXkmcmF0ZT0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGFkeC10ay5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2509,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377895,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 02431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2509,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1654385229377895,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUXuxAAEAGw2jAqAJ+I5wsDaZGAFB7fWmugsWKk4AQAfYYlgAAAQEIChlnEfsPV8RHR0VUIC9pbXByZXNzaW9uP2s9NjI5YmVhMjBhNGU1NDEwMDAxZjAxYzd4Jm1wPWZVUlBEcjV0aVVTdGY3VjJmYWpNaWF2ZUhVdmVEQUo5NmFpUGZVNUlpQVJUZm5ISUdhbDlpJTJCTWVmYk1lZkFFZUduM1RmYWlGZm5SUEduRWU2anhjNmFSQUdheElpJTJCTVBmZE1laSUyQmV3RGtlNkdvOWJXVXhJaTA5OVdVUiUyRmklMkJlZ1lGS2dZNzVJaEZ4OCUyQkZKTUw3SyUyRkg1SzlHYUhJaW5oUGZkbGVpYWxNNmF6SUhrUElHJTJCZUlHblIlMkZpVWpQV1VOTVdVUkFmJTJCZUlpQjllaVVqJTJGaVVSVFdVaEE2ZGVJRFVRUWlVbGJmQURBZm54M2lVVlBIJTJCTTJEa2lGRG5TckgwVDlIYWo5V25OYkRyaXdEbjNNaTBUQkdhakJERkRNREFSMmlrNUk2YWpNaWdNQmlkTWU2YVNJaW5oMUdVZkk2N0tNSGtQdGg3UUk2N2NiaEZIOExBdEE2ZHMwSjc1d2hqUTNSVXVPUlUzTWZvUjFpJTJCMks2ZHMwREZsMEdVak1pYXZlV296M2hiU3VIb1IxZlVWc1JyZnVIb1IxUlVqVGlBbFRmWlJzUnJjM1laUjFrQnp0NHJjQlk3UUZIWlBVWUZUMCUyQlpNMERyTjBHMHpVWUZUJTJGRCUyQnV0aHJldUpyViUyRkRrUDNockt1SG9Sc1JnU0JMa2ZRJTJCRlElMkZSVUVBaVUzJTJGZlUzQmlCTTBoZHp1REY1NlliNVRSVUVBaVUzJTJGZlUzQmlCTTBMJTJCZjZMN1IwR1V2c1JnU0JMa2ZRJTJCYnp0SkJSMWlBUlBXVURQaVVpc1JneHQ0b1IxaVpNMEhyYzhIWlIxaVpNMEQlMkI1VUo3UVhZMFIxaVpNMERrSDZKN2M5UlVFQWlVMyUyRmZVM0JpQk0waGR6dURGNTZockQwR1VpQkdaOUZHblJBV296TWhyUVVINUtCSGdOMEdVaUJHWjlGR25SQVdvek1oclFVSDVLQkhneHRSVUVBaVUzJTJGZlUzQmlCTTBIZ1NCTGtmUVJVRUFXVVJQZlUzQmlCTTBEJTJCeFBoN1YwR1Vqc1JydHJSVUVNV296QUhrZjZoZHp1REZWMEdVUjJpb00wRGI1QmhyNSUyRkRiMzBHMHo1VlROMFdvekJKN2NnUlV1T1JneHJZN0tiUlVFMEhVVjBXb3pUTDc1d0wlMkJpMEcwelhKN3RRaGdpMDZaTTBoRnpURGtoMEcwem9Xa3hBaG8yVlYweks2YVNJNmRlSTZkZU9ScjVVSGROMEdVakFpYVJzUnJ4QWhjS1VoclEzUlVFZWZhUkZHbmxNaWEzOVdvelRERnhUUlVFMDQyTTBZJTJCSDZMZFEwTCUyQnozJTJCRnglMkZoMk0wR1VScyUyQm96TVlqeCUyRmgyTTBHVWNLUjBNMEo3d1VZMFIxaW9NMEpyUTMlMkJGSFVSVUVlV296dEhkZk1Ea2ZRJTJCYnhQaDdWMEdVdnNScjJ0Sjc1QkxrY3MlMkJieFBoN1YwR1V2c1JyUUYlMkJieE1ZY0tUUlVFTVdvelRoN3hUSm9SMWlvTTBERnglMkYlMkJieDNEa3pUUlVFMERuajA2JTJCTWI2YVJiaW5SZTZhU0k2ZHMwWXI1VEhCUjFSMHpLNmFSJTNEIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vj"}
-00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2509,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377895,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00961{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2509,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229377895,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229377895,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {"detected_os":"Android 11"}}}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2510,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229377922,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1654385229377922,"pkt":"tKXvZygQnLbQ0+MzCABFAABIXu1AAEAGyPPAqAJ+I5wsDaZGAFB7fW9OgsWKk4AYAfYTCgAAAQEIChlnEfsPV8RHa28pIFZlcnNpb24vNC4wIENocm8="}
 00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2511,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229378645,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 02179{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2511,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":3285032704,"pkt_caplen":1315,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1315,"pkt_l4_len":1281,"thread_ts_usec":1654385229378645,"pkt":"tKXvZygQnLbQ0+MzCABFAAUV94ZAAEAGGcTAqAJ+EkBPMqPUAFBRMOE7Lwf8VoAYAfYpoAAAAQEICgCrWABx+rveR0VUIC9hZC9sb2cvcGxheT9rPTYyOWJlYTIwYTRlNTQxMDAwMWYwMWM3eCZtcD1mVVJQRHI1dGlVU3RmN1YyZmFqTWlhdmVIVXZlREFKOTZhaVBmVTVJaUFSVGZuSElHYWw5aSUyQk1lZmJNZWZBRWVHbjNUZmFpRmZuUlBHbkVlNmp4YzZhUkFHYXhJaSUyQk1QZmRNZWklMkJld0RrZTZHbzliV1V4SWkwOTlXVVIlMkZpJTJCZWdZRktnWTc1SWhGeDglMkJGSk1MN0slMkZINUs5R2FISWluaFBmZGxlaWFsTTZheklIa1BJRyUyQmVJaWRNTTZhU0k2ZGUwR2tWQkdhaGJmVWkyZjdOQmZuUVE2YTV0REFIdGk3SHJXbnQzaW5sd2ZhSjBEQjJ0R252QlduUjlpbnpVSFVTVWlVVmVIJTJCZUlpbnZCNmFSTTZhY0lpZE1lZkFFMWliZUlZYlNRWXJjTUwlMkJlSTZhU0k0QnpVTG9SMWludk1pYWpzUnJ4QWg3UTNSVUVGZlpNMERGUTNSVUUwaW5OQUdhTjJSME0wRGt4d1JVdVlScmMxRCUyQnpzTCUyQkhRV3JmWFlaekpXb3owSG9SMVJyZlhZWlB0NHJjQlk3UUZIWlB0WXJ4QllGUTNSME0waGR6dURGNTZMazkwR1VpQkdaOUZHblJBV296TWhyUVVINUtYSiUyQk4wR1VpQkdaOUZHblJBV296dWgyS0VEMFIxaW9NMGhkenVERjU2aHJjYlJVRUFpVTMlMkZmVTNCaUJNMEo3YzlSVUVlV296ckRrd1FSVUVlV296dEprZlRMa0slMkZSVUVlV296dEhRS1REJTJCbDBHVWlCR1o5RkduUkFXb3pNaHJRVUg1S0JIMFIxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKb1IxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKN2owR1VpQkdaOUZHblJBV296cmhkenVERlYwR1VpJTJGaVUzRkduUkFXb3p0SmRRTUhaUjFpWk0wTDdEMEdVdnNSZ2ZRRDJLTWhyUVVIWlIxaVVWTVdvelVKJTJCekJIa1BVNFpSMVJRNW54b1JzUmd6VERraDBHZ3MwSjdIc1liaDBHMHpyZlpSc1JneEVIazJ1aEJSMVJyS1RMNzVCaEJ6S1dvekFEZ3h0SEJSMVIzUndIZGZNVzV4WlJnMklpZGVJNmRlSTZkTWImdHlwZT1yZXdhcmRfdmlkZW8ma2V5PXBsYXlfcGVyY2VudGFnZSZyYXRlPTAgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KSG9zdDogdGtuZXQtY2RuLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
 02205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2511,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385229378645,"flow_src_last_pkt_time":1654385229378645,"flow_dst_last_pkt_time":1654385229378645,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":1249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229378645,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"tknet-cdn.rayjump.com","http": {"url":"tknet-cdn.rayjump.com\/ad\/log\/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIidMM6aSI6de0GkVBGahbfUi2f7NBfnQQ6a5tDAHti7HrWnt3inlwfaJ0DB2tGnvBWnR9inzUHUSUiUVeH%2BeIinvB6aRM6acIidMefAE1ibeIYbSQYrcML%2BeI6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb&type=reward_video&key=play_percentage&rate=0","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36","detected_os":"Android 11"}}}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2512,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":3,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":3285032704,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_usec":1654385229379534,"pkt":"tKXvZygQnLbQ0+MzCABFAACkXu5AAEAGyJbAqAJ+I5wsDaZGAFB7fW9igsWKk4AYAfYTZgAAAQEIChlnEfwPV8RHbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpIb3N0OiBkZTAxLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00957{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2512,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229379534,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","http": {}}}
+00983{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2512,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1654385229377895,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229377895,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1572,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385229379534,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"de01.rayjump.com","http": {"detected_os":"Android 11"}}}
 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2513,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":2,"flow_src_last_pkt_time":1654385229375778,"flow_dst_last_pkt_time":1654385229398934,"flow_idle_time":3285032704,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1654385229398934,"pkt":"nLbQ0+MztKXvZygQCABFAADQ2J9AAPUGmbgjnCwNwKgCfgBQpjo7f\/DX8zWzN4AYAHOmEwAAAQEICg9XxGYZZxH5SFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb250ZW50LUxlbmd0aDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQox"}
 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2514,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":4,"flow_src_last_pkt_time":1654385229376461,"flow_dst_last_pkt_time":1654385229399980,"flow_idle_time":3285032704,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_usec":1654385229399980,"pkt":"nLbQ0+MztKXvZygQCABFAACbqYhAAPUGMt80HbGxwKgCfgBQkOxILxECXvClqIAYAIBoGAAAAQEICvNkXe4Ae5ZkSFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2515,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":4,"flow_src_last_pkt_time":1654385229379534,"flow_dst_last_pkt_time":1654385229406775,"flow_idle_time":3285032704,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1654385229406775,"pkt":"nLbQ0+MztKXvZygQCABFAADQbSRAAPUGBTQjnCwNwKgCfgBQpkaCxYqTe31v0oAYAHWAFwAAAQEICg9XxG0ZZxH8SFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb250ZW50LUxlbmd0aDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQox"}
@@ -1296,7 +1299,7 @@
 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385129449830,"flow_src_last_pkt_time":1654385129449830,"flow_dst_last_pkt_time":1654385129804228,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":916,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":265,"flow_src_tot_l4_payload_len":916,"flow_dst_tot_l4_payload_len":265,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":73,"flow_first_seen":1654385140171515,"flow_src_last_pkt_time":1654385145095894,"flow_dst_last_pkt_time":1654385145302253,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":765,"flow_dst_max_l4_payload_len":8640,"flow_src_tot_l4_payload_len":4383,"flow_dst_tot_l4_payload_len":173462,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385139579809,"flow_src_last_pkt_time":1654385139579809,"flow_dst_last_pkt_time":1654385139941321,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":887,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":887,"flow_dst_max_l4_payload_len":497,"flow_src_tot_l4_payload_len":887,"flow_dst_tot_l4_payload_len":497,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
-00577{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","packets-captured":2549,"packets-processed":2549,"total-skipped-flows":0,"total-l4-payload-len":4952452,"total-not-detected-flows":14,"total-guessed-flows":6,"total-detected-flows":177,"total-detection-updates":20,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1299,"global_ts_usec":1654385236487007}
+00577{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","packets-captured":2549,"packets-processed":2549,"total-skipped-flows":0,"total-l4-payload-len":4952452,"total-not-detected-flows":14,"total-guessed-flows":6,"total-detected-flows":177,"total-detection-updates":23,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1302,"global_ts_usec":1654385236487007}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2549/2549
 ~~ skipped flows.............: 0
@@ -1305,9 +1308,9 @@
 ~~ total active/idle flows...: 197/197
 ~~ total timeout flows.......: 20
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6917196 bytes
-~~ total memory freed........: 6917196 bytes
-~~ total allocations/frees...: 127819/127819
+~~ total memory allocated....: 6924697 bytes
+~~ total memory freed........: 6924697 bytes
+~~ total allocations/frees...: 127852/127852
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 8988 chars
diff --git a/test/results/443-chrome.pcap.out b/test/results/443-chrome.pcap.out
index 79906618f..ff3240d56 100644
--- a/test/results/443-chrome.pcap.out
+++ b/test/results/443-chrome.pcap.out
@@ -13,9 +13,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6413823 bytes
-~~ total memory freed........: 6413823 bytes
-~~ total allocations/frees...: 122438/122438
+~~ total memory allocated....: 6418728 bytes
+~~ total memory freed........: 6418728 bytes
+~~ total allocations/frees...: 122448/122448
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 495 chars
 ~~ json string max len.......: 2467 chars
diff --git a/test/results/443-curl.pcap.out b/test/results/443-curl.pcap.out
index a9dc9e2ea..7a83fe08a 100644
--- a/test/results/443-curl.pcap.out
+++ b/test/results/443-curl.pcap.out
@@ -20,9 +20,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6421874 bytes
-~~ total memory freed........: 6421874 bytes
-~~ total allocations/frees...: 122553/122553
+~~ total memory allocated....: 6426779 bytes
+~~ total memory freed........: 6426779 bytes
+~~ total allocations/frees...: 122563/122563
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 493 chars
 ~~ json string max len.......: 2146 chars
diff --git a/test/results/443-firefox.pcap.out b/test/results/443-firefox.pcap.out
index 631bcfb7a..36a9a99cb 100644
--- a/test/results/443-firefox.pcap.out
+++ b/test/results/443-firefox.pcap.out
@@ -20,9 +20,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6438110 bytes
-~~ total memory freed........: 6438110 bytes
-~~ total allocations/frees...: 123112/123112
+~~ total memory allocated....: 6443015 bytes
+~~ total memory freed........: 6443015 bytes
+~~ total allocations/frees...: 123122/123122
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 496 chars
 ~~ json string max len.......: 2161 chars
diff --git a/test/results/443-git.pcap.out b/test/results/443-git.pcap.out
index 2792637a9..b7f53da7a 100644
--- a/test/results/443-git.pcap.out
+++ b/test/results/443-git.pcap.out
@@ -20,9 +20,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6424259 bytes
-~~ total memory freed........: 6424259 bytes
-~~ total allocations/frees...: 122516/122516
+~~ total memory allocated....: 6429164 bytes
+~~ total memory freed........: 6429164 bytes
+~~ total allocations/frees...: 122526/122526
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 2421 chars
diff --git a/test/results/443-opvn.pcap.out b/test/results/443-opvn.pcap.out
index 82a1ebdc4..cf5ea9203 100644
--- a/test/results/443-opvn.pcap.out
+++ b/test/results/443-opvn.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6415128 bytes
-~~ total memory freed........: 6415128 bytes
-~~ total allocations/frees...: 122483/122483
+~~ total memory allocated....: 6420033 bytes
+~~ total memory freed........: 6420033 bytes
+~~ total allocations/frees...: 122493/122493
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 493 chars
 ~~ json string max len.......: 2179 chars
diff --git a/test/results/443-safari.pcap.out b/test/results/443-safari.pcap.out
index a4061ee03..90edb065e 100644
--- a/test/results/443-safari.pcap.out
+++ b/test/results/443-safari.pcap.out
@@ -20,9 +20,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6419932 bytes
-~~ total memory freed........: 6419932 bytes
-~~ total allocations/frees...: 122485/122485
+~~ total memory allocated....: 6424837 bytes
+~~ total memory freed........: 6424837 bytes
+~~ total allocations/frees...: 122495/122495
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 495 chars
 ~~ json string max len.......: 2143 chars
diff --git a/test/results/4in4tunnel.pcap.out b/test/results/4in4tunnel.pcap.out
index 69aa39782..bcb659db8 100644
--- a/test/results/4in4tunnel.pcap.out
+++ b/test/results/4in4tunnel.pcap.out
@@ -23,9 +23,9 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6409946 bytes
-~~ total memory freed........: 6409946 bytes
-~~ total allocations/frees...: 122425/122425
+~~ total memory allocated....: 6414843 bytes
+~~ total memory freed........: 6414843 bytes
+~~ total allocations/frees...: 122435/122435
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 295 chars
 ~~ json string max len.......: 561 chars
diff --git a/test/results/4in6tunnel.pcap.out b/test/results/4in6tunnel.pcap.out
index 56f9fb28a..18f6db2a8 100644
--- a/test/results/4in6tunnel.pcap.out
+++ b/test/results/4in6tunnel.pcap.out
@@ -16,9 +16,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411862 bytes
-~~ total memory freed........: 6411862 bytes
-~~ total allocations/frees...: 122440/122440
+~~ total memory allocated....: 6416767 bytes
+~~ total memory freed........: 6416767 bytes
+~~ total allocations/frees...: 122450/122450
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 495 chars
 ~~ json string max len.......: 2456 chars
diff --git a/test/results/6in4tunnel.pcap.out b/test/results/6in4tunnel.pcap.out
index cc43372c5..0de416a41 100644
--- a/test/results/6in4tunnel.pcap.out
+++ b/test/results/6in4tunnel.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6415429 bytes
-~~ total memory freed........: 6415429 bytes
-~~ total allocations/frees...: 122563/122563
+~~ total memory allocated....: 6420334 bytes
+~~ total memory freed........: 6420334 bytes
+~~ total allocations/frees...: 122573/122573
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 495 chars
 ~~ json string max len.......: 1999 chars
diff --git a/test/results/6in6tunnel.pcap.out b/test/results/6in6tunnel.pcap.out
index 6242566cc..eb7fbb9a2 100644
--- a/test/results/6in6tunnel.pcap.out
+++ b/test/results/6in6tunnel.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6413604 bytes
-~~ total memory freed........: 6413604 bytes
-~~ total allocations/frees...: 122449/122449
+~~ total memory allocated....: 6418517 bytes
+~~ total memory freed........: 6418517 bytes
+~~ total allocations/frees...: 122459/122459
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 495 chars
 ~~ json string max len.......: 852 chars
diff --git a/test/results/BGP_Cisco_hdlc_slarp.pcap.out b/test/results/BGP_Cisco_hdlc_slarp.pcap.out
index 2ea3a73be..c6d63f3c0 100644
--- a/test/results/BGP_Cisco_hdlc_slarp.pcap.out
+++ b/test/results/BGP_Cisco_hdlc_slarp.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412152 bytes
-~~ total memory freed........: 6412152 bytes
-~~ total allocations/frees...: 122450/122450
+~~ total memory allocated....: 6417057 bytes
+~~ total memory freed........: 6417057 bytes
+~~ total allocations/frees...: 122460/122460
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 959 chars
diff --git a/test/results/BGP_redist.pcap.out b/test/results/BGP_redist.pcap.out
index 600d801d9..d2cec55f6 100644
--- a/test/results/BGP_redist.pcap.out
+++ b/test/results/BGP_redist.pcap.out
@@ -15,9 +15,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411775 bytes
-~~ total memory freed........: 6411775 bytes
-~~ total allocations/frees...: 122437/122437
+~~ total memory allocated....: 6416680 bytes
+~~ total memory freed........: 6416680 bytes
+~~ total allocations/frees...: 122447/122447
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 295 chars
 ~~ json string max len.......: 944 chars
diff --git a/test/results/EAQ.pcap.out b/test/results/EAQ.pcap.out
index b4317073a..eeb56413d 100644
--- a/test/results/EAQ.pcap.out
+++ b/test/results/EAQ.pcap.out
@@ -275,9 +275,9 @@
 ~~ total active/idle flows...: 31/31
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6471656 bytes
-~~ total memory freed........: 6471656 bytes
-~~ total allocations/frees...: 122974/122974
+~~ total memory allocated....: 6476813 bytes
+~~ total memory freed........: 6476813 bytes
+~~ total allocations/frees...: 122986/122986
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 487 chars
 ~~ json string max len.......: 1191 chars
diff --git a/test/results/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
index b405a8360..70d76f8ef 100644
--- a/test/results/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
+++ b/test/results/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
@@ -58,9 +58,9 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6628239 bytes
-~~ total memory freed........: 6628239 bytes
-~~ total allocations/frees...: 129697/129697
+~~ total memory allocated....: 6633176 bytes
+~~ total memory freed........: 6633176 bytes
+~~ total allocations/frees...: 129707/129707
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 513 chars
 ~~ json string max len.......: 2211 chars
diff --git a/test/results/IEC104.pcap.out b/test/results/IEC104.pcap.out
index 4f9f9c4e6..117f24dd1 100644
--- a/test/results/IEC104.pcap.out
+++ b/test/results/IEC104.pcap.out
@@ -23,9 +23,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6413981 bytes
-~~ total memory freed........: 6413981 bytes
-~~ total allocations/frees...: 122462/122462
+~~ total memory allocated....: 6418894 bytes
+~~ total memory freed........: 6418894 bytes
+~~ total allocations/frees...: 122472/122472
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 957 chars
diff --git a/test/results/KakaoTalk_chat.pcap.out b/test/results/KakaoTalk_chat.pcap.out
index 4832dbb4d..30a4b2e34 100644
--- a/test/results/KakaoTalk_chat.pcap.out
+++ b/test/results/KakaoTalk_chat.pcap.out
@@ -276,9 +276,9 @@
 ~~ total active/idle flows...: 38/38
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6616632 bytes
-~~ total memory freed........: 6616632 bytes
-~~ total allocations/frees...: 123417/123417
+~~ total memory allocated....: 6621833 bytes
+~~ total memory freed........: 6621833 bytes
+~~ total allocations/frees...: 123427/123427
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 499 chars
 ~~ json string max len.......: 2348 chars
diff --git a/test/results/KakaoTalk_talk.pcap.out b/test/results/KakaoTalk_talk.pcap.out
index d71c406e0..7e6c9b5f6 100644
--- a/test/results/KakaoTalk_talk.pcap.out
+++ b/test/results/KakaoTalk_talk.pcap.out
@@ -151,9 +151,9 @@
 ~~ total active/idle flows...: 20/20
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6564017 bytes
-~~ total memory freed........: 6564017 bytes
-~~ total allocations/frees...: 125880/125880
+~~ total memory allocated....: 6569074 bytes
+~~ total memory freed........: 6569074 bytes
+~~ total allocations/frees...: 125890/125890
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 499 chars
 ~~ json string max len.......: 2692 chars
diff --git a/test/results/NTPv2.pcap.out b/test/results/NTPv2.pcap.out
index bd6d7aac4..905785afd 100644
--- a/test/results/NTPv2.pcap.out
+++ b/test/results/NTPv2.pcap.out
@@ -13,9 +13,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411775 bytes
-~~ total memory freed........: 6411775 bytes
-~~ total allocations/frees...: 122437/122437
+~~ total memory allocated....: 6416680 bytes
+~~ total memory freed........: 6416680 bytes
+~~ total allocations/frees...: 122447/122447
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 967 chars
diff --git a/test/results/NTPv3.pcap.out b/test/results/NTPv3.pcap.out
index d4b68ccbc..f2e7584f9 100644
--- a/test/results/NTPv3.pcap.out
+++ b/test/results/NTPv3.pcap.out
@@ -13,9 +13,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411775 bytes
-~~ total memory freed........: 6411775 bytes
-~~ total allocations/frees...: 122437/122437
+~~ total memory allocated....: 6416680 bytes
+~~ total memory freed........: 6416680 bytes
+~~ total allocations/frees...: 122447/122447
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 938 chars
diff --git a/test/results/NTPv4.pcap.out b/test/results/NTPv4.pcap.out
index 8fdd7d7f6..fdd809b0a 100644
--- a/test/results/NTPv4.pcap.out
+++ b/test/results/NTPv4.pcap.out
@@ -13,9 +13,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411775 bytes
-~~ total memory freed........: 6411775 bytes
-~~ total allocations/frees...: 122437/122437
+~~ total memory allocated....: 6416680 bytes
+~~ total memory freed........: 6416680 bytes
+~~ total allocations/frees...: 122447/122447
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 938 chars
diff --git a/test/results/Oscar.pcap.out b/test/results/Oscar.pcap.out
index 2d6339749..6fa67ef92 100644
--- a/test/results/Oscar.pcap.out
+++ b/test/results/Oscar.pcap.out
@@ -19,9 +19,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6415853 bytes
-~~ total memory freed........: 6415853 bytes
-~~ total allocations/frees...: 122508/122508
+~~ total memory allocated....: 6420758 bytes
+~~ total memory freed........: 6420758 bytes
+~~ total allocations/frees...: 122518/122518
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 1983 chars
diff --git a/test/results/TivoDVR.pcap.out b/test/results/TivoDVR.pcap.out
index 5cbd21f5b..f5f3eca0b 100644
--- a/test/results/TivoDVR.pcap.out
+++ b/test/results/TivoDVR.pcap.out
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411776 bytes
-~~ total memory freed........: 6411776 bytes
-~~ total allocations/frees...: 122437/122437
+~~ total memory allocated....: 6416681 bytes
+~~ total memory freed........: 6416681 bytes
+~~ total allocations/frees...: 122447/122447
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 1072 chars
diff --git a/test/results/WebattackRCE.pcap.out b/test/results/WebattackRCE.pcap.out
index 9dcf316a0..1fa731add 100644
--- a/test/results/WebattackRCE.pcap.out
+++ b/test/results/WebattackRCE.pcap.out
@@ -206,67 +206,67 @@
 01355{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276765824,"flow_src_last_pkt_time":1576420276765824,"flow_dst_last_pkt_time":1576420276765824,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276765824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49678,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"127.0.0.1","http": {"url":"127.0.0.1\/login.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)","detected_os":"Nikto\/2.1.6"}}}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276768301,"flow_src_last_pkt_time":1576420276768301,"flow_dst_last_pkt_time":1576420276768301,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":130,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":130,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":130,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276768301,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49680,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276768301,"flow_dst_last_pkt_time":1576420276768301,"flow_idle_time":3285032704,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"thread_ts_usec":1576420276768301,"pkt":"AAAAAAAAAAAAAAAACABFAAC2dlNAAEAGxex\/AAABfwAAAcIQH5C4PE56dk2whIAYAED+qgAAAQEICp1m+0idZvtIR0VUIC8gSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276768301,"flow_src_last_pkt_time":1576420276768301,"flow_dst_last_pkt_time":1576420276768301,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":130,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":130,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":130,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276768301,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49680,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276768301,"flow_src_last_pkt_time":1576420276768301,"flow_dst_last_pkt_time":1576420276768301,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":130,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":130,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":130,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276768301,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49680,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {"detected_os":"Nikto\/2.1.6"}}}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276770266,"flow_src_last_pkt_time":1576420276770266,"flow_dst_last_pkt_time":1576420276770266,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":136,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":136,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":136,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276770266,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49682,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276770266,"flow_dst_last_pkt_time":1576420276770266,"flow_idle_time":3285032704,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_usec":1576420276770266,"pkt":"AAAAAAAAAAAAAAAACABFAAC8XLtAAEAG335\/AAABfwAAAcISH5CeUGSSsmiGvoAYAED+sAAAAQEICp1m+0qdZvtKR0VUIC9pbWFnZXMgSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276770266,"flow_src_last_pkt_time":1576420276770266,"flow_dst_last_pkt_time":1576420276770266,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":136,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":136,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":136,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276770266,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49682,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276770266,"flow_src_last_pkt_time":1576420276770266,"flow_dst_last_pkt_time":1576420276770266,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":136,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":136,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":136,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276770266,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49682,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {"detected_os":"Nikto\/2.1.6"}}}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276771757,"flow_src_last_pkt_time":1576420276771757,"flow_dst_last_pkt_time":1576420276771757,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":159,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":159,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276771757,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276771757,"flow_dst_last_pkt_time":1576420276771757,"flow_idle_time":3285032704,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_usec":1576420276771757,"pkt":"AAAAAAAAAAAAAAAACABFAADTCw5AAEAGMRV\/AAABfwAAAcIUH5CyKDMlKN\/VCYAYAED+xwAAAQEICp1m+0udZvtLR0VUIC9BdXRvZGlzY292ZXIvQXV0b2Rpc2NvdmVyLnhtbCBIVFRQLzEuMA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276771757,"flow_src_last_pkt_time":1576420276771757,"flow_dst_last_pkt_time":1576420276771757,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":159,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":159,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276771757,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276771757,"flow_src_last_pkt_time":1576420276771757,"flow_dst_last_pkt_time":1576420276771757,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":159,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":159,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276771757,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {"detected_os":"Nikto\/2.1.6"}}}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276773149,"flow_src_last_pkt_time":1576420276773149,"flow_dst_last_pkt_time":1576420276773149,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":143,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":143,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276773149,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49686,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276773149,"flow_dst_last_pkt_time":1576420276773149,"flow_idle_time":3285032704,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_usec":1576420276773149,"pkt":"AAAAAAAAAAAAAAAACABFAADDAPJAAEAGO0F\/AAABfwAAAcIWH5B1lTjaOiDdGIAYAED+twAAAQEICp1m+02dZvtMR0VUIC9BdXRvZGlzY292ZXIvIEhUVFAvMS4wDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogSUlTIGludGVybmFsIElQKQ0KDQo="}
-01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276773149,"flow_src_last_pkt_time":1576420276773149,"flow_dst_last_pkt_time":1576420276773149,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":143,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":143,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276773149,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49686,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276773149,"flow_src_last_pkt_time":1576420276773149,"flow_dst_last_pkt_time":1576420276773149,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":143,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":143,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276773149,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49686,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {"detected_os":"Nikto\/2.1.6"}}}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276774669,"flow_src_last_pkt_time":1576420276774669,"flow_dst_last_pkt_time":1576420276774669,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276774669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49688,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276774669,"flow_dst_last_pkt_time":1576420276774669,"flow_idle_time":3285032704,"pkt_caplen":223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":223,"pkt_l4_len":189,"thread_ts_usec":1576420276774669,"pkt":"AAAAAAAAAAAAAAAACABFAADRNpRAAEAGBZF\/AAABfwAAAcIYH5C\/CA68jFESSoAYAED+xQAAAQEICp1m+06dZvtOR0VUIC9NaWNyb3NvZnQtU2VydmVyLUFjdGl2ZVN5bmMgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
-01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276774669,"flow_src_last_pkt_time":1576420276774669,"flow_dst_last_pkt_time":1576420276774669,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276774669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49688,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276774669,"flow_src_last_pkt_time":1576420276774669,"flow_dst_last_pkt_time":1576420276774669,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276774669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49688,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {"detected_os":"Nikto\/2.1.6"}}}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276776123,"flow_src_last_pkt_time":1576420276776123,"flow_dst_last_pkt_time":1576420276776123,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":169,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":169,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":169,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276776123,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49690,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276776123,"flow_dst_last_pkt_time":1576420276776123,"flow_idle_time":3285032704,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":1576420276776123,"pkt":"AAAAAAAAAAAAAAAACABFAADdUNZAAEAG60J\/AAABfwAAAcIaH5Ae8Gj\/tlcbuIAYAED+0QAAAQEICp1m+1CdZvtPR0VUIC9NaWNyb3NvZnQtU2VydmVyLUFjdGl2ZVN5bmMvZGVmYXVsdC5jc3MgSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276776123,"flow_src_last_pkt_time":1576420276776123,"flow_dst_last_pkt_time":1576420276776123,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":169,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":169,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":169,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276776123,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49690,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276776123,"flow_src_last_pkt_time":1576420276776123,"flow_dst_last_pkt_time":1576420276776123,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":169,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":169,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":169,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276776123,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49690,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {"detected_os":"Nikto\/2.1.6"}}}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276777738,"flow_src_last_pkt_time":1576420276777738,"flow_dst_last_pkt_time":1576420276777738,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276777738,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49692,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276777738,"flow_dst_last_pkt_time":1576420276777738,"flow_idle_time":3285032704,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1576420276777738,"pkt":"AAAAAAAAAAAAAAAACABFAAC51DJAAEAGaAp\/AAABfwAAAcIcH5BDaOwb++ns54AYAED+rQAAAQEICp1m+1GdZvtRR0VUIC9FQ1AgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
-01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276777738,"flow_src_last_pkt_time":1576420276777738,"flow_dst_last_pkt_time":1576420276777738,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276777738,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49692,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276777738,"flow_src_last_pkt_time":1576420276777738,"flow_dst_last_pkt_time":1576420276777738,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276777738,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49692,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {"detected_os":"Nikto\/2.1.6"}}}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276779177,"flow_src_last_pkt_time":1576420276779177,"flow_dst_last_pkt_time":1576420276779177,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276779177,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49694,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276779177,"flow_dst_last_pkt_time":1576420276779177,"flow_idle_time":3285032704,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1576420276779177,"pkt":"AAAAAAAAAAAAAAAACABFAAC5SehAAEAG8lR\/AAABfwAAAcIeH5AlzXHNG7GlzoAYAED+rQAAAQEICp1m+1OdZvtTR0VUIC9FV1MgSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276779177,"flow_src_last_pkt_time":1576420276779177,"flow_dst_last_pkt_time":1576420276779177,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276779177,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49694,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276779177,"flow_src_last_pkt_time":1576420276779177,"flow_dst_last_pkt_time":1576420276779177,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276779177,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49694,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {"detected_os":"Nikto\/2.1.6"}}}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276780572,"flow_src_last_pkt_time":1576420276780572,"flow_dst_last_pkt_time":1576420276780572,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":147,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":147,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":147,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276780572,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49696,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276780572,"flow_dst_last_pkt_time":1576420276780572,"flow_idle_time":3285032704,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_usec":1576420276780572,"pkt":"AAAAAAAAAAAAAAAACABFAADH3u5AAEAGXUB\/AAABfwAAAcIgH5D8fubIriLokYAYAED+uwAAAQEICp1m+1SdZvtUR0VUIC9FV1MvRXhjaGFuZ2UuYXNteCBIVFRQLzEuMA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276780572,"flow_src_last_pkt_time":1576420276780572,"flow_dst_last_pkt_time":1576420276780572,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":147,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":147,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":147,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276780572,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49696,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276780572,"flow_src_last_pkt_time":1576420276780572,"flow_dst_last_pkt_time":1576420276780572,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":147,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":147,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":147,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276780572,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49696,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {"detected_os":"Nikto\/2.1.6"}}}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276781986,"flow_src_last_pkt_time":1576420276781986,"flow_dst_last_pkt_time":1576420276781986,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":138,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":138,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276781986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49698,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276781986,"flow_dst_last_pkt_time":1576420276781986,"flow_idle_time":3285032704,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"thread_ts_usec":1576420276781986,"pkt":"AAAAAAAAAAAAAAAACABFAAC+Y8xAAEAG2Gt\/AAABfwAAAcIiH5D+h1vitMrGVIAYAED+sgAAAQEICp1m+1WdZvtVR0VUIC9FeGNoYW5nZSBIVFRQLzEuMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCg0K"}
-01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276781986,"flow_src_last_pkt_time":1576420276781986,"flow_dst_last_pkt_time":1576420276781986,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":138,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":138,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276781986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49698,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276781986,"flow_src_last_pkt_time":1576420276781986,"flow_dst_last_pkt_time":1576420276781986,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":138,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":138,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276781986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49698,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {"detected_os":"Nikto\/2.1.6"}}}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276784670,"flow_src_last_pkt_time":1576420276784670,"flow_dst_last_pkt_time":1576420276784670,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276784670,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49700,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276784670,"flow_dst_last_pkt_time":1576420276784670,"flow_idle_time":3285032704,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1576420276784670,"pkt":"AAAAAAAAAAAAAAAACABFAAC5ylFAAEAGcet\/AAABfwAAAcIkH5CUkvJkMc1am4AYAED+rQAAAQEICp1m+1idZvtYR0VUIC9PV0EgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
-01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276784670,"flow_src_last_pkt_time":1576420276784670,"flow_dst_last_pkt_time":1576420276784670,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276784670,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49700,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276784670,"flow_src_last_pkt_time":1576420276784670,"flow_dst_last_pkt_time":1576420276784670,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276784670,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49700,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {"detected_os":"Nikto\/2.1.6"}}}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276786360,"flow_src_last_pkt_time":1576420276786360,"flow_dst_last_pkt_time":1576420276786360,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":169,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":169,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":169,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276786360,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49702,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00741{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276786360,"flow_dst_last_pkt_time":1576420276786360,"flow_idle_time":3285032704,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":1576420276786360,"pkt":"AAAAAAAAAAAAAAAACABFAADdBqpAAEAGNW9\/AAABfwAAAcImH5DUMj6FKAlSCYAYAED+0QAAAQEICp1m+1qdZvtaR0VUIC9NaWNyb3NvZnQtU2VydmVyLUFjdGl2ZVN5bmMvZGVmYXVsdC5lYXMgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
-01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276786360,"flow_src_last_pkt_time":1576420276786360,"flow_dst_last_pkt_time":1576420276786360,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":169,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":169,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":169,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276786360,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49702,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276786360,"flow_src_last_pkt_time":1576420276786360,"flow_dst_last_pkt_time":1576420276786360,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":169,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":169,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":169,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276786360,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49702,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {"detected_os":"Nikto\/2.1.6"}}}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276787818,"flow_src_last_pkt_time":1576420276787818,"flow_dst_last_pkt_time":1576420276787818,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276787818,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49704,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276787818,"flow_dst_last_pkt_time":1576420276787818,"flow_idle_time":3285032704,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1576420276787818,"pkt":"AAAAAAAAAAAAAAAACABFAAC5+PtAAEAGQ0F\/AAABfwAAAcIoH5AY5sDVvq1OaYAYAED+rQAAAQEICp1m+1udZvtbR0VUIC9ScGMgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
-01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276787818,"flow_src_last_pkt_time":1576420276787818,"flow_dst_last_pkt_time":1576420276787818,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276787818,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49704,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276787818,"flow_src_last_pkt_time":1576420276787818,"flow_dst_last_pkt_time":1576420276787818,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276787818,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49704,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {"detected_os":"Nikto\/2.1.6"}}}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276789217,"flow_src_last_pkt_time":1576420276789217,"flow_dst_last_pkt_time":1576420276789217,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":147,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":147,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":147,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276789217,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49706,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276789217,"flow_dst_last_pkt_time":1576420276789217,"flow_idle_time":3285032704,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_usec":1576420276789217,"pkt":"AAAAAAAAAAAAAAAACABFAADHn6dAAEAGnId\/AAABfwAAAcIqH5DNYaeJfxts9oAYAED+uwAAAQEICp1m+12dZvtdR0VUIC9FV1MvU2VydmljZXMud3NkbCBIVFRQLzEuMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCg0K"}
-01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276789217,"flow_src_last_pkt_time":1576420276789217,"flow_dst_last_pkt_time":1576420276789217,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":147,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":147,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":147,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276789217,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49706,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276789217,"flow_src_last_pkt_time":1576420276789217,"flow_dst_last_pkt_time":1576420276789217,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":147,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":147,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":147,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276789217,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49706,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {"detected_os":"Nikto\/2.1.6"}}}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276790612,"flow_src_last_pkt_time":1576420276790612,"flow_dst_last_pkt_time":1576420276790612,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276790612,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49708,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276790612,"flow_dst_last_pkt_time":1576420276790612,"flow_idle_time":3285032704,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1576420276790612,"pkt":"AAAAAAAAAAAAAAAACABFAAC5NBFAAEAGCCx\/AAABfwAAAcIsH5ClBgwj7e4RBIAYAED+rQAAAQEICp1m+16dZvteR0VUIC9lY3AgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
-01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276790612,"flow_src_last_pkt_time":1576420276790612,"flow_dst_last_pkt_time":1576420276790612,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276790612,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49708,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276790612,"flow_src_last_pkt_time":1576420276790612,"flow_dst_last_pkt_time":1576420276790612,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276790612,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49708,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {"detected_os":"Nikto\/2.1.6"}}}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276792012,"flow_src_last_pkt_time":1576420276792012,"flow_dst_last_pkt_time":1576420276792012,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276792012,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49710,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276792012,"flow_dst_last_pkt_time":1576420276792012,"flow_idle_time":3285032704,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1576420276792012,"pkt":"AAAAAAAAAAAAAAAACABFAAC5lANAAEAGqDl\/AAABfwAAAcIuH5BArawwwOPk6IAYAED+rQAAAQEICp1m+1+dZvtfR0VUIC9PQUIgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
-01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276792012,"flow_src_last_pkt_time":1576420276792012,"flow_dst_last_pkt_time":1576420276792012,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276792012,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49710,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276792012,"flow_src_last_pkt_time":1576420276792012,"flow_dst_last_pkt_time":1576420276792012,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276792012,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49710,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {"detected_os":"Nikto\/2.1.6"}}}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276793501,"flow_src_last_pkt_time":1576420276793501,"flow_dst_last_pkt_time":1576420276793501,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":143,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":143,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276793501,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49712,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276793501,"flow_dst_last_pkt_time":1576420276793501,"flow_idle_time":3285032704,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_usec":1576420276793501,"pkt":"AAAAAAAAAAAAAAAACABFAADD2QRAAEAGYy5\/AAABfwAAAcIwH5DBGuEtmiy9f4AYAED+twAAAQEICp1m+2GdZvthR0VUIC9hc3BuZXRfY2xpZW50IEhUVFAvMS4wDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogSUlTIGludGVybmFsIElQKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276793501,"flow_src_last_pkt_time":1576420276793501,"flow_dst_last_pkt_time":1576420276793501,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":143,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":143,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276793501,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49712,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276793501,"flow_src_last_pkt_time":1576420276793501,"flow_dst_last_pkt_time":1576420276793501,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":143,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":143,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276793501,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49712,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {"detected_os":"Nikto\/2.1.6"}}}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276794936,"flow_src_last_pkt_time":1576420276794936,"flow_dst_last_pkt_time":1576420276794936,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":140,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276794936,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276794936,"flow_dst_last_pkt_time":1576420276794936,"flow_idle_time":3285032704,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1576420276794936,"pkt":"AAAAAAAAAAAAAAAACABFAADAoqZAAEAGmY9\/AAABfwAAAcIyH5C3W5qL6yWPx4AYAED+tAAAAQEICp1m+2KdZvtiR0VUIC9Qb3dlclNoZWxsIEhUVFAvMS4wDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogSUlTIGludGVybmFsIElQKQ0KDQo="}
-01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276794936,"flow_src_last_pkt_time":1576420276794936,"flow_dst_last_pkt_time":1576420276794936,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":140,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276794936,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276794936,"flow_src_last_pkt_time":1576420276794936,"flow_dst_last_pkt_time":1576420276794936,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":140,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276794936,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {"detected_os":"Nikto\/2.1.6"}}}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276796429,"flow_src_last_pkt_time":1576420276796429,"flow_dst_last_pkt_time":1576420276796429,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276796429,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49716,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276796429,"flow_dst_last_pkt_time":1576420276796429,"flow_idle_time":3285032704,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"thread_ts_usec":1576420276796429,"pkt":"AAAAAAAAAAAAAAAACABFAAC74FpAAEAGW+B\/AAABfwAAAcI0H5AdBth42VHy84AYAED+rwAAAQEICp1m+2SdZvtkR0VUIC4gSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBXZWJMb2dpYyBpbnRlcm5hbCBJUCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276796429,"flow_src_last_pkt_time":1576420276796429,"flow_dst_last_pkt_time":1576420276796429,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276796429,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49716,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276796429,"flow_src_last_pkt_time":1576420276796429,"flow_dst_last_pkt_time":1576420276796429,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276796429,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49716,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {"detected_os":"Nikto\/2.1.6"}}}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276797816,"flow_src_last_pkt_time":1576420276797816,"flow_dst_last_pkt_time":1576420276797816,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":175,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":175,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276797816,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49718,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00749{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276797816,"flow_dst_last_pkt_time":1576420276797816,"flow_idle_time":3285032704,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1576420276797816,"pkt":"AAAAAAAAAAAAAAAACABFAADj87RAAEAGSF5\/AAABfwAAAcI2H5ABU8uetZ1IA4AYAED+1wAAAQEICp1m+2WdZvtlR0VUIC8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZSwgZ3ppcA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IEJSRUFDSCBUZXN0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
 01342{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276797816,"flow_src_last_pkt_time":1576420276797816,"flow_dst_last_pkt_time":1576420276797816,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":175,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":175,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276797816,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49718,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"127.0.0.1","http": {"url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: BREACH Test)","detected_os":"Nikto\/2.1.6"}}}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276801194,"flow_src_last_pkt_time":1576420276801194,"flow_dst_last_pkt_time":1576420276801194,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276801194,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49720,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276801194,"flow_dst_last_pkt_time":1576420276801194,"flow_idle_time":3285032704,"pkt_caplen":189,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":189,"pkt_l4_len":155,"thread_ts_usec":1576420276801194,"pkt":"AAAAAAAAAAAAAAAACABFAACv4YVAAEAGWsF\/AAABfwAAAcI4H5Af9dm0Z318ZoAYAED+owAAAQEICp1m+2mdZvtpR0VUIC8gSFRUUC8xLjANCk5pa3RvOiAfDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6QFRFU1RJRCkNCg0K"}
-01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276801194,"flow_src_last_pkt_time":1576420276801194,"flow_dst_last_pkt_time":1576420276801194,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276801194,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49720,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276801194,"flow_src_last_pkt_time":1576420276801194,"flow_dst_last_pkt_time":1576420276801194,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276801194,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49720,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {"detected_os":"Nikto\/2.1.6"}}}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276803526,"flow_src_last_pkt_time":1576420276803526,"flow_dst_last_pkt_time":1576420276803526,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":146,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":146,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276803526,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49722,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276803526,"flow_dst_last_pkt_time":1576420276803526,"flow_idle_time":3285032704,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_usec":1576420276803526,"pkt":"AAAAAAAAAAAAAAAACABFAADGlY9AAEAGpqB\/AAABfwAAAcI6H5C5Ma2+n2Qvb4AYAED+ugAAAQEICp1m+2udZvtrR0VUIC9pbmRleC5waHAgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
 01345{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276803526,"flow_src_last_pkt_time":1576420276803526,"flow_dst_last_pkt_time":1576420276803526,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":146,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":146,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276803526,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49722,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"127.0.0.1","http": {"url":"127.0.0.1\/index.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)","detected_os":"Nikto\/2.1.6"}}}
@@ -3197,9 +3197,9 @@
 ~~ total active/idle flows...: 797/797
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 8017062 bytes
-~~ total memory freed........: 8017062 bytes
-~~ total allocations/frees...: 136520/136520
+~~ total memory allocated....: 8030063 bytes
+~~ total memory freed........: 8030063 bytes
+~~ total allocations/frees...: 136570/136570
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 497 chars
 ~~ json string max len.......: 1747 chars
diff --git a/test/results/WebattackSQLinj.pcap.out b/test/results/WebattackSQLinj.pcap.out
index fac95c6ad..537ebea04 100644
--- a/test/results/WebattackSQLinj.pcap.out
+++ b/test/results/WebattackSQLinj.pcap.out
@@ -81,9 +81,9 @@
 ~~ total active/idle flows...: 9/9
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6432180 bytes
-~~ total memory freed........: 6432180 bytes
-~~ total allocations/frees...: 122692/122692
+~~ total memory allocated....: 6437356 bytes
+~~ total memory freed........: 6437356 bytes
+~~ total allocations/frees...: 122711/122711
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 500 chars
 ~~ json string max len.......: 1478 chars
diff --git a/test/results/WebattackXSS.pcap.out b/test/results/WebattackXSS.pcap.out
index 5847d0bb9..9d7803001 100644
--- a/test/results/WebattackXSS.pcap.out
+++ b/test/results/WebattackXSS.pcap.out
@@ -5311,9 +5311,9 @@
 ~~ total active/idle flows...: 661/661
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 7879937 bytes
-~~ total memory freed........: 7879937 bytes
-~~ total allocations/frees...: 139220/139220
+~~ total memory allocated....: 7890628 bytes
+~~ total memory freed........: 7890628 bytes
+~~ total allocations/frees...: 139252/139252
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 497 chars
 ~~ json string max len.......: 2548 chars
diff --git a/test/results/activision.pcap.out b/test/results/activision.pcap.out
index 29992405b..a925025ac 100644
--- a/test/results/activision.pcap.out
+++ b/test/results/activision.pcap.out
@@ -44,9 +44,9 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6418886 bytes
-~~ total memory freed........: 6418886 bytes
-~~ total allocations/frees...: 122529/122529
+~~ total memory allocated....: 6423815 bytes
+~~ total memory freed........: 6423815 bytes
+~~ total allocations/frees...: 122539/122539
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 495 chars
 ~~ json string max len.......: 955 chars
diff --git a/test/results/afp.pcap.out b/test/results/afp.pcap.out
index c796d6608..ced7f47ce 100644
--- a/test/results/afp.pcap.out
+++ b/test/results/afp.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412210 bytes
-~~ total memory freed........: 6412210 bytes
-~~ total allocations/frees...: 122452/122452
+~~ total memory allocated....: 6417115 bytes
+~~ total memory freed........: 6417115 bytes
+~~ total allocations/frees...: 122462/122462
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 488 chars
 ~~ json string max len.......: 953 chars
diff --git a/test/results/agora-sd-rtn.pcap.out b/test/results/agora-sd-rtn.pcap.out
index c1327de26..989c84d55 100644
--- a/test/results/agora-sd-rtn.pcap.out
+++ b/test/results/agora-sd-rtn.pcap.out
@@ -244,9 +244,9 @@
 ~~ total active/idle flows...: 26/26
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6468433 bytes
-~~ total memory freed........: 6468433 bytes
-~~ total allocations/frees...: 123114/123114
+~~ total memory allocated....: 6473538 bytes
+~~ total memory freed........: 6473538 bytes
+~~ total allocations/frees...: 123124/123124
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 497 chars
 ~~ json string max len.......: 2147 chars
diff --git a/test/results/ah.pcapng.out b/test/results/ah.pcapng.out
index 6de412a9d..30b1581bf 100644
--- a/test/results/ah.pcapng.out
+++ b/test/results/ah.pcapng.out
@@ -21,9 +21,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6413720 bytes
-~~ total memory freed........: 6413720 bytes
-~~ total allocations/frees...: 122453/122453
+~~ total memory allocated....: 6418633 bytes
+~~ total memory freed........: 6418633 bytes
+~~ total allocations/frees...: 122463/122463
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 955 chars
diff --git a/test/results/aimini-http.pcap.out b/test/results/aimini-http.pcap.out
deleted file mode 100644
index 4ce679dc9..000000000
--- a/test/results/aimini-http.pcap.out
+++ /dev/null
@@ -1,51 +0,0 @@
-00491{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"aimini-http.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"aimini-http.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614860228394057}
-00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614860229383219,"flow_src_last_pkt_time":1614860229383219,"flow_dst_last_pkt_time":1614860229383219,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614860229383219,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614860229383219,"flow_dst_last_pkt_time":1614860229383219,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614860229383219,"pkt":"5kBKB+riApXG95NLCABFAAAwBPkAAIAGAAAKZQACCmYAAm9VAFCbu4XRAAAAAHACgAEU8QAAAgQFtAMDAQA="}
-00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1614860229383751,"flow_dst_last_pkt_time":1614860229383219,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614860229383751,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBPkAAH8GIgEKZQACCmYAAm9VAFCbu4XRAAAAAHACgAFeHQAAAgQFtAMDAQA="}
-00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1614860229383751,"flow_dst_last_pkt_time":1614860229384335,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614860229384335,"pkt":"WgXZu6TVApXG95WRCABFAAAwBQQAAIAGAAAKZgACCmUAAgBQb1Wbu5n7m7uF0nASgAEU8QAAAgQFtAMDAQA="}
-00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1614860229383751,"flow_dst_last_pkt_time":1614860229384749,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614860229384749,"pkt":"ApXG95NL5kBKB+riCABFAAAwBQQAAH8GIfYKZgACCmUAAgBQb1Wbu5n7m7uF0nASgAEoVQAAAgQFtAMDAQA="}
-00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1614860229384755,"flow_dst_last_pkt_time":1614860229384749,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614860229384755,"pkt":"5kBKB+riApXG95NLCABFAAAoBPoAAIAGAAAKZQACCmYAAm9VAFCbu4XSm7uZ\/FAQgAEU6QAAAAAAAAAA"}
-01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1614860229383219,"flow_src_last_pkt_time":1614860229384782,"flow_dst_last_pkt_time":1614860229384749,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":595,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":595,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614860229384782,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","proto_id":"7.99","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"www.aimini.net","http": {"url":"www.aimini.net\/member\/signup\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17","detected_os":"Windows"}}}
-00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614860229385965,"flow_src_last_pkt_time":1614860229385965,"flow_dst_last_pkt_time":1614860229385965,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614860229385965,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1614860229385965,"flow_dst_last_pkt_time":1614860229385965,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614860229385965,"pkt":"5kBKB+riApXG95NLCABFAAAwBP8AAIAGAAAKZQACCmYAAm9WAFCbu7tlAAAAAHACgAEU8QAAAgQFtAMDAQA="}
-00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1614860229386298,"flow_dst_last_pkt_time":1614860229385965,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614860229386298,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBP8AAH8GIfsKZQACCmYAAm9WAFCbu7tlAAAAAHACgAEoiAAAAgQFtAMDAQA="}
-00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1614860229386298,"flow_dst_last_pkt_time":1614860229386303,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614860229386303,"pkt":"WgXZu6TVApXG95WRCABFAAAwBQ0AAIAGAAAKZgACCmUAAgBQb1abu8Cxm7u7ZnASgAEU8QAAAgQFtAMDAQA="}
-00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1614860229386298,"flow_dst_last_pkt_time":1614860229386479,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614860229386479,"pkt":"ApXG95NL5kBKB+riCABFAAAwBQ0AAH8GIe0KZgACCmUAAgBQb1abu8Cxm7u7ZnASgAHMCQAAAgQFtAMDAQA="}
-00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1614860229386481,"flow_dst_last_pkt_time":1614860229386479,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614860229386481,"pkt":"5kBKB+riApXG95NLCABFAAAoBQAAAIAGAAAKZQACCmYAAm9WAFCbu7tmm7vAslAQgAEU6QAAAAAAAAAA"}
-01247{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1614860229385965,"flow_src_last_pkt_time":1614860229386487,"flow_dst_last_pkt_time":1614860229386479,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":524,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":524,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614860229386487,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","proto_id":"7.99","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"www.aimini.com","http": {"url":"www.aimini.com\/webcounter\/w.php?___hm=.net_SignUp_&_lh_=http:\/\/www.aimini.net\/member\/signup\/&__Refer_=http:\/\/www.aimini.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17","detected_os":"Windows"}}}
-02092{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":48,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1614860229383219,"flow_src_last_pkt_time":1614860229387313,"flow_dst_last_pkt_time":1614860229385946,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":4110,"flow_dst_tot_l4_payload_len":20912,"midstream":0,"thread_ts_usec":1614860229387313,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":220.0,"max":1148,"stddev":358.7,"var":128687.4,"ent":3.4,"data": [532,1116,414,1004,27,697,105,894,3,1,2,1,1,2,2,191,11,276,4,1,4,2,1,3,3,78,197,1,99,1148,1]},"pktlen": {"min":46,"avg":824.4,"max":1500,"stddev":690.0,"var":476082.3,"ent":4.4,"data": [48,48,48,48,46,635,46,635,1500,1500,1500,1500,1500,1500,1500,276,1500,1500,46,1500,1500,46,1500,1500,46,1500,276,46,46,46,1500,1500]},"bins": {"c_to_s": [10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]},"directions": [0,0,1,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,0,1,1,0,1,1,0,1,1,0,0,0,0,0],"entropies": [3.876627445,4.083755016,4.256327152,4.460499287,3.752108097,6.013849258,4.032184601,6.031517506,7.687114239,7.864995956,7.665461540,7.860690594,7.831142426,7.843841553,7.850586891,7.036180973,7.689830303,7.865575314,3.752107620,7.667116165,7.864095211,3.752107859,7.832858562,7.845948219,3.752108335,7.852002144,7.046712399,3.988705873,4.032184124,3.988706112,5.843052864,4.502032280]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","proto_id":"7.99","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}}
-00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614860229388780,"flow_src_last_pkt_time":1614860229388780,"flow_dst_last_pkt_time":1614860229388780,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614860229388780,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1614860229388780,"flow_dst_last_pkt_time":1614860229388780,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614860229388780,"pkt":"5kBKB+riApXG95NLCABFAAAwBREAAIAGAAAKZQACCmYAAm9XAFCbu+drAAAAAHACgAEU8QAAAgQFtAMDAQA="}
-00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1614860229389055,"flow_dst_last_pkt_time":1614860229388780,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614860229389055,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBREAAH8GIekKZQACCmYAAm9XAFCbu+drAAAAAHACgAH8gAAAAgQFtAMDAQA="}
-00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1614860229389055,"flow_dst_last_pkt_time":1614860229389059,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614860229389059,"pkt":"WgXZu6TVApXG95WRCABFAAAwBRkAAIAGAAAKZgACCmUAAgBQb1ebu+vKm7vnbHASgAEU8QAAAgQFtAMDAQA="}
-00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1614860229389055,"flow_dst_last_pkt_time":1614860229389220,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614860229389220,"pkt":"ApXG95NL5kBKB+riCABFAAAwBRkAAH8GIeEKZgACCmUAAgBQb1ebu+vKm7vnbHASgAF06QAAAgQFtAMDAQA="}
-00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1614860229389221,"flow_dst_last_pkt_time":1614860229389220,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614860229389221,"pkt":"5kBKB+riApXG95NLCABFAAAoBRIAAIAGAAAKZQACCmYAAm9XAFCbu+dsm7vry1AQgAEU6QAAAAAAAAAA"}
-01154{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1614860229388780,"flow_src_last_pkt_time":1614860229389227,"flow_dst_last_pkt_time":1614860229389220,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":604,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":604,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614860229389227,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","proto_id":"7.99","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"www.aimini.net","http": {"url":"www.aimini.net\/search\/?q=pictures&sca=","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17","detected_os":"Windows"}}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614860229389866,"flow_src_last_pkt_time":1614860229389866,"flow_dst_last_pkt_time":1614860229389866,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614860229389866,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1614860229389866,"flow_dst_last_pkt_time":1614860229389866,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614860229389866,"pkt":"5kBKB+riApXG95NLCABFAAAwBRcAAIAGAAAKZQACCmYAAm9YAFCbu\/hqAAAAAHACgAEU8QAAAgQFtAMDAQA="}
-00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1614860229390049,"flow_dst_last_pkt_time":1614860229389866,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614860229390049,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBRcAAH8GIeMKZQACCmYAAm9YAFCbu\/hqAAAAAHACgAHrgAAAAgQFtAMDAQA="}
-00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1614860229390049,"flow_dst_last_pkt_time":1614860229390052,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614860229390052,"pkt":"WgXZu6TVApXG95WRCABFAAAwBSIAAIAGAAAKZgACCmUAAgBQb1ibu\/tYm7v4a3ASgAEU8QAAAgQFtAMDAQA="}
-00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1614860229390049,"flow_dst_last_pkt_time":1614860229390279,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614860229390279,"pkt":"ApXG95NL5kBKB+riCABFAAAwBSIAAH8GIdgKZgACCmUAAgBQb1ibu\/tYm7v4a3ASgAFUWwAAAgQFtAMDAQA="}
-00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1614860229390281,"flow_dst_last_pkt_time":1614860229390279,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614860229390281,"pkt":"5kBKB+riApXG95NLCABFAAAoBRgAAIAGAAAKZQACCmYAAm9YAFCbu\/hrm7v7WVAQgAEU6QAAAAAAAAAA"}
-01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1614860229389866,"flow_src_last_pkt_time":1614860229390287,"flow_dst_last_pkt_time":1614860229390279,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":542,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":542,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614860229390287,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","proto_id":"7.99","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"www.aimini.com","http": {"url":"www.aimini.com\/webcounter\/w.php?___hm=.net_Search_&_lh_=http:\/\/www.aimini.net\/search\/?q=pictures&sca=&__Refer_=http:\/\/www.aimini.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17","detected_os":"Windows"}}}
-00957{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":38,"flow_dst_packets_processed":34,"flow_first_seen":1614860229383219,"flow_src_last_pkt_time":1614860229388340,"flow_dst_last_pkt_time":1614860229388416,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":34628,"flow_dst_tot_l4_payload_len":26086,"midstream":0,"thread_ts_usec":1614860229390930,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","proto_id":"7.99","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}}
-00952{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1614860229385965,"flow_src_last_pkt_time":1614860229388904,"flow_dst_last_pkt_time":1614860229388918,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":285,"flow_src_tot_l4_payload_len":2110,"flow_dst_tot_l4_payload_len":1084,"midstream":0,"thread_ts_usec":1614860229390930,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","proto_id":"7.99","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}}
-00955{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":18,"flow_first_seen":1614860229388780,"flow_src_last_pkt_time":1614860229389954,"flow_dst_last_pkt_time":1614860229390095,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":604,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1208,"flow_dst_tot_l4_payload_len":12360,"midstream":0,"thread_ts_usec":1614860229390930,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","proto_id":"7.99","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}}
-00950{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1614860229389866,"flow_src_last_pkt_time":1614860229390930,"flow_dst_last_pkt_time":1614860229390688,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":542,"flow_dst_max_l4_payload_len":285,"flow_src_tot_l4_payload_len":1084,"flow_dst_tot_l4_payload_len":570,"midstream":0,"thread_ts_usec":1614860229390930,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","proto_id":"7.99","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}}
-00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","packets-captured":139,"packets-processed":133,"total-skipped-flows":0,"total-l4-payload-len":79130,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_usec":1614860229390930}
-~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
-~~ packets captured/processed: 139/133
-~~ skipped flows.............: 0
-~~ total layer4 data length..: 79130 bytes
-~~ total detected protocols..: 4
-~~ total active/idle flows...: 4/4
-~~ total timeout flows.......: 0
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6422209 bytes
-~~ total memory freed........: 6422209 bytes
-~~ total allocations/frees...: 122628/122628
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json string min len.......: 496 chars
-~~ json string max len.......: 2097 chars
-~~ json string avg len.......: 1295 chars
diff --git a/test/results/ajp.pcap.out b/test/results/ajp.pcap.out
index b5c0837d9..9788bc3a5 100644
--- a/test/results/ajp.pcap.out
+++ b/test/results/ajp.pcap.out
@@ -49,9 +49,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414300 bytes
-~~ total memory freed........: 6414300 bytes
-~~ total allocations/frees...: 122473/122473
+~~ total memory allocated....: 6419213 bytes
+~~ total memory freed........: 6419213 bytes
+~~ total allocations/frees...: 122483/122483
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 305 chars
 ~~ json string max len.......: 1475 chars
diff --git a/test/results/alexa-app.pcapng.out b/test/results/alexa-app.pcapng.out
index fd043c7a3..646a36818 100644
--- a/test/results/alexa-app.pcapng.out
+++ b/test/results/alexa-app.pcapng.out
@@ -1232,207 +1232,205 @@
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2911,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":3,"flow_src_last_pkt_time":1490976196075924,"flow_dst_last_pkt_time":1490976196075142,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976196075924,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoLWpAAEAG4tysECrYNu8csuLAAbtkEKeJW8DRcFAQAVdmrQAA"}
 00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2913,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":4,"flow_src_last_pkt_time":1490976196079939,"flow_dst_last_pkt_time":1490976196075142,"flow_idle_time":3285032704,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1490976196079939,"pkt":"AMDKkaPvePiC0\/vCCABFAADWLWtAAEAG4i2sECrYNu8csuLAAbtkEKeJW8DRcFAYAVdgIgAAFgMBAKkBAAClAwEIvZt9+BC6Nupqw3rZKTOo5DVtg3EJn2TLxazoTB5EvSCh56jEaMWoPL9OuslqKXpycwU0yxHxmHJEb6cXK1MHCAAcwAnACsATwBQAMwA5ADIAOMAHwBEALwA1AAUA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"}
 01183{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2913,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976196016602,"flow_src_last_pkt_time":1490976196079939,"flow_dst_last_pkt_time":1490976196075142,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196079939,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2928,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":5,"flow_src_last_pkt_time":1490976196079939,"flow_dst_last_pkt_time":1490976196143111,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976196143111,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoKCNAAOcGQSM27xyyrBAq2AG74sBbwNFwZBCoN1AQf\/rnWwAAAAAAAAAA"}
-01333{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2929,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976196016602,"flow_src_last_pkt_time":1490976196079939,"flow_dst_last_pkt_time":1490976196143271,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976196143271,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}}
-00982{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1490976071237623,"flow_src_last_pkt_time":1490976075957509,"flow_dst_last_pkt_time":1490976075955700,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":780,"flow_dst_max_l4_payload_len":1346,"flow_src_tot_l4_payload_len":780,"flow_dst_tot_l4_payload_len":1346,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","proto_id":"7.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}}
-01089{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1490976071286664,"flow_src_last_pkt_time":1490976075975082,"flow_dst_last_pkt_time":1490976075957057,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3582,"flow_dst_tot_l4_payload_len":5044,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00773{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1490976071306483,"flow_src_last_pkt_time":1490976075950122,"flow_dst_last_pkt_time":1490976075948173,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":698,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1231,"flow_dst_tot_l4_payload_len":3873,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01088{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1490976071349196,"flow_src_last_pkt_time":1490976075957794,"flow_dst_last_pkt_time":1490976075955793,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":501,"flow_src_tot_l4_payload_len":3630,"flow_dst_tot_l4_payload_len":1124,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01086{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":9,"flow_first_seen":1490976071380614,"flow_src_last_pkt_time":1490976075949846,"flow_dst_last_pkt_time":1490976075948034,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":453,"flow_src_tot_l4_payload_len":6240,"flow_dst_tot_l4_payload_len":591,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01082{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":5,"flow_first_seen":1490976071385523,"flow_src_last_pkt_time":1490976075957661,"flow_dst_last_pkt_time":1490976075955747,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":537,"flow_dst_tot_l4_payload_len":138,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01083{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1490976071583104,"flow_src_last_pkt_time":1490976075957279,"flow_dst_last_pkt_time":1490976075955548,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":138,"flow_src_tot_l4_payload_len":298,"flow_dst_tot_l4_payload_len":276,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":15,"flow_first_seen":1490976064452332,"flow_src_last_pkt_time":1490976068180386,"flow_dst_last_pkt_time":1490976068174801,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":7862,"flow_dst_tot_l4_payload_len":9710,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":8,"flow_first_seen":1490976064328375,"flow_src_last_pkt_time":1490976064897914,"flow_dst_last_pkt_time":1490976064895983,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":5083,"flow_dst_tot_l4_payload_len":547,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976041150466,"flow_src_last_pkt_time":1490976041150466,"flow_dst_last_pkt_time":1490976041151487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00966{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976031581495,"flow_src_last_pkt_time":1490976031581495,"flow_dst_last_pkt_time":1490976031687199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAlexa","proto_id":"5.110","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976043611721,"flow_src_last_pkt_time":1490976043611721,"flow_dst_last_pkt_time":1490976043811357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976093238253,"flow_src_last_pkt_time":1490976093238253,"flow_dst_last_pkt_time":1490976093355795,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":79,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":79,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976041806940,"flow_src_last_pkt_time":1490976041806940,"flow_dst_last_pkt_time":1490976041938819,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976090796987,"flow_src_last_pkt_time":1490976090796987,"flow_dst_last_pkt_time":1490976090982120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":89,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":89,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","proto_id":"5.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976041770147,"flow_src_last_pkt_time":1490976041770147,"flow_dst_last_pkt_time":1490976041866893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","proto_id":"5.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00966{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976035502440,"flow_src_last_pkt_time":1490976035502440,"flow_dst_last_pkt_time":1490976035549103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":154,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","proto_id":"5.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976029184743,"flow_src_last_pkt_time":1490976029184743,"flow_dst_last_pkt_time":1490976029244910,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00960{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976030681470,"flow_src_last_pkt_time":1490976030681470,"flow_dst_last_pkt_time":1490976030890027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976029669574,"flow_src_last_pkt_time":1490976029669574,"flow_dst_last_pkt_time":1490976029753315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2942,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196223999,"flow_dst_last_pkt_time":1490976196223999,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196223999,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2942,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_src_last_pkt_time":1490976196223999,"flow_dst_last_pkt_time":1490976196223999,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976196223999,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Y0xAAEAG+qKsECrYNFXRj5ZTAbu3TOm6AAAAAKAC\/\/+mLwAAAgQFtAQCCAoA9or2AAAAAAEDAwg="}
-00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2943,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":2,"flow_src_last_pkt_time":1490976196223999,"flow_dst_last_pkt_time":1490976196257995,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976196257995,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqu40VdGPrBAq2AG7llOp3LO0t0zpu6AScSBd6wAAAgQFtAQCCApt5QucAPaK9gEDAwg="}
-00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2944,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":3,"flow_src_last_pkt_time":1490976196259088,"flow_dst_last_pkt_time":1490976196257995,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976196259088,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0Y01AAEAG+qmsECrYNFXRj5ZTAbu3TOm7qdyztYAQAVf8fgAAAQEICgD2ivlt5Quc"}
-00777{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2945,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":4,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196257995,"flow_idle_time":3285032704,"pkt_caplen":260,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":260,"pkt_l4_len":226,"thread_ts_usec":1490976196261315,"pkt":"AMDKkaPvePiC0\/vCCABFAAD2Y05AAEAG+easECrYNFXRj5ZTAbu3TOm7qdyztYAYAVe1MwAAAQEICgD2ivpt5QucFgMBAL0BAAC5AwOo7Axkb8GLUakvQG63Tsv7HZAz5uQ4F\/rfU5NRiOqOZwAALMArwCzAL8AwAJ4An8AJwArAE8AUADMAOQAyADjAB8ARAJwAnQAvADUABQD\/AQAAZAALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgM="}
-01301{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2945,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196257995,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196261315,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2949,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":5,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196295914,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976196295914,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0uBVAAPMG8uA0VdGPrBAq2AG7llOp3LO1t0zqfYAQAHb8mAAAAQEICm3lC6AA9or6"}
-01361{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2950,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196300973,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976196300973,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}}
-01856{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2952,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196301692,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":3462,"midstream":0,"thread_ts_usec":1490976196301692,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}}}
-01983{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2970,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1490976195984177,"flow_src_last_pkt_time":1490976196473740,"flow_dst_last_pkt_time":1490976196515206,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1277,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5359,"flow_dst_tot_l4_payload_len":12694,"midstream":0,"thread_ts_usec":1490976196515206,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":54,"avg":32922.3,"max":261773,"stddev":58822.9,"var":3460134400.0,"ent":3.5,"data": [16682,17944,1581,27330,5292,477,511,279,32463,293,12932,291,133,38969,52766,61918,541,272,54,35117,659,5109,216850,261773,199,39363,7450,74173,66612,42132,427]},"pktlen": {"min":52,"avg":617.0,"max":1500,"stddev":624.9,"var":390532.6,"ent":4.2,"data": [60,60,52,271,52,1500,1500,1500,750,52,52,52,52,178,310,1329,1500,1500,756,86,52,52,1294,1294,848,86,52,1305,86,64,1500,1500]},"bins": {"c_to_s": [10,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0],"s_to_c": [2,3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,1,1,1,0,0,0,0,1,1,0,0,1,0,1,1],"entropies": [4.672595501,5.227645397,4.979098797,5.733110428,5.038779736,7.056696892,7.289340973,7.487235546,7.581061363,5.056022644,5.056022644,5.056022167,5.017560482,6.267822742,7.174037933,7.836223602,7.860962391,7.884104729,7.725840569,5.789581299,4.948144436,4.933627605,7.835659504,7.836359024,7.744181633,5.795281410,4.926120281,7.845304489,5.818537712,4.911738873,7.873147964,7.870454311]}}
-01651{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2970,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1490976195984177,"flow_src_last_pkt_time":1490976196473740,"flow_dst_last_pkt_time":1490976196515206,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1277,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5359,"flow_dst_tot_l4_payload_len":12694,"midstream":0,"thread_ts_usec":1490976196515206,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}}}
-02429{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3187,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":22,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196651032,"flow_dst_last_pkt_time":1490976196769763,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":666,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1652,"flow_dst_tot_l4_payload_len":16510,"midstream":0,"thread_ts_usec":1490976196769763,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":67,"avg":31380.5,"max":241435,"stddev":57224.6,"var":3274655232.0,"ent":3.4,"data": [33996,35089,2227,37919,5059,483,236,42863,280,131,30800,68825,38426,227149,241435,50068,58385,55537,3754,2000,4418,1636,659,7796,67,79,9049,341,3084,756,10250]},"pktlen": {"min":52,"avg":620.4,"max":1500,"stddev":578.4,"var":334504.2,"ent":4.3,"data": [60,60,52,246,52,1500,1500,618,52,52,52,178,103,718,718,103,64,52,1096,427,256,815,905,441,1500,177,557,1500,1500,1500,1500,1500]},"bins": {"c_to_s": [6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,2,0,1,0,0,1,0,0,0,0,1,1,0,0,1,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,1,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.672595501,5.240227222,5.056022644,5.370272160,5.154164791,6.988568306,7.250431538,7.681571960,5.014835835,5.094483852,5.094484329,6.573484898,6.064765453,7.685264111,7.690067768,6.064765930,5.061889172,5.154164791,7.838786125,7.447540760,7.087004662,7.738961697,7.760296345,7.499400616,7.878207684,6.822522163,7.598652363,7.869508743,7.877407074,7.877415180,7.877339363,7.877696514]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976196840676,"flow_src_last_pkt_time":1490976196840676,"flow_dst_last_pkt_time":1490976196840676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196840676,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_src_last_pkt_time":1490976196840676,"flow_dst_last_pkt_time":1490976196840676,"flow_idle_time":200000000,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1490976196840676,"pkt":"AMDKkaPvePiC0\/vCCABFAAA\/WmdAAEARM02sECrYrBAqAQqTADUAK8ZJ2BYBAAABAAAAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAE="}
-01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976196840676,"flow_src_last_pkt_time":1490976196840676,"flow_dst_last_pkt_time":1490976196840676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196840676,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fls-na.amazon.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-01984{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3336,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1490976195985305,"flow_src_last_pkt_time":1490976196879161,"flow_dst_last_pkt_time":1490976196866304,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1285,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5470,"flow_dst_tot_l4_payload_len":9856,"midstream":0,"thread_ts_usec":1490976196879161,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":50,"avg":57253.4,"max":264056,"stddev":85984.0,"var":7393244160.0,"ent":3.6,"data": [22841,23998,943,22793,6583,564,615,276,39690,124,146,157,6771,37572,46160,226745,213104,3861,222252,264056,50,55344,103406,128,10396,183950,242536,953,71,38628,142]},"pktlen": {"min":52,"avg":532.2,"max":1500,"stddev":595.2,"var":354289.1,"ent":4.1,"data": [60,60,52,271,52,1500,1500,1500,750,52,52,52,52,178,310,1337,310,64,1337,1337,930,86,86,52,52,64,1322,1500,1500,508,52,52]},"bins": {"c_to_s": [12,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,0,0,0,0,0,0],"s_to_c": [2,2,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,0,0,0,1,1,1,0,0,0,0,1,1,1,0,0],"entropies": [4.705928802,5.306893826,5.094483852,5.740943432,5.077241898,7.061615944,7.289163589,7.495290279,7.599352837,5.094483852,5.017560482,5.094483852,5.017560482,6.445491791,7.218114853,7.854625702,7.211663246,5.042434692,7.851956367,7.855620384,7.792708397,5.812836647,5.812836647,5.056022167,5.132945538,5.093139648,7.841275692,7.859713554,7.867431164,7.510861874,5.094483852,5.094483852]}}
-01650{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3336,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1490976195985305,"flow_src_last_pkt_time":1490976196879161,"flow_dst_last_pkt_time":1490976196866304,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1285,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5470,"flow_dst_tot_l4_payload_len":9856,"midstream":0,"thread_ts_usec":1490976196879161,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}}}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3347,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_packet_id":2,"flow_src_last_pkt_time":1490976196840676,"flow_dst_last_pkt_time":1490976196938799,"flow_idle_time":200000000,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1490976196938799,"pkt":"ePiC0\/vCAMDKkaPvCABFAABP7ApAAEARoZmsECoBrBAq2AA1CpMAO2jR2BaBgAABAAEAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAHADAABAAEAAAA7AARIFc55"}
-01070{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3347,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976196840676,"flow_src_last_pkt_time":1490976196840676,"flow_dst_last_pkt_time":1490976196938799,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1490976196938799,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fls-na.amazon.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"72.21.206.121"}}}
-00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3351,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976196942963,"flow_src_last_pkt_time":1490976196942963,"flow_dst_last_pkt_time":1490976196942963,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196942963,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3351,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_src_last_pkt_time":1490976196942963,"flow_dst_last_pkt_time":1490976196942963,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976196942963,"pkt":"AMDKkaPvePiC0\/vCCABFAAA85QlAAEAGaDusECrYSBXOebn1AbuZi243AAAAAKAC\/\/8K4AAAAgQFtAQCCAoA9os+AAAAAAEDAwg="}
-00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3353,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":2,"flow_src_last_pkt_time":1490976196942963,"flow_dst_last_pkt_time":1490976197023104,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976197023104,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwSYFAAOcGXM9IFc55rBAq2AG7ufUB00CKmYtuOHASH\/5wwgAAAgQFtAEDAwY="}
-00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3354,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":3,"flow_src_last_pkt_time":1490976197024461,"flow_dst_last_pkt_time":1490976197023104,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976197024461,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo5QpAAEAGaE6sECrYSBXOebn1AbuZi244AdNAi1AQAVe7MwAA"}
-00777{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3355,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":4,"flow_src_last_pkt_time":1490976197026574,"flow_dst_last_pkt_time":1490976197023104,"flow_idle_time":3285032704,"pkt_caplen":259,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":259,"pkt_l4_len":225,"thread_ts_usec":1490976197026574,"pkt":"AMDKkaPvePiC0\/vCCABFAAD15QtAAEAGZ4CsECrYSBXOebn1AbuZi244AdNAi1AYAVcK3wAAFgMBAMgBAADEAwPgpEwF\/Xat48+4W37drUaLhGz9wRo+dbZ872q4eXXW7QAAIOrqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAe0pKAAD\/AQABAAAAABYAFAAAEWZscy1uYS5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIqqoAHQAXABgKCgABAA=="}
-01122{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3355,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976196942963,"flow_src_last_pkt_time":1490976197026574,"flow_dst_last_pkt_time":1490976197023104,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976197026574,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
-00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3356,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":5,"flow_src_last_pkt_time":1490976197026574,"flow_dst_last_pkt_time":1490976197073735,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976197073735,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo8eNAANsGwHRIFc55rBAq2AG7ufUB00CLmYtuOFAQARy7bgAAAAAAAAAA"}
-00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3357,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976197297649,"flow_src_last_pkt_time":1490976197297649,"flow_dst_last_pkt_time":1490976197297649,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976197297649,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3357,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_src_last_pkt_time":1490976197297649,"flow_dst_last_pkt_time":1490976197297649,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976197297649,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8At9AAEAGSmasECrYSBXOebn2AbvarIm+AAAAAKAC\/\/+uEwAAAgQFtAQCCAoA9othAAAAAAEDAwg="}
-02004{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3359,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1490976186884448,"flow_src_last_pkt_time":1490976195471370,"flow_dst_last_pkt_time":1490976197346218,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":10437,"flow_dst_tot_l4_payload_len":5046,"midstream":0,"thread_ts_usec":1490976197346218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":32,"avg":614473.9,"max":7470598,"stddev":1477715.5,"var":2183643136000.0,"ent":2.8,"data": [168457,171158,1511,108893,4406,1671,697,112679,290,4146,167,6217,127,10389,13091,1079,255,290409,42,32,60,299358,743,529311,1065924,2114234,3665356,7470598,595200,595070,1817122]},"pktlen": {"min":40,"avg":526.2,"max":1500,"stddev":637.5,"var":406420.1,"ent":3.9,"data": [60,48,40,267,46,46,1500,1500,40,40,1500,655,40,40,166,1500,1424,360,46,46,91,46,40,1424,1424,1424,1424,40,46,1424,46,46]},"bins": {"c_to_s": [8,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,1,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,1,1],"entropies": [4.626680374,5.134761333,4.831686974,5.716956139,4.609350204,4.505982876,7.141723156,7.316176414,4.831687450,4.812815189,7.392494678,7.608505726,4.881687164,4.831687450,6.348018646,7.864303589,7.858262062,7.260771751,4.390829086,4.347350597,5.864610672,4.390829086,4.684184074,7.859017372,7.859235764,7.859332085,7.859507561,4.784183979,4.347350597,7.859881401,4.457920074,4.501398087]}}
-01598{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3359,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1490976186884448,"flow_src_last_pkt_time":1490976195471370,"flow_dst_last_pkt_time":1490976197346218,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":10437,"flow_dst_tot_l4_payload_len":5046,"midstream":0,"thread_ts_usec":1490976197346218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D"}}}
-00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3361,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_src_last_pkt_time":1490976197297649,"flow_dst_last_pkt_time":1490976197355099,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976197355099,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw5DlAAOcGwhZIFc55rBAq2AG7ufYaDpo72qyJv3ASH\/6iLAAAAgQFtAEDAwY="}
-00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3362,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":3,"flow_src_last_pkt_time":1490976197356307,"flow_dst_last_pkt_time":1490976197355099,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976197356307,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoAuBAAEAGSnmsECrYSBXOebn2AbvarIm\/Gg6aPFAQAVfsnQAA"}
-00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3363,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":4,"flow_src_last_pkt_time":1490976197357234,"flow_dst_last_pkt_time":1490976197355099,"flow_idle_time":3285032704,"pkt_caplen":259,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":259,"pkt_l4_len":225,"thread_ts_usec":1490976197357234,"pkt":"AMDKkaPvePiC0\/vCCABFAAD1AuFAAEAGSausECrYSBXOebn2AbvarIm\/Gg6aPFAYAVf7IAAAFgMBAMgBAADEAwOvXx4qoD9hGvfdVqZ\/Da8Sic0\/mG13oBFGNV7wDdZlEgAAIKqqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAexoaAAD\/AQABAAAAABYAFAAAEWZscy1uYS5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIWloAHQAXABgqKgABAA=="}
-01122{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3363,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976197297649,"flow_src_last_pkt_time":1490976197357234,"flow_dst_last_pkt_time":1490976197355099,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976197357234,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
-01212{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3365,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1490976196942963,"flow_src_last_pkt_time":1490976197305856,"flow_dst_last_pkt_time":1490976197363795,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":410,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976197363795,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1"}}}
-01581{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3367,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1490976196942963,"flow_src_last_pkt_time":1490976197305856,"flow_dst_last_pkt_time":1490976197363937,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":410,"flow_dst_tot_l4_payload_len":4380,"midstream":0,"thread_ts_usec":1490976197363937,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","tls": {"version":"TLSv1.2","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}}}
-00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3375,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":5,"flow_src_last_pkt_time":1490976197357234,"flow_dst_last_pkt_time":1490976197531809,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976197531809,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoFXlAANsGnN9IFc55rBAq2AG7ufYaDpo82qyJv1AQARzs2AAAAAAAAAAA"}
-01212{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3377,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976197297649,"flow_src_last_pkt_time":1490976197357234,"flow_dst_last_pkt_time":1490976197532482,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976197532482,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1"}}}
-01581{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3379,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1490976197297649,"flow_src_last_pkt_time":1490976197357234,"flow_dst_last_pkt_time":1490976197532968,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":4380,"midstream":0,"thread_ts_usec":1490976197532968,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","tls": {"version":"TLSv1.2","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}}}
-00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976041150466,"flow_src_last_pkt_time":1490976041150466,"flow_dst_last_pkt_time":1490976041151487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1490976177116210,"flow_src_last_pkt_time":1490976177850302,"flow_dst_last_pkt_time":1490976177810169,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2159,"flow_dst_tot_l4_payload_len":4417,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1490976177116594,"flow_src_last_pkt_time":1490976187290360,"flow_dst_last_pkt_time":1490976187287288,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5213,"flow_dst_tot_l4_payload_len":4294,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00912{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1490976177116910,"flow_src_last_pkt_time":1490976195547004,"flow_dst_last_pkt_time":1490976195546035,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50798,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00762{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1490976177116910,"flow_src_last_pkt_time":1490976195547004,"flow_dst_last_pkt_time":1490976195546035,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01090{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":17,"flow_first_seen":1490976177276176,"flow_src_last_pkt_time":1490976187754826,"flow_dst_last_pkt_time":1490976187753096,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":8229,"flow_dst_tot_l4_payload_len":4566,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00774{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1490976186164818,"flow_src_last_pkt_time":1490976186790474,"flow_dst_last_pkt_time":1490976186758377,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":730,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1263,"flow_dst_tot_l4_payload_len":3889,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1490976134140538,"flow_src_last_pkt_time":1490976135403194,"flow_dst_last_pkt_time":1490976135399921,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":13350,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00969{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":28,"flow_first_seen":1490976134141916,"flow_src_last_pkt_time":1490976135403332,"flow_dst_last_pkt_time":1490976135399957,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":29863,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1490976134144040,"flow_src_last_pkt_time":1490976135402796,"flow_dst_last_pkt_time":1490976135399738,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":12026,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1490976134146057,"flow_src_last_pkt_time":1490976135403069,"flow_dst_last_pkt_time":1490976135399877,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":13588,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00969{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1490976134148422,"flow_src_last_pkt_time":1490976135505174,"flow_dst_last_pkt_time":1490976135503730,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":14048,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1490976134149854,"flow_src_last_pkt_time":1490976135403457,"flow_dst_last_pkt_time":1490976135399987,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":14238,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00969{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":24,"flow_first_seen":1490976139642766,"flow_src_last_pkt_time":1490976140773289,"flow_dst_last_pkt_time":1490976140771277,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":27645,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1490976139643137,"flow_src_last_pkt_time":1490976140772766,"flow_dst_last_pkt_time":1490976140771030,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":12275,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00967{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1490976139643338,"flow_src_last_pkt_time":1490976140745630,"flow_dst_last_pkt_time":1490976140742599,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":7666,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00969{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":25,"flow_first_seen":1490976139643559,"flow_src_last_pkt_time":1490976140773163,"flow_dst_last_pkt_time":1490976140771210,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1094,"flow_dst_tot_l4_payload_len":29389,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1490976139643759,"flow_src_last_pkt_time":1490976140773012,"flow_dst_last_pkt_time":1490976140771162,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":13312,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1490976139643974,"flow_src_last_pkt_time":1490976140781151,"flow_dst_last_pkt_time":1490976140771313,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":15274,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00945{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976023264023,"flow_src_last_pkt_time":1490976023264087,"flow_dst_last_pkt_time":1490976023264023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":315,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00903{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976055356710,"flow_src_last_pkt_time":1490976180796726,"flow_dst_last_pkt_time":1490976055356710,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00982{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1490976076275395,"flow_src_last_pkt_time":1490976077663527,"flow_dst_last_pkt_time":1490976077660439,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":780,"flow_dst_max_l4_payload_len":1346,"flow_src_tot_l4_payload_len":780,"flow_dst_tot_l4_payload_len":1346,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","proto_id":"7.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}}
-00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":8,"flow_first_seen":1490976187511761,"flow_src_last_pkt_time":1490976190310465,"flow_dst_last_pkt_time":1490976190271131,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1290,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5660,"flow_dst_tot_l4_payload_len":3521,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00941{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":3,"flow_first_seen":1490976089173728,"flow_src_last_pkt_time":1490976090510907,"flow_dst_last_pkt_time":1490976090509885,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
-00760{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":3,"flow_first_seen":1490976089173728,"flow_src_last_pkt_time":1490976090510907,"flow_dst_last_pkt_time":1490976090509885,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00978{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":14,"flow_first_seen":1490976186884448,"flow_src_last_pkt_time":1490976197347611,"flow_dst_last_pkt_time":1490976197346218,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":10437,"flow_dst_tot_l4_payload_len":5046,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1490976089426961,"flow_src_last_pkt_time":1490976094931401,"flow_dst_last_pkt_time":1490976094927120,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":996,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":996,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","proto_id":"7.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}}
-00776{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1490976107365068,"flow_src_last_pkt_time":1490976110047519,"flow_dst_last_pkt_time":1490976110045369,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2227,"flow_dst_tot_l4_payload_len":4657,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01090{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":16,"flow_first_seen":1490976107365814,"flow_src_last_pkt_time":1490976110047239,"flow_dst_last_pkt_time":1490976110045297,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5131,"flow_dst_tot_l4_payload_len":7946,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00912{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1490976107366817,"flow_src_last_pkt_time":1490976110047667,"flow_dst_last_pkt_time":1490976110045422,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00762{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1490976107366817,"flow_src_last_pkt_time":1490976110047667,"flow_dst_last_pkt_time":1490976110045422,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01091{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_src_packets_processed":47,"flow_dst_packets_processed":51,"flow_first_seen":1490976107455953,"flow_src_last_pkt_time":1490976110047390,"flow_dst_last_pkt_time":1490976110045339,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2227,"flow_dst_tot_l4_payload_len":29204,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01090{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":16,"flow_first_seen":1490976130073503,"flow_src_last_pkt_time":1490976134134838,"flow_dst_last_pkt_time":1490976134133657,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2008,"flow_dst_tot_l4_payload_len":6582,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01090{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":21,"flow_first_seen":1490976136930982,"flow_src_last_pkt_time":1490976140745901,"flow_dst_last_pkt_time":1490976140742729,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":6666,"flow_dst_tot_l4_payload_len":7020,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01090{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1490976142629437,"flow_src_last_pkt_time":1490976148981070,"flow_dst_last_pkt_time":1490976148979222,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1093,"flow_src_tot_l4_payload_len":2226,"flow_dst_tot_l4_payload_len":1369,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976027514649,"flow_src_last_pkt_time":1490976027514649,"flow_dst_last_pkt_time":1490976027560355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":79,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":79,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976115835926,"flow_src_last_pkt_time":1490976115835926,"flow_dst_last_pkt_time":1490976115901902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","proto_id":"5.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01186{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1490976076042813,"flow_src_last_pkt_time":1490976177233444,"flow_dst_last_pkt_time":1490976177226996,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":197,"flow_src_tot_l4_payload_len":3159,"flow_dst_tot_l4_payload_len":335,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":10,"flow_first_seen":1490976196942963,"flow_src_last_pkt_time":1490976198168546,"flow_dst_last_pkt_time":1490976197926507,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5683,"flow_dst_tot_l4_payload_len":5368,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":14,"flow_first_seen":1490976197297649,"flow_src_last_pkt_time":1490976197930547,"flow_dst_last_pkt_time":1490976198043253,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3545,"flow_dst_tot_l4_payload_len":5491,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00775{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1490976071392707,"flow_src_last_pkt_time":1490976176431262,"flow_dst_last_pkt_time":1490976176430015,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1130,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1650,"flow_dst_tot_l4_payload_len":4006,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976031581495,"flow_src_last_pkt_time":1490976031581495,"flow_dst_last_pkt_time":1490976031687199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAlexa","proto_id":"5.110","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00947{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976023267639,"flow_src_last_pkt_time":1490976023267639,"flow_dst_last_pkt_time":1490976023267639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976107217569,"flow_src_last_pkt_time":1490976107217569,"flow_dst_last_pkt_time":1490976107359299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":57,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":57,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1490976195983393,"flow_src_last_pkt_time":1490976196942726,"flow_dst_last_pkt_time":1490976196941054,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1274,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2884,"flow_dst_tot_l4_payload_len":11054,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_src_packets_processed":174,"flow_dst_packets_processed":176,"flow_first_seen":1490976195984177,"flow_src_last_pkt_time":1490976198040623,"flow_dst_last_pkt_time":1490976198038274,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1290,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9183,"flow_dst_tot_l4_payload_len":239517,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":15,"flow_first_seen":1490976195985305,"flow_src_last_pkt_time":1490976196943705,"flow_dst_last_pkt_time":1490976196942501,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1285,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5470,"flow_dst_tot_l4_payload_len":10312,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976177026053,"flow_src_last_pkt_time":1490976177026053,"flow_dst_last_pkt_time":1490976177105350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976027724821,"flow_src_last_pkt_time":1490976027724821,"flow_dst_last_pkt_time":1490976027725831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976024847601,"flow_src_last_pkt_time":1490976024847601,"flow_dst_last_pkt_time":1490976024848551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976043611721,"flow_src_last_pkt_time":1490976043611721,"flow_dst_last_pkt_time":1490976043811357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":34,"flow_first_seen":1490976195529965,"flow_src_last_pkt_time":1490976198776068,"flow_dst_last_pkt_time":1490976198721541,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":11109,"flow_dst_tot_l4_payload_len":23639,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01089{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":24,"flow_first_seen":1490976085644885,"flow_src_last_pkt_time":1490976098828477,"flow_dst_last_pkt_time":1490976098827474,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":16338,"flow_dst_tot_l4_payload_len":5015,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01086{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":9,"flow_first_seen":1490976085829927,"flow_src_last_pkt_time":1490976088478616,"flow_dst_last_pkt_time":1490976088474318,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":565,"flow_src_tot_l4_payload_len":3641,"flow_dst_tot_l4_payload_len":703,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01086{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1490976085832410,"flow_src_last_pkt_time":1490976088478745,"flow_dst_last_pkt_time":1490976088474363,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":549,"flow_src_tot_l4_payload_len":1908,"flow_dst_tot_l4_payload_len":687,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00911{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1490976085884523,"flow_src_last_pkt_time":1490976088478345,"flow_dst_last_pkt_time":1490976088474183,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00761{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1490976085884523,"flow_src_last_pkt_time":1490976088478345,"flow_dst_last_pkt_time":1490976088474183,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01085{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1490976088605994,"flow_src_last_pkt_time":1490976094930868,"flow_dst_last_pkt_time":1490976094926813,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":698,"flow_dst_max_l4_payload_len":565,"flow_src_tot_l4_payload_len":1235,"flow_dst_tot_l4_payload_len":703,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01090{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":23,"flow_first_seen":1490976088631582,"flow_src_last_pkt_time":1490976098828773,"flow_dst_last_pkt_time":1490976098827615,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":11639,"flow_dst_tot_l4_payload_len":7245,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01089{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":11,"flow_first_seen":1490976088937719,"flow_src_last_pkt_time":1490976110046973,"flow_dst_last_pkt_time":1490976110045165,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":901,"flow_src_tot_l4_payload_len":10414,"flow_dst_tot_l4_payload_len":1844,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01088{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":18,"flow_first_seen":1490976088958157,"flow_src_last_pkt_time":1490976094931279,"flow_dst_last_pkt_time":1490976094927090,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":661,"flow_src_tot_l4_payload_len":9904,"flow_dst_tot_l4_payload_len":2867,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01088{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":10,"flow_first_seen":1490976089227335,"flow_src_last_pkt_time":1490976107676457,"flow_dst_last_pkt_time":1490976107673300,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":645,"flow_src_tot_l4_payload_len":6604,"flow_dst_tot_l4_payload_len":1412,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01088{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":11,"flow_first_seen":1490976089239508,"flow_src_last_pkt_time":1490976111839243,"flow_dst_last_pkt_time":1490976111837462,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":501,"flow_src_tot_l4_payload_len":9374,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01087{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1490976114885072,"flow_src_last_pkt_time":1490976117017810,"flow_dst_last_pkt_time":1490976117015060,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":3384,"flow_dst_tot_l4_payload_len":655,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01087{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1490976114894065,"flow_src_last_pkt_time":1490976116921018,"flow_dst_last_pkt_time":1490976116919339,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":565,"flow_src_tot_l4_payload_len":2020,"flow_dst_tot_l4_payload_len":703,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01089{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1490976114906930,"flow_src_last_pkt_time":1490976117017178,"flow_dst_last_pkt_time":1490976117015012,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1093,"flow_src_tot_l4_payload_len":3384,"flow_dst_tot_l4_payload_len":1231,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01087{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1490976114921759,"flow_src_last_pkt_time":1490976117016896,"flow_dst_last_pkt_time":1490976117014871,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":501,"flow_src_tot_l4_payload_len":1972,"flow_dst_tot_l4_payload_len":639,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01087{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":8,"flow_first_seen":1490976114940294,"flow_src_last_pkt_time":1490976120960098,"flow_dst_last_pkt_time":1490976120957858,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":501,"flow_src_tot_l4_payload_len":4892,"flow_dst_tot_l4_payload_len":639,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":13,"flow_first_seen":1490976030894150,"flow_src_last_pkt_time":1490976194743282,"flow_dst_last_pkt_time":1490976194740400,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":9283,"flow_dst_tot_l4_payload_len":4582,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01087{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1490976150029230,"flow_src_last_pkt_time":1490976164211909,"flow_dst_last_pkt_time":1490976164210095,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":698,"flow_dst_max_l4_payload_len":565,"flow_src_tot_l4_payload_len":1694,"flow_dst_tot_l4_payload_len":1268,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01087{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1490976158680003,"flow_src_last_pkt_time":1490976164214328,"flow_dst_last_pkt_time":1490976164210237,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":485,"flow_src_tot_l4_payload_len":2190,"flow_dst_tot_l4_payload_len":623,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976114879774,"flow_src_last_pkt_time":1490976114879774,"flow_dst_last_pkt_time":1490976114880618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01087{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":7,"flow_first_seen":1490976169531098,"flow_src_last_pkt_time":1490976175920517,"flow_dst_last_pkt_time":1490976175918861,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":805,"flow_src_tot_l4_payload_len":1940,"flow_dst_tot_l4_payload_len":943,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976186818047,"flow_src_last_pkt_time":1490976186818047,"flow_dst_last_pkt_time":1490976186879188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","proto_id":"5.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976071312877,"flow_src_last_pkt_time":1490976071312877,"flow_dst_last_pkt_time":1490976071389601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAlexa","proto_id":"5.110","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976195921499,"flow_src_last_pkt_time":1490976195921499,"flow_dst_last_pkt_time":1490976195980743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":155,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":155,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976187242775,"flow_src_last_pkt_time":1490976187242775,"flow_dst_last_pkt_time":1490976187508361,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAlexa","proto_id":"5.110","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00770{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1490976029756146,"flow_src_last_pkt_time":1490976030370083,"flow_dst_last_pkt_time":1490976171313736,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":588,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":945,"flow_dst_tot_l4_payload_len":4079,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01186{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1490976165062082,"flow_src_last_pkt_time":1490976175921125,"flow_dst_last_pkt_time":1490976175918995,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1290,"flow_dst_max_l4_payload_len":197,"flow_src_tot_l4_payload_len":2813,"flow_dst_tot_l4_payload_len":532,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976164994460,"flow_src_last_pkt_time":1490976164994460,"flow_dst_last_pkt_time":1490976165058589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAlexa","proto_id":"5.110","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976195484942,"flow_src_last_pkt_time":1490976195484942,"flow_dst_last_pkt_time":1490976195524157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976196840676,"flow_src_last_pkt_time":1490976196840676,"flow_dst_last_pkt_time":1490976196938799,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976093238253,"flow_src_last_pkt_time":1490976093238253,"flow_dst_last_pkt_time":1490976093355795,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":79,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":79,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00976{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1490976115905314,"flow_src_last_pkt_time":1490976120950142,"flow_dst_last_pkt_time":1490976120949042,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":395,"flow_src_tot_l4_payload_len":9842,"flow_dst_tot_l4_payload_len":946,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00912{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976116084560,"flow_src_last_pkt_time":1490976117005965,"flow_dst_last_pkt_time":1490976117004804,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00762{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976116084560,"flow_src_last_pkt_time":1490976117005965,"flow_dst_last_pkt_time":1490976117004804,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01184{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1490976196016602,"flow_src_last_pkt_time":1490976196282103,"flow_dst_last_pkt_time":1490976196280788,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":490,"flow_dst_max_l4_payload_len":597,"flow_src_tot_l4_payload_len":760,"flow_dst_tot_l4_payload_len":735,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-01108{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":28,"flow_first_seen":1490976067968666,"flow_src_last_pkt_time":1490976071076849,"flow_dst_last_pkt_time":1490976168824692,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3760,"flow_dst_tot_l4_payload_len":23045,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976133936541,"flow_src_last_pkt_time":1490976133936541,"flow_dst_last_pkt_time":1490976134135541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":210,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1490976195633256,"flow_src_last_pkt_time":1490976195989130,"flow_dst_last_pkt_time":1490976195979036,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1368,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1840,"flow_dst_tot_l4_payload_len":4742,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00773{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1490976090991595,"flow_src_last_pkt_time":1490976094931678,"flow_dst_last_pkt_time":1490976094927244,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":700,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":1041,"flow_dst_tot_l4_payload_len":4216,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00910{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976091048429,"flow_src_last_pkt_time":1490976094931528,"flow_dst_last_pkt_time":1490976094927214,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":7,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":7,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00760{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976091048429,"flow_src_last_pkt_time":1490976094931528,"flow_dst_last_pkt_time":1490976094927214,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":7,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":7,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00774{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":1490976100859650,"flow_src_last_pkt_time":1490976107676181,"flow_dst_last_pkt_time":1490976107673171,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":698,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":1071,"flow_dst_tot_l4_payload_len":4247,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976041806940,"flow_src_last_pkt_time":1490976041806940,"flow_dst_last_pkt_time":1490976041938819,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976090796987,"flow_src_last_pkt_time":1490976090796987,"flow_dst_last_pkt_time":1490976090982120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":89,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":89,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","proto_id":"5.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976041770147,"flow_src_last_pkt_time":1490976041770147,"flow_dst_last_pkt_time":1490976041866893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","proto_id":"5.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976027733585,"flow_src_last_pkt_time":1490976027826378,"flow_dst_last_pkt_time":1490976027824538,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":83,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":83,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":35540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck"}}
-00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976035502440,"flow_src_last_pkt_time":1490976035502440,"flow_dst_last_pkt_time":1490976035549103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":154,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","proto_id":"5.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976029184743,"flow_src_last_pkt_time":1490976029184743,"flow_dst_last_pkt_time":1490976029244910,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01220{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":30,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196880268,"flow_dst_last_pkt_time":1490976196870225,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":666,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1652,"flow_dst_tot_l4_payload_len":23158,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976024857901,"flow_src_last_pkt_time":1490976024994180,"flow_dst_last_pkt_time":1490976024992071,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":83,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":83,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck"}}
-00948{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1490976041428918,"flow_src_last_pkt_time":1490976168813075,"flow_dst_last_pkt_time":1490976041428918,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
-00763{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1490976041428918,"flow_src_last_pkt_time":1490976168813075,"flow_dst_last_pkt_time":1490976041428918,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00948{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1490976041680864,"flow_src_last_pkt_time":1490976168960939,"flow_dst_last_pkt_time":1490976041680864,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
-00763{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1490976041680864,"flow_src_last_pkt_time":1490976168960939,"flow_dst_last_pkt_time":1490976041680864,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976030681470,"flow_src_last_pkt_time":1490976030681470,"flow_dst_last_pkt_time":1490976030890027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00948{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1490976085883325,"flow_src_last_pkt_time":1490976149040436,"flow_dst_last_pkt_time":1490976085883325,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
-00764{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1490976085883325,"flow_src_last_pkt_time":1490976149040436,"flow_dst_last_pkt_time":1490976085883325,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00974{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1490976082723840,"flow_src_last_pkt_time":1490976084872619,"flow_dst_last_pkt_time":1490976084868918,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":395,"flow_src_tot_l4_payload_len":4313,"flow_dst_tot_l4_payload_len":707,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00911{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976082964100,"flow_src_last_pkt_time":1490976084873178,"flow_dst_last_pkt_time":1490976084869056,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00761{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976082964100,"flow_src_last_pkt_time":1490976084873178,"flow_dst_last_pkt_time":1490976084869056,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00976{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1490976090572590,"flow_src_last_pkt_time":1490976094931147,"flow_dst_last_pkt_time":1490976094927057,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":395,"flow_src_tot_l4_payload_len":11915,"flow_dst_tot_l4_payload_len":551,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00912{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1490976100559988,"flow_src_last_pkt_time":1490976107681564,"flow_dst_last_pkt_time":1490976107679608,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00762{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1490976100559988,"flow_src_last_pkt_time":1490976107681564,"flow_dst_last_pkt_time":1490976107679608,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00975{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1490976100811415,"flow_src_last_pkt_time":1490976107676587,"flow_dst_last_pkt_time":1490976107673906,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":395,"flow_src_tot_l4_payload_len":6872,"flow_dst_tot_l4_payload_len":551,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-01107{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":19,"flow_first_seen":1490976093358419,"flow_src_last_pkt_time":1490976194991511,"flow_dst_last_pkt_time":1490976194990539,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3186,"flow_dst_tot_l4_payload_len":4131,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976024793542,"flow_src_last_pkt_time":1490976024793542,"flow_dst_last_pkt_time":1490976024844591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":75,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976027522377,"flow_src_last_pkt_time":1490976027522377,"flow_dst_last_pkt_time":1490976027523403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976067916709,"flow_src_last_pkt_time":1490976067916709,"flow_dst_last_pkt_time":1490976067965373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00946{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976085891455,"flow_src_last_pkt_time":1490976085891455,"flow_dst_last_pkt_time":1490976085978559,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
-00761{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976085891455,"flow_src_last_pkt_time":1490976085891455,"flow_dst_last_pkt_time":1490976085978559,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01227{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":9,"flow_first_seen":1490976027567694,"flow_src_last_pkt_time":1490976028006787,"flow_dst_last_pkt_time":1490976027999334,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":936,"flow_dst_tot_l4_payload_len":501,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976064333083,"flow_src_last_pkt_time":1490976064333083,"flow_dst_last_pkt_time":1490976064448088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01107{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":20,"flow_first_seen":1490976029248822,"flow_src_last_pkt_time":1490976152630776,"flow_dst_last_pkt_time":1490976152042248,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5474,"flow_dst_tot_l4_payload_len":6876,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976195545666,"flow_src_last_pkt_time":1490976195545666,"flow_dst_last_pkt_time":1490976195628315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","proto_id":"5.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00774{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1490976080485167,"flow_src_last_pkt_time":1490976081484636,"flow_dst_last_pkt_time":1490976081482994,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":884,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2154,"flow_dst_tot_l4_payload_len":5486,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976029669574,"flow_src_last_pkt_time":1490976029669574,"flow_dst_last_pkt_time":1490976029753315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00584{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","packets-captured":3435,"packets-processed":3406,"total-skipped-flows":0,"total-l4-payload-len":1226087,"total-not-detected-flows":0,"total-guessed-flows":14,"total-detected-flows":146,"total-detection-updates":151,"total-updates":77,"current-active-flows":0,"total-active-flows":160,"total-idle-flows":160,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1424,"global_ts_usec":1490976198776068}
+00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2924,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":5,"flow_src_last_pkt_time":1490976196079939,"flow_dst_last_pkt_time":1490976196143111,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976196143111,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoKCNAAOcGQSM27xyyrBAq2AG74sBbwNFwZBCoN1AQf\/rnWwAAAAAAAAAA"}
+01333{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2925,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976196016602,"flow_src_last_pkt_time":1490976196079939,"flow_dst_last_pkt_time":1490976196143271,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976196143271,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}}
+00982{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1490976071237623,"flow_src_last_pkt_time":1490976075957509,"flow_dst_last_pkt_time":1490976075955700,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":780,"flow_dst_max_l4_payload_len":1346,"flow_src_tot_l4_payload_len":780,"flow_dst_tot_l4_payload_len":1346,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","proto_id":"7.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}}
+01089{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1490976071286664,"flow_src_last_pkt_time":1490976075975082,"flow_dst_last_pkt_time":1490976075957057,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3582,"flow_dst_tot_l4_payload_len":5044,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00773{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1490976071306483,"flow_src_last_pkt_time":1490976075950122,"flow_dst_last_pkt_time":1490976075948173,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":698,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1231,"flow_dst_tot_l4_payload_len":3873,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01088{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1490976071349196,"flow_src_last_pkt_time":1490976075957794,"flow_dst_last_pkt_time":1490976075955793,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":501,"flow_src_tot_l4_payload_len":3630,"flow_dst_tot_l4_payload_len":1124,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01086{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":9,"flow_first_seen":1490976071380614,"flow_src_last_pkt_time":1490976075949846,"flow_dst_last_pkt_time":1490976075948034,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":453,"flow_src_tot_l4_payload_len":6240,"flow_dst_tot_l4_payload_len":591,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01082{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":5,"flow_first_seen":1490976071385523,"flow_src_last_pkt_time":1490976075957661,"flow_dst_last_pkt_time":1490976075955747,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":537,"flow_dst_tot_l4_payload_len":138,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01083{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1490976071583104,"flow_src_last_pkt_time":1490976075957279,"flow_dst_last_pkt_time":1490976075955548,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":138,"flow_src_tot_l4_payload_len":298,"flow_dst_tot_l4_payload_len":276,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":15,"flow_first_seen":1490976064452332,"flow_src_last_pkt_time":1490976068180386,"flow_dst_last_pkt_time":1490976068174801,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":7862,"flow_dst_tot_l4_payload_len":9710,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":8,"flow_first_seen":1490976064328375,"flow_src_last_pkt_time":1490976064897914,"flow_dst_last_pkt_time":1490976064895983,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":5083,"flow_dst_tot_l4_payload_len":547,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2931,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976041150466,"flow_src_last_pkt_time":1490976041150466,"flow_dst_last_pkt_time":1490976041151487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00966{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2931,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976031581495,"flow_src_last_pkt_time":1490976031581495,"flow_dst_last_pkt_time":1490976031687199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAlexa","proto_id":"5.110","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2931,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976043611721,"flow_src_last_pkt_time":1490976043611721,"flow_dst_last_pkt_time":1490976043811357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2931,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976093238253,"flow_src_last_pkt_time":1490976093238253,"flow_dst_last_pkt_time":1490976093355795,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":79,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":79,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2931,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976041806940,"flow_src_last_pkt_time":1490976041806940,"flow_dst_last_pkt_time":1490976041938819,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2931,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976090796987,"flow_src_last_pkt_time":1490976090796987,"flow_dst_last_pkt_time":1490976090982120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":89,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":89,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","proto_id":"5.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2931,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976041770147,"flow_src_last_pkt_time":1490976041770147,"flow_dst_last_pkt_time":1490976041866893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","proto_id":"5.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00966{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2931,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976035502440,"flow_src_last_pkt_time":1490976035502440,"flow_dst_last_pkt_time":1490976035549103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":154,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","proto_id":"5.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2931,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976029184743,"flow_src_last_pkt_time":1490976029184743,"flow_dst_last_pkt_time":1490976029244910,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00960{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2931,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976030681470,"flow_src_last_pkt_time":1490976030681470,"flow_dst_last_pkt_time":1490976030890027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2931,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976029669574,"flow_src_last_pkt_time":1490976029669574,"flow_dst_last_pkt_time":1490976029753315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2937,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196223999,"flow_dst_last_pkt_time":1490976196223999,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196223999,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2937,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_src_last_pkt_time":1490976196223999,"flow_dst_last_pkt_time":1490976196223999,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976196223999,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Y0xAAEAG+qKsECrYNFXRj5ZTAbu3TOm6AAAAAKAC\/\/+mLwAAAgQFtAQCCAoA9or2AAAAAAEDAwg="}
+00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2938,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":2,"flow_src_last_pkt_time":1490976196223999,"flow_dst_last_pkt_time":1490976196257995,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976196257995,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqu40VdGPrBAq2AG7llOp3LO0t0zpu6AScSBd6wAAAgQFtAQCCApt5QucAPaK9gEDAwg="}
+00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2939,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":3,"flow_src_last_pkt_time":1490976196259088,"flow_dst_last_pkt_time":1490976196257995,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976196259088,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0Y01AAEAG+qmsECrYNFXRj5ZTAbu3TOm7qdyztYAQAVf8fgAAAQEICgD2ivlt5Quc"}
+00777{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2940,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":4,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196257995,"flow_idle_time":3285032704,"pkt_caplen":260,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":260,"pkt_l4_len":226,"thread_ts_usec":1490976196261315,"pkt":"AMDKkaPvePiC0\/vCCABFAAD2Y05AAEAG+easECrYNFXRj5ZTAbu3TOm7qdyztYAYAVe1MwAAAQEICgD2ivpt5QucFgMBAL0BAAC5AwOo7Axkb8GLUakvQG63Tsv7HZAz5uQ4F\/rfU5NRiOqOZwAALMArwCzAL8AwAJ4An8AJwArAE8AUADMAOQAyADjAB8ARAJwAnQAvADUABQD\/AQAAZAALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgM="}
+01301{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2940,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196257995,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196261315,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2944,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":5,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196295914,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976196295914,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0uBVAAPMG8uA0VdGPrBAq2AG7llOp3LO1t0zqfYAQAHb8mAAAAQEICm3lC6AA9or6"}
+01361{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2945,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196300973,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1490976196300973,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}}
+01856{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2947,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196261315,"flow_dst_last_pkt_time":1490976196301692,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":3462,"midstream":0,"thread_ts_usec":1490976196301692,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}}}
+02429{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2981,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":22,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196651032,"flow_dst_last_pkt_time":1490976196769763,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":666,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1652,"flow_dst_tot_l4_payload_len":16510,"midstream":0,"thread_ts_usec":1490976196769763,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":67,"avg":31380.5,"max":241435,"stddev":57224.6,"var":3274655232.0,"ent":3.4,"data": [33996,35089,2227,37919,5059,483,236,42863,280,131,30800,68825,38426,227149,241435,50068,58385,55537,3754,2000,4418,1636,659,7796,67,79,9049,341,3084,756,10250]},"pktlen": {"min":52,"avg":620.4,"max":1500,"stddev":578.4,"var":334504.2,"ent":4.3,"data": [60,60,52,246,52,1500,1500,618,52,52,52,178,103,718,718,103,64,52,1096,427,256,815,905,441,1500,177,557,1500,1500,1500,1500,1500]},"bins": {"c_to_s": [6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,2,0,1,0,0,1,0,0,0,0,1,1,0,0,1,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,1,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.672595501,5.240227222,5.056022644,5.370272160,5.154164791,6.988568306,7.250431538,7.681571960,5.014835835,5.094483852,5.094484329,6.573484898,6.064765453,7.685264111,7.690067768,6.064765930,5.061889172,5.154164791,7.838786125,7.447540760,7.087004662,7.738961697,7.760296345,7.499400616,7.878207684,6.822522163,7.598652363,7.869508743,7.877407074,7.877415180,7.877339363,7.877696514]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2990,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976196840676,"flow_src_last_pkt_time":1490976196840676,"flow_dst_last_pkt_time":1490976196840676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196840676,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2990,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_src_last_pkt_time":1490976196840676,"flow_dst_last_pkt_time":1490976196840676,"flow_idle_time":200000000,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1490976196840676,"pkt":"AMDKkaPvePiC0\/vCCABFAAA\/WmdAAEARM02sECrYrBAqAQqTADUAK8ZJ2BYBAAABAAAAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAE="}
+01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2990,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976196840676,"flow_src_last_pkt_time":1490976196840676,"flow_dst_last_pkt_time":1490976196840676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196840676,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fls-na.amazon.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+01984{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3021,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1490976195985305,"flow_src_last_pkt_time":1490976196879161,"flow_dst_last_pkt_time":1490976196866304,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1285,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5470,"flow_dst_tot_l4_payload_len":9856,"midstream":0,"thread_ts_usec":1490976196879161,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":50,"avg":57253.4,"max":264056,"stddev":85984.0,"var":7393244160.0,"ent":3.6,"data": [22841,23998,943,22793,6583,564,615,276,39690,124,146,157,6771,37572,46160,226745,213104,3861,222252,264056,50,55344,103406,128,10396,183950,242536,953,71,38628,142]},"pktlen": {"min":52,"avg":532.2,"max":1500,"stddev":595.2,"var":354289.1,"ent":4.1,"data": [60,60,52,271,52,1500,1500,1500,750,52,52,52,52,178,310,1337,310,64,1337,1337,930,86,86,52,52,64,1322,1500,1500,508,52,52]},"bins": {"c_to_s": [12,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,0,0,0,0,0,0],"s_to_c": [2,2,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,0,0,0,1,1,1,0,0,0,0,1,1,1,0,0],"entropies": [4.705928802,5.306893826,5.094483852,5.740943432,5.077241898,7.061615944,7.289163589,7.495290279,7.599352837,5.094483852,5.017560482,5.094483852,5.017560482,6.445491791,7.218114853,7.854625702,7.211663246,5.042434692,7.851956367,7.855620384,7.792708397,5.812836647,5.812836647,5.056022167,5.132945538,5.093139648,7.841275692,7.859713554,7.867431164,7.510861874,5.094483852,5.094483852]}}
+01650{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3021,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1490976195985305,"flow_src_last_pkt_time":1490976196879161,"flow_dst_last_pkt_time":1490976196866304,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1285,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5470,"flow_dst_tot_l4_payload_len":9856,"midstream":0,"thread_ts_usec":1490976196879161,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"images-na.ssl-images-amazon.com","tls": {"version":"TLSv1.2","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}}}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3027,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_packet_id":2,"flow_src_last_pkt_time":1490976196840676,"flow_dst_last_pkt_time":1490976196938799,"flow_idle_time":200000000,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1490976196938799,"pkt":"ePiC0\/vCAMDKkaPvCABFAABP7ApAAEARoZmsECoBrBAq2AA1CpMAO2jR2BaBgAABAAEAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAHADAABAAEAAAA7AARIFc55"}
+01070{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3027,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976196840676,"flow_src_last_pkt_time":1490976196840676,"flow_dst_last_pkt_time":1490976196938799,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1490976196938799,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fls-na.amazon.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"72.21.206.121"}}}
+00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3031,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976196942963,"flow_src_last_pkt_time":1490976196942963,"flow_dst_last_pkt_time":1490976196942963,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196942963,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3031,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_src_last_pkt_time":1490976196942963,"flow_dst_last_pkt_time":1490976196942963,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976196942963,"pkt":"AMDKkaPvePiC0\/vCCABFAAA85QlAAEAGaDusECrYSBXOebn1AbuZi243AAAAAKAC\/\/8K4AAAAgQFtAQCCAoA9os+AAAAAAEDAwg="}
+00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3033,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":2,"flow_src_last_pkt_time":1490976196942963,"flow_dst_last_pkt_time":1490976197023104,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976197023104,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwSYFAAOcGXM9IFc55rBAq2AG7ufUB00CKmYtuOHASH\/5wwgAAAgQFtAEDAwY="}
+00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3034,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":3,"flow_src_last_pkt_time":1490976197024461,"flow_dst_last_pkt_time":1490976197023104,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976197024461,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo5QpAAEAGaE6sECrYSBXOebn1AbuZi244AdNAi1AQAVe7MwAA"}
+00777{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3035,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":4,"flow_src_last_pkt_time":1490976197026574,"flow_dst_last_pkt_time":1490976197023104,"flow_idle_time":3285032704,"pkt_caplen":259,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":259,"pkt_l4_len":225,"thread_ts_usec":1490976197026574,"pkt":"AMDKkaPvePiC0\/vCCABFAAD15QtAAEAGZ4CsECrYSBXOebn1AbuZi244AdNAi1AYAVcK3wAAFgMBAMgBAADEAwPgpEwF\/Xat48+4W37drUaLhGz9wRo+dbZ872q4eXXW7QAAIOrqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAe0pKAAD\/AQABAAAAABYAFAAAEWZscy1uYS5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIqqoAHQAXABgKCgABAA=="}
+01122{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3035,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976196942963,"flow_src_last_pkt_time":1490976197026574,"flow_dst_last_pkt_time":1490976197023104,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976197026574,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3036,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":5,"flow_src_last_pkt_time":1490976197026574,"flow_dst_last_pkt_time":1490976197073735,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976197073735,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo8eNAANsGwHRIFc55rBAq2AG7ufUB00CLmYtuOFAQARy7bgAAAAAAAAAA"}
+00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3037,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976197297649,"flow_src_last_pkt_time":1490976197297649,"flow_dst_last_pkt_time":1490976197297649,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976197297649,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3037,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_src_last_pkt_time":1490976197297649,"flow_dst_last_pkt_time":1490976197297649,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976197297649,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8At9AAEAGSmasECrYSBXOebn2AbvarIm+AAAAAKAC\/\/+uEwAAAgQFtAQCCAoA9othAAAAAAEDAwg="}
+02004{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3039,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1490976186884448,"flow_src_last_pkt_time":1490976195471370,"flow_dst_last_pkt_time":1490976197346218,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":10437,"flow_dst_tot_l4_payload_len":5046,"midstream":0,"thread_ts_usec":1490976197346218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":32,"avg":614473.9,"max":7470598,"stddev":1477715.5,"var":2183643136000.0,"ent":2.8,"data": [168457,171158,1511,108893,4406,1671,697,112679,290,4146,167,6217,127,10389,13091,1079,255,290409,42,32,60,299358,743,529311,1065924,2114234,3665356,7470598,595200,595070,1817122]},"pktlen": {"min":40,"avg":526.2,"max":1500,"stddev":637.5,"var":406420.1,"ent":3.9,"data": [60,48,40,267,46,46,1500,1500,40,40,1500,655,40,40,166,1500,1424,360,46,46,91,46,40,1424,1424,1424,1424,40,46,1424,46,46]},"bins": {"c_to_s": [8,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,1,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,1,1],"entropies": [4.626680374,5.134761333,4.831686974,5.716956139,4.609350204,4.505982876,7.141723156,7.316176414,4.831687450,4.812815189,7.392494678,7.608505726,4.881687164,4.831687450,6.348018646,7.864303589,7.858262062,7.260771751,4.390829086,4.347350597,5.864610672,4.390829086,4.684184074,7.859017372,7.859235764,7.859332085,7.859507561,4.784183979,4.347350597,7.859881401,4.457920074,4.501398087]}}
+01598{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3039,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1490976186884448,"flow_src_last_pkt_time":1490976195471370,"flow_dst_last_pkt_time":1490976197346218,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":10437,"flow_dst_tot_l4_payload_len":5046,"midstream":0,"thread_ts_usec":1490976197346218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D"}}}
+00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3041,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_src_last_pkt_time":1490976197297649,"flow_dst_last_pkt_time":1490976197355099,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976197355099,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw5DlAAOcGwhZIFc55rBAq2AG7ufYaDpo72qyJv3ASH\/6iLAAAAgQFtAEDAwY="}
+00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3042,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":3,"flow_src_last_pkt_time":1490976197356307,"flow_dst_last_pkt_time":1490976197355099,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976197356307,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoAuBAAEAGSnmsECrYSBXOebn2AbvarIm\/Gg6aPFAQAVfsnQAA"}
+00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3043,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":4,"flow_src_last_pkt_time":1490976197357234,"flow_dst_last_pkt_time":1490976197355099,"flow_idle_time":3285032704,"pkt_caplen":259,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":259,"pkt_l4_len":225,"thread_ts_usec":1490976197357234,"pkt":"AMDKkaPvePiC0\/vCCABFAAD1AuFAAEAGSausECrYSBXOebn2AbvarIm\/Gg6aPFAYAVf7IAAAFgMBAMgBAADEAwOvXx4qoD9hGvfdVqZ\/Da8Sic0\/mG13oBFGNV7wDdZlEgAAIKqqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAexoaAAD\/AQABAAAAABYAFAAAEWZscy1uYS5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIWloAHQAXABgqKgABAA=="}
+01122{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3043,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976197297649,"flow_src_last_pkt_time":1490976197357234,"flow_dst_last_pkt_time":1490976197355099,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976197357234,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+01212{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3045,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1490976196942963,"flow_src_last_pkt_time":1490976197305856,"flow_dst_last_pkt_time":1490976197363795,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":410,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976197363795,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1"}}}
+01581{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3047,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1490976196942963,"flow_src_last_pkt_time":1490976197305856,"flow_dst_last_pkt_time":1490976197363937,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":410,"flow_dst_tot_l4_payload_len":4380,"midstream":0,"thread_ts_usec":1490976197363937,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","tls": {"version":"TLSv1.2","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}}}
+00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3055,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":5,"flow_src_last_pkt_time":1490976197357234,"flow_dst_last_pkt_time":1490976197531809,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976197531809,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoFXlAANsGnN9IFc55rBAq2AG7ufYaDpo82qyJv1AQARzs2AAAAAAAAAAA"}
+01212{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3057,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976197297649,"flow_src_last_pkt_time":1490976197357234,"flow_dst_last_pkt_time":1490976197532482,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976197532482,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1"}}}
+01581{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3059,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1490976197297649,"flow_src_last_pkt_time":1490976197357234,"flow_dst_last_pkt_time":1490976197532968,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":4380,"midstream":0,"thread_ts_usec":1490976197532968,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","tls": {"version":"TLSv1.2","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}}}
+00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976041150466,"flow_src_last_pkt_time":1490976041150466,"flow_dst_last_pkt_time":1490976041151487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1490976177116210,"flow_src_last_pkt_time":1490976177850302,"flow_dst_last_pkt_time":1490976177810169,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2159,"flow_dst_tot_l4_payload_len":4417,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1490976177116594,"flow_src_last_pkt_time":1490976187290360,"flow_dst_last_pkt_time":1490976187287288,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5213,"flow_dst_tot_l4_payload_len":4294,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00912{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1490976177116910,"flow_src_last_pkt_time":1490976195547004,"flow_dst_last_pkt_time":1490976195546035,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50798,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00762{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1490976177116910,"flow_src_last_pkt_time":1490976195547004,"flow_dst_last_pkt_time":1490976195546035,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01090{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":17,"flow_first_seen":1490976177276176,"flow_src_last_pkt_time":1490976187754826,"flow_dst_last_pkt_time":1490976187753096,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":8229,"flow_dst_tot_l4_payload_len":4566,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00774{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1490976186164818,"flow_src_last_pkt_time":1490976186790474,"flow_dst_last_pkt_time":1490976186758377,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":730,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1263,"flow_dst_tot_l4_payload_len":3889,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1490976134140538,"flow_src_last_pkt_time":1490976135403194,"flow_dst_last_pkt_time":1490976135399921,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":13350,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00969{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":28,"flow_first_seen":1490976134141916,"flow_src_last_pkt_time":1490976135403332,"flow_dst_last_pkt_time":1490976135399957,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":29863,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1490976134144040,"flow_src_last_pkt_time":1490976135402796,"flow_dst_last_pkt_time":1490976135399738,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":12026,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1490976134146057,"flow_src_last_pkt_time":1490976135403069,"flow_dst_last_pkt_time":1490976135399877,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":13588,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00969{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1490976134148422,"flow_src_last_pkt_time":1490976135505174,"flow_dst_last_pkt_time":1490976135503730,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":14048,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1490976134149854,"flow_src_last_pkt_time":1490976135403457,"flow_dst_last_pkt_time":1490976135399987,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":14238,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00969{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":24,"flow_first_seen":1490976139642766,"flow_src_last_pkt_time":1490976140773289,"flow_dst_last_pkt_time":1490976140771277,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1641,"flow_dst_tot_l4_payload_len":27645,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1490976139643137,"flow_src_last_pkt_time":1490976140772766,"flow_dst_last_pkt_time":1490976140771030,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":12275,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00967{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1490976139643338,"flow_src_last_pkt_time":1490976140745630,"flow_dst_last_pkt_time":1490976140742599,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":7666,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00969{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":25,"flow_first_seen":1490976139643559,"flow_src_last_pkt_time":1490976140773163,"flow_dst_last_pkt_time":1490976140771210,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1094,"flow_dst_tot_l4_payload_len":29389,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1490976139643759,"flow_src_last_pkt_time":1490976140773012,"flow_dst_last_pkt_time":1490976140771162,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":13312,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1490976139643974,"flow_src_last_pkt_time":1490976140781151,"flow_dst_last_pkt_time":1490976140771313,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":15274,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","proto_id":"7.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00945{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976023264023,"flow_src_last_pkt_time":1490976023264087,"flow_dst_last_pkt_time":1490976023264023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":315,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00903{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976055356710,"flow_src_last_pkt_time":1490976180796726,"flow_dst_last_pkt_time":1490976055356710,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00982{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1490976076275395,"flow_src_last_pkt_time":1490976077663527,"flow_dst_last_pkt_time":1490976077660439,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":780,"flow_dst_max_l4_payload_len":1346,"flow_src_tot_l4_payload_len":780,"flow_dst_tot_l4_payload_len":1346,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","proto_id":"7.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}}
+00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":8,"flow_first_seen":1490976187511761,"flow_src_last_pkt_time":1490976190310465,"flow_dst_last_pkt_time":1490976190271131,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1290,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5660,"flow_dst_tot_l4_payload_len":3521,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00941{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":3,"flow_first_seen":1490976089173728,"flow_src_last_pkt_time":1490976090510907,"flow_dst_last_pkt_time":1490976090509885,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00760{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":3,"flow_first_seen":1490976089173728,"flow_src_last_pkt_time":1490976090510907,"flow_dst_last_pkt_time":1490976090509885,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00978{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":14,"flow_first_seen":1490976186884448,"flow_src_last_pkt_time":1490976197347611,"flow_dst_last_pkt_time":1490976197346218,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":10437,"flow_dst_tot_l4_payload_len":5046,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1490976089426961,"flow_src_last_pkt_time":1490976094931401,"flow_dst_last_pkt_time":1490976094927120,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":996,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":996,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","proto_id":"7.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}}
+00776{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1490976107365068,"flow_src_last_pkt_time":1490976110047519,"flow_dst_last_pkt_time":1490976110045369,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2227,"flow_dst_tot_l4_payload_len":4657,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01090{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":16,"flow_first_seen":1490976107365814,"flow_src_last_pkt_time":1490976110047239,"flow_dst_last_pkt_time":1490976110045297,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5131,"flow_dst_tot_l4_payload_len":7946,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00912{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1490976107366817,"flow_src_last_pkt_time":1490976110047667,"flow_dst_last_pkt_time":1490976110045422,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00762{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1490976107366817,"flow_src_last_pkt_time":1490976110047667,"flow_dst_last_pkt_time":1490976110045422,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01091{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_src_packets_processed":47,"flow_dst_packets_processed":51,"flow_first_seen":1490976107455953,"flow_src_last_pkt_time":1490976110047390,"flow_dst_last_pkt_time":1490976110045339,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2227,"flow_dst_tot_l4_payload_len":29204,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01090{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":16,"flow_first_seen":1490976130073503,"flow_src_last_pkt_time":1490976134134838,"flow_dst_last_pkt_time":1490976134133657,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2008,"flow_dst_tot_l4_payload_len":6582,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01090{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":21,"flow_first_seen":1490976136930982,"flow_src_last_pkt_time":1490976140745901,"flow_dst_last_pkt_time":1490976140742729,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":6666,"flow_dst_tot_l4_payload_len":7020,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01090{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1490976142629437,"flow_src_last_pkt_time":1490976148981070,"flow_dst_last_pkt_time":1490976148979222,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1093,"flow_src_tot_l4_payload_len":2226,"flow_dst_tot_l4_payload_len":1369,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976027514649,"flow_src_last_pkt_time":1490976027514649,"flow_dst_last_pkt_time":1490976027560355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":79,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":79,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976115835926,"flow_src_last_pkt_time":1490976115835926,"flow_dst_last_pkt_time":1490976115901902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","proto_id":"5.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01186{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1490976076042813,"flow_src_last_pkt_time":1490976177233444,"flow_dst_last_pkt_time":1490976177226996,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":197,"flow_src_tot_l4_payload_len":3159,"flow_dst_tot_l4_payload_len":335,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":10,"flow_first_seen":1490976196942963,"flow_src_last_pkt_time":1490976198168546,"flow_dst_last_pkt_time":1490976197926507,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5683,"flow_dst_tot_l4_payload_len":5368,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":14,"flow_first_seen":1490976197297649,"flow_src_last_pkt_time":1490976197930547,"flow_dst_last_pkt_time":1490976198043253,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3545,"flow_dst_tot_l4_payload_len":5491,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00775{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1490976071392707,"flow_src_last_pkt_time":1490976176431262,"flow_dst_last_pkt_time":1490976176430015,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1130,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1650,"flow_dst_tot_l4_payload_len":4006,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976031581495,"flow_src_last_pkt_time":1490976031581495,"flow_dst_last_pkt_time":1490976031687199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAlexa","proto_id":"5.110","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00947{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976023267639,"flow_src_last_pkt_time":1490976023267639,"flow_dst_last_pkt_time":1490976023267639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976107217569,"flow_src_last_pkt_time":1490976107217569,"flow_dst_last_pkt_time":1490976107359299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":57,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":57,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1490976195983393,"flow_src_last_pkt_time":1490976196942726,"flow_dst_last_pkt_time":1490976196941054,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1274,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2884,"flow_dst_tot_l4_payload_len":11054,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00774{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1490976195984177,"flow_src_last_pkt_time":1490976196102580,"flow_dst_last_pkt_time":1490976196136176,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1277,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1622,"flow_dst_tot_l4_payload_len":8196,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":15,"flow_first_seen":1490976195985305,"flow_src_last_pkt_time":1490976196943705,"flow_dst_last_pkt_time":1490976196942501,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1285,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5470,"flow_dst_tot_l4_payload_len":10312,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976177026053,"flow_src_last_pkt_time":1490976177026053,"flow_dst_last_pkt_time":1490976177105350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976027724821,"flow_src_last_pkt_time":1490976027724821,"flow_dst_last_pkt_time":1490976027725831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976024847601,"flow_src_last_pkt_time":1490976024847601,"flow_dst_last_pkt_time":1490976024848551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976043611721,"flow_src_last_pkt_time":1490976043611721,"flow_dst_last_pkt_time":1490976043811357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":34,"flow_first_seen":1490976195529965,"flow_src_last_pkt_time":1490976198776068,"flow_dst_last_pkt_time":1490976198721541,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":11109,"flow_dst_tot_l4_payload_len":23639,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01089{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":24,"flow_first_seen":1490976085644885,"flow_src_last_pkt_time":1490976098828477,"flow_dst_last_pkt_time":1490976098827474,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":16338,"flow_dst_tot_l4_payload_len":5015,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01086{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":9,"flow_first_seen":1490976085829927,"flow_src_last_pkt_time":1490976088478616,"flow_dst_last_pkt_time":1490976088474318,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":565,"flow_src_tot_l4_payload_len":3641,"flow_dst_tot_l4_payload_len":703,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01086{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1490976085832410,"flow_src_last_pkt_time":1490976088478745,"flow_dst_last_pkt_time":1490976088474363,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":549,"flow_src_tot_l4_payload_len":1908,"flow_dst_tot_l4_payload_len":687,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00911{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1490976085884523,"flow_src_last_pkt_time":1490976088478345,"flow_dst_last_pkt_time":1490976088474183,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00761{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1490976085884523,"flow_src_last_pkt_time":1490976088478345,"flow_dst_last_pkt_time":1490976088474183,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01085{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1490976088605994,"flow_src_last_pkt_time":1490976094930868,"flow_dst_last_pkt_time":1490976094926813,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":698,"flow_dst_max_l4_payload_len":565,"flow_src_tot_l4_payload_len":1235,"flow_dst_tot_l4_payload_len":703,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01090{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":23,"flow_first_seen":1490976088631582,"flow_src_last_pkt_time":1490976098828773,"flow_dst_last_pkt_time":1490976098827615,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":11639,"flow_dst_tot_l4_payload_len":7245,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01089{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":11,"flow_first_seen":1490976088937719,"flow_src_last_pkt_time":1490976110046973,"flow_dst_last_pkt_time":1490976110045165,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":901,"flow_src_tot_l4_payload_len":10414,"flow_dst_tot_l4_payload_len":1844,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01088{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":18,"flow_first_seen":1490976088958157,"flow_src_last_pkt_time":1490976094931279,"flow_dst_last_pkt_time":1490976094927090,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":661,"flow_src_tot_l4_payload_len":9904,"flow_dst_tot_l4_payload_len":2867,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01088{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":10,"flow_first_seen":1490976089227335,"flow_src_last_pkt_time":1490976107676457,"flow_dst_last_pkt_time":1490976107673300,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":645,"flow_src_tot_l4_payload_len":6604,"flow_dst_tot_l4_payload_len":1412,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01088{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":11,"flow_first_seen":1490976089239508,"flow_src_last_pkt_time":1490976111839243,"flow_dst_last_pkt_time":1490976111837462,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":501,"flow_src_tot_l4_payload_len":9374,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01087{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1490976114885072,"flow_src_last_pkt_time":1490976117017810,"flow_dst_last_pkt_time":1490976117015060,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":3384,"flow_dst_tot_l4_payload_len":655,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01087{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1490976114894065,"flow_src_last_pkt_time":1490976116921018,"flow_dst_last_pkt_time":1490976116919339,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":565,"flow_src_tot_l4_payload_len":2020,"flow_dst_tot_l4_payload_len":703,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01089{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1490976114906930,"flow_src_last_pkt_time":1490976117017178,"flow_dst_last_pkt_time":1490976117015012,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1093,"flow_src_tot_l4_payload_len":3384,"flow_dst_tot_l4_payload_len":1231,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01087{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1490976114921759,"flow_src_last_pkt_time":1490976117016896,"flow_dst_last_pkt_time":1490976117014871,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":501,"flow_src_tot_l4_payload_len":1972,"flow_dst_tot_l4_payload_len":639,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01087{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":8,"flow_first_seen":1490976114940294,"flow_src_last_pkt_time":1490976120960098,"flow_dst_last_pkt_time":1490976120957858,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":501,"flow_src_tot_l4_payload_len":4892,"flow_dst_tot_l4_payload_len":639,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":13,"flow_first_seen":1490976030894150,"flow_src_last_pkt_time":1490976194743282,"flow_dst_last_pkt_time":1490976194740400,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":9283,"flow_dst_tot_l4_payload_len":4582,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01087{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1490976150029230,"flow_src_last_pkt_time":1490976164211909,"flow_dst_last_pkt_time":1490976164210095,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":698,"flow_dst_max_l4_payload_len":565,"flow_src_tot_l4_payload_len":1694,"flow_dst_tot_l4_payload_len":1268,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01087{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1490976158680003,"flow_src_last_pkt_time":1490976164214328,"flow_dst_last_pkt_time":1490976164210237,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":485,"flow_src_tot_l4_payload_len":2190,"flow_dst_tot_l4_payload_len":623,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976114879774,"flow_src_last_pkt_time":1490976114879774,"flow_dst_last_pkt_time":1490976114880618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01087{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":7,"flow_first_seen":1490976169531098,"flow_src_last_pkt_time":1490976175920517,"flow_dst_last_pkt_time":1490976175918861,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":805,"flow_src_tot_l4_payload_len":1940,"flow_dst_tot_l4_payload_len":943,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976186818047,"flow_src_last_pkt_time":1490976186818047,"flow_dst_last_pkt_time":1490976186879188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","proto_id":"5.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976071312877,"flow_src_last_pkt_time":1490976071312877,"flow_dst_last_pkt_time":1490976071389601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAlexa","proto_id":"5.110","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976195921499,"flow_src_last_pkt_time":1490976195921499,"flow_dst_last_pkt_time":1490976195980743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":155,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":155,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976187242775,"flow_src_last_pkt_time":1490976187242775,"flow_dst_last_pkt_time":1490976187508361,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAlexa","proto_id":"5.110","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00770{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1490976029756146,"flow_src_last_pkt_time":1490976030370083,"flow_dst_last_pkt_time":1490976171313736,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":588,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":945,"flow_dst_tot_l4_payload_len":4079,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01186{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1490976165062082,"flow_src_last_pkt_time":1490976175921125,"flow_dst_last_pkt_time":1490976175918995,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1290,"flow_dst_max_l4_payload_len":197,"flow_src_tot_l4_payload_len":2813,"flow_dst_tot_l4_payload_len":532,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976164994460,"flow_src_last_pkt_time":1490976164994460,"flow_dst_last_pkt_time":1490976165058589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAlexa","proto_id":"5.110","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976195484942,"flow_src_last_pkt_time":1490976195484942,"flow_dst_last_pkt_time":1490976195524157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976196840676,"flow_src_last_pkt_time":1490976196840676,"flow_dst_last_pkt_time":1490976196938799,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976093238253,"flow_src_last_pkt_time":1490976093238253,"flow_dst_last_pkt_time":1490976093355795,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":79,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":79,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00976{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1490976115905314,"flow_src_last_pkt_time":1490976120950142,"flow_dst_last_pkt_time":1490976120949042,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":395,"flow_src_tot_l4_payload_len":9842,"flow_dst_tot_l4_payload_len":946,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+00912{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976116084560,"flow_src_last_pkt_time":1490976117005965,"flow_dst_last_pkt_time":1490976117004804,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00762{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976116084560,"flow_src_last_pkt_time":1490976117005965,"flow_dst_last_pkt_time":1490976117004804,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01184{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1490976196016602,"flow_src_last_pkt_time":1490976196282103,"flow_dst_last_pkt_time":1490976196280788,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":490,"flow_dst_max_l4_payload_len":597,"flow_src_tot_l4_payload_len":760,"flow_dst_tot_l4_payload_len":735,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+01108{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":28,"flow_first_seen":1490976067968666,"flow_src_last_pkt_time":1490976071076849,"flow_dst_last_pkt_time":1490976168824692,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3760,"flow_dst_tot_l4_payload_len":23045,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976133936541,"flow_src_last_pkt_time":1490976133936541,"flow_dst_last_pkt_time":1490976134135541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":210,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1490976195633256,"flow_src_last_pkt_time":1490976195989130,"flow_dst_last_pkt_time":1490976195979036,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1368,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1840,"flow_dst_tot_l4_payload_len":4742,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00773{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1490976090991595,"flow_src_last_pkt_time":1490976094931678,"flow_dst_last_pkt_time":1490976094927244,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":700,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":1041,"flow_dst_tot_l4_payload_len":4216,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00910{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976091048429,"flow_src_last_pkt_time":1490976094931528,"flow_dst_last_pkt_time":1490976094927214,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":7,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":7,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00760{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976091048429,"flow_src_last_pkt_time":1490976094931528,"flow_dst_last_pkt_time":1490976094927214,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":7,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":7,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00774{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":1490976100859650,"flow_src_last_pkt_time":1490976107676181,"flow_dst_last_pkt_time":1490976107673171,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":698,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":1071,"flow_dst_tot_l4_payload_len":4247,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976041806940,"flow_src_last_pkt_time":1490976041806940,"flow_dst_last_pkt_time":1490976041938819,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976090796987,"flow_src_last_pkt_time":1490976090796987,"flow_dst_last_pkt_time":1490976090982120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":89,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":89,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","proto_id":"5.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976041770147,"flow_src_last_pkt_time":1490976041770147,"flow_dst_last_pkt_time":1490976041866893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","proto_id":"5.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976027733585,"flow_src_last_pkt_time":1490976027826378,"flow_dst_last_pkt_time":1490976027824538,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":83,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":83,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":35540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck"}}
+00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976035502440,"flow_src_last_pkt_time":1490976035502440,"flow_dst_last_pkt_time":1490976035549103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":154,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","proto_id":"5.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976029184743,"flow_src_last_pkt_time":1490976029184743,"flow_dst_last_pkt_time":1490976029244910,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01220{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":30,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196880268,"flow_dst_last_pkt_time":1490976196870225,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":666,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1652,"flow_dst_tot_l4_payload_len":23158,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976024857901,"flow_src_last_pkt_time":1490976024994180,"flow_dst_last_pkt_time":1490976024992071,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":83,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":83,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck"}}
+00948{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1490976041428918,"flow_src_last_pkt_time":1490976168813075,"flow_dst_last_pkt_time":1490976041428918,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00763{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1490976041428918,"flow_src_last_pkt_time":1490976168813075,"flow_dst_last_pkt_time":1490976041428918,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00948{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1490976041680864,"flow_src_last_pkt_time":1490976168960939,"flow_dst_last_pkt_time":1490976041680864,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00763{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1490976041680864,"flow_src_last_pkt_time":1490976168960939,"flow_dst_last_pkt_time":1490976041680864,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976030681470,"flow_src_last_pkt_time":1490976030681470,"flow_dst_last_pkt_time":1490976030890027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00948{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1490976085883325,"flow_src_last_pkt_time":1490976149040436,"flow_dst_last_pkt_time":1490976085883325,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00764{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1490976085883325,"flow_src_last_pkt_time":1490976149040436,"flow_dst_last_pkt_time":1490976085883325,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00974{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1490976082723840,"flow_src_last_pkt_time":1490976084872619,"flow_dst_last_pkt_time":1490976084868918,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":395,"flow_src_tot_l4_payload_len":4313,"flow_dst_tot_l4_payload_len":707,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+00911{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976082964100,"flow_src_last_pkt_time":1490976084873178,"flow_dst_last_pkt_time":1490976084869056,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00761{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976082964100,"flow_src_last_pkt_time":1490976084873178,"flow_dst_last_pkt_time":1490976084869056,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00976{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1490976090572590,"flow_src_last_pkt_time":1490976094931147,"flow_dst_last_pkt_time":1490976094927057,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":395,"flow_src_tot_l4_payload_len":11915,"flow_dst_tot_l4_payload_len":551,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+00912{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1490976100559988,"flow_src_last_pkt_time":1490976107681564,"flow_dst_last_pkt_time":1490976107679608,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00762{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1490976100559988,"flow_src_last_pkt_time":1490976107681564,"flow_dst_last_pkt_time":1490976107679608,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00975{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1490976100811415,"flow_src_last_pkt_time":1490976107676587,"flow_dst_last_pkt_time":1490976107673906,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":395,"flow_src_tot_l4_payload_len":6872,"flow_dst_tot_l4_payload_len":551,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+01107{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":19,"flow_first_seen":1490976093358419,"flow_src_last_pkt_time":1490976194991511,"flow_dst_last_pkt_time":1490976194990539,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3186,"flow_dst_tot_l4_payload_len":4131,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976024793542,"flow_src_last_pkt_time":1490976024793542,"flow_dst_last_pkt_time":1490976024844591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":75,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976027522377,"flow_src_last_pkt_time":1490976027522377,"flow_dst_last_pkt_time":1490976027523403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976067916709,"flow_src_last_pkt_time":1490976067916709,"flow_dst_last_pkt_time":1490976067965373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00946{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976085891455,"flow_src_last_pkt_time":1490976085891455,"flow_dst_last_pkt_time":1490976085978559,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00761{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976085891455,"flow_src_last_pkt_time":1490976085891455,"flow_dst_last_pkt_time":1490976085978559,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01227{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":9,"flow_first_seen":1490976027567694,"flow_src_last_pkt_time":1490976028006787,"flow_dst_last_pkt_time":1490976027999334,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":936,"flow_dst_tot_l4_payload_len":501,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976064333083,"flow_src_last_pkt_time":1490976064333083,"flow_dst_last_pkt_time":1490976064448088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01107{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":20,"flow_first_seen":1490976029248822,"flow_src_last_pkt_time":1490976152630776,"flow_dst_last_pkt_time":1490976152042248,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5474,"flow_dst_tot_l4_payload_len":6876,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976195545666,"flow_src_last_pkt_time":1490976195545666,"flow_dst_last_pkt_time":1490976195628315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","proto_id":"5.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+00774{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1490976080485167,"flow_src_last_pkt_time":1490976081484636,"flow_dst_last_pkt_time":1490976081482994,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":884,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2154,"flow_dst_tot_l4_payload_len":5486,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976029669574,"flow_src_last_pkt_time":1490976029669574,"flow_dst_last_pkt_time":1490976029753315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00583{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3103,"source":"alexa-app.pcapng","alias":"nDPId-test","packets-captured":3103,"packets-processed":3074,"total-skipped-flows":0,"total-l4-payload-len":987205,"total-not-detected-flows":0,"total-guessed-flows":14,"total-detected-flows":146,"total-detection-updates":150,"total-updates":77,"current-active-flows":0,"total-active-flows":160,"total-idle-flows":160,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1422,"global_ts_usec":1490976198776068}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
-~~ packets captured/processed: 3435/3406
+~~ packets captured/processed: 3103/3074
 ~~ skipped flows.............: 0
-~~ total layer4 data length..: 1226087 bytes
+~~ total layer4 data length..: 987205 bytes
 ~~ total detected protocols..: 146
 ~~ total active/idle flows...: 160/160
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 7494948 bytes
-~~ total memory freed........: 7494948 bytes
-~~ total allocations/frees...: 128467/128467
+~~ total memory allocated....: 7491581 bytes
+~~ total memory freed........: 7491581 bytes
+~~ total allocations/frees...: 128157/128157
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 292 chars
 ~~ json string max len.......: 2470 chars
diff --git a/test/results/alicloud.pcap.out b/test/results/alicloud.pcap.out
index ac9c462ef..10fb716ff 100644
--- a/test/results/alicloud.pcap.out
+++ b/test/results/alicloud.pcap.out
@@ -141,9 +141,9 @@
 ~~ total active/idle flows...: 15/15
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6474191 bytes
-~~ total memory freed........: 6474191 bytes
-~~ total allocations/frees...: 122830/122830
+~~ total memory allocated....: 6479208 bytes
+~~ total memory freed........: 6479208 bytes
+~~ total allocations/frees...: 122840/122840
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 493 chars
 ~~ json string max len.......: 962 chars
diff --git a/test/results/among_us.pcap.out b/test/results/among_us.pcap.out
index c68eb83a5..40ac49b38 100644
--- a/test/results/among_us.pcap.out
+++ b/test/results/among_us.pcap.out
@@ -13,9 +13,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411775 bytes
-~~ total memory freed........: 6411775 bytes
-~~ total allocations/frees...: 122437/122437
+~~ total memory allocated....: 6416680 bytes
+~~ total memory freed........: 6416680 bytes
+~~ total allocations/frees...: 122447/122447
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 936 chars
diff --git a/test/results/amqp.pcap.out b/test/results/amqp.pcap.out
index ee5a37a50..a8ca72783 100644
--- a/test/results/amqp.pcap.out
+++ b/test/results/amqp.pcap.out
@@ -34,9 +34,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6426130 bytes
-~~ total memory freed........: 6426130 bytes
-~~ total allocations/frees...: 122621/122621
+~~ total memory allocated....: 6431051 bytes
+~~ total memory freed........: 6431051 bytes
+~~ total allocations/frees...: 122631/122631
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 2117 chars
diff --git a/test/results/android.pcap.out b/test/results/android.pcap.out
index 408bd7c01..774274408 100644
--- a/test/results/android.pcap.out
+++ b/test/results/android.pcap.out
@@ -441,9 +441,9 @@
 ~~ total active/idle flows...: 63/63
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6779404 bytes
-~~ total memory freed........: 6779404 bytes
-~~ total allocations/frees...: 123873/123873
+~~ total memory allocated....: 6784825 bytes
+~~ total memory freed........: 6784825 bytes
+~~ total allocations/frees...: 123886/123886
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 2614 chars
diff --git a/test/results/anyconnect-vpn.pcap.out b/test/results/anyconnect-vpn.pcap.out
index fa7745555..aedcef441 100644
--- a/test/results/anyconnect-vpn.pcap.out
+++ b/test/results/anyconnect-vpn.pcap.out
@@ -466,9 +466,9 @@
 ~~ total active/idle flows...: 69/69
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6715935 bytes
-~~ total memory freed........: 6715935 bytes
-~~ total allocations/frees...: 126259/126259
+~~ total memory allocated....: 6721412 bytes
+~~ total memory freed........: 6721412 bytes
+~~ total allocations/frees...: 126270/126270
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 2644 chars
diff --git a/test/results/anydesk.pcapng.out b/test/results/anydesk.pcapng.out
index 10391f916..a50e8270c 100644
--- a/test/results/anydesk.pcapng.out
+++ b/test/results/anydesk.pcapng.out
@@ -18,65 +18,65 @@
 01814{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342199532151,"flow_dst_last_pkt_time":1591342199532596,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":2600,"midstream":0,"thread_ts_usec":1591342199532596,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","tls": {"version":"TLSv1.2","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3"}}}
 01970{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":40,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342201135977,"flow_dst_last_pkt_time":1591342202739154,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5696,"flow_dst_tot_l4_payload_len":5521,"midstream":0,"thread_ts_usec":1591342202739154,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":176540.0,"max":1602919,"stddev":394272.9,"var":155451113472.0,"ent":2.8,"data": [164805,164917,612,1082,165028,165426,485,455,339,338,1756,2021,164886,165169,210,191,219,307,218569,218677,606,928,1215453,1216321,7,87,855,7,2,1602919,62]},"pktlen": {"min":40,"avg":392.7,"max":1500,"stddev":555.2,"var":308238.0,"ent":3.8,"data": [60,46,40,303,46,1340,40,1340,40,46,40,1134,46,91,40,80,40,186,46,186,40,111,46,119,1500,1500,1242,46,46,46,1500,1180]},"bins": {"c_to_s": [8,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,2,0,0],"s_to_c": [9,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,2,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,1,1],"entropies": [4.772595406,4.903359890,4.834184170,5.369554996,4.390828609,7.460080147,4.834184170,7.770876408,4.834184170,4.609350204,4.734183788,7.619944096,4.390829086,5.750715733,4.765311718,5.803060055,4.765311718,6.743920803,4.390828609,6.830827713,4.834184170,6.275036812,4.434307098,6.390825272,7.863389492,7.871673107,7.811679363,4.390829086,4.390829086,4.390829086,7.887207985,7.841894150]}}
 01818{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":40,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342201135977,"flow_dst_last_pkt_time":1591342202739154,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5696,"flow_dst_tot_l4_payload_len":5521,"midstream":0,"thread_ts_usec":1591342202739154,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","tls": {"version":"TLSv1.2","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3"}}}
-00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6964,"source":"anydesk.pcapng","alias":"nDPId-test","packets-captured":6964,"packets-processed":6963,"total-skipped-flows":0,"total-l4-payload-len":2418022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1613977585247036}
-00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6964,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585247036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977585247036,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6964,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585247036,"flow_idle_time":200000000,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1613977585247036,"pkt":"EBMx8Tl22MuK4S0uCABFAABM5C0AAIARAADAqAG7wKgBAeh3ADUAOIRW7CIBAAABAAAAAAAADnJlbGF5LTMxODVhODQ3A25ldAdhbnlkZXNrA2NvbQAAAQAB"}
-01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6964,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585247036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977585247036,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","proto_id":"5.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"relay-3185a847.net.anydesk.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6965,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585260893,"flow_idle_time":200000000,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1613977585260893,"pkt":"2MuK4S0uEBMx8Tl2CABFAABcjnRAADkRLxDAqAEBwKgBuwA16HcASAAA7CKBgAABAAEAAAAADnJlbGF5LTMxODVhODQ3A25ldAdhbnlkZXNrA2NvbQAAAQABwAwAAQABAADSNAAEJT3fDw=="}
-01080{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6965,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585260893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1613977585260893,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","proto_id":"5.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"relay-3185a847.net.anydesk.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"37.61.223.15"}}}
-00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6966,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585542630,"flow_src_last_pkt_time":1613977585542630,"flow_dst_last_pkt_time":1613977585542630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977585542630,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6966,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1613977585542630,"flow_dst_last_pkt_time":1613977585542630,"flow_idle_time":200000000,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1613977585542630,"pkt":"EBMx8Tl22MuK4S0uCABFAABM5C4AAIARAADAqAG7wKgBAdhQADUAOIRW6okBAAABAAAAAAAADnJlbGF5LTliNjgyN2YyA25ldAdhbnlkZXNrA2NvbQAAAQAB"}
-01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6966,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585542630,"flow_src_last_pkt_time":1613977585542630,"flow_dst_last_pkt_time":1613977585542630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977585542630,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","proto_id":"5.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"relay-9b6827f2.net.anydesk.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6967,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1613977585542630,"flow_dst_last_pkt_time":1613977585553797,"flow_idle_time":200000000,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1613977585553797,"pkt":"2MuK4S0uEBMx8Tl2CABFAABcBhBAADkRt3TAqAEBwKgBuwA12FAASAAA6omBgAABAAEAAAAADnJlbGF5LTliNjgyN2YyA25ldAdhbnlkZXNrA2NvbQAAAQABwAwAAQABAABtXAAEisckcw=="}
-01082{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6967,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613977585542630,"flow_src_last_pkt_time":1613977585542630,"flow_dst_last_pkt_time":1613977585553797,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1613977585553797,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","proto_id":"5.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"relay-9b6827f2.net.anydesk.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"138.199.36.115"}}}
-01078{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6968,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1591342198821353,"flow_src_last_pkt_time":1591342244652502,"flow_dst_last_pkt_time":1591342244652493,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":159,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":355,"midstream":1,"thread_ts_usec":1613977585553797,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-01461{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6968,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2942,"flow_dst_packets_processed":4001,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342255171414,"flow_dst_last_pkt_time":1591342255171331,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":16215,"flow_dst_tot_l4_payload_len":2401200,"midstream":0,"thread_ts_usec":1613977585553797,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6968,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977595379986,"flow_dst_last_pkt_time":1613977595379986,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977595379986,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6968,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1613977595379986,"flow_dst_last_pkt_time":1613977595379986,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1613977595379986,"pkt":"KDc3AG3I2MuK4S0uCABFAAA0dDNAAIAGAADAqAG7wKgBstOUG56PGHtIAAAAAIAC+vCE5AAAAgQFtAEDAwgBAQQC"}
-00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6969,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1613977595379986,"flow_dst_last_pkt_time":1613977595380477,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1613977595380477,"pkt":"2MuK4S0uKDc3AG3ICABFAAA0AABAAEAGtgbAqAGywKgBuxue05RZw\/OWjxh7SYAS\/\/+kVwAAAgQFtAEDAwUEAgAA"}
-00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6970,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1613977595380515,"flow_dst_last_pkt_time":1613977595380477,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1613977595380515,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodDRAAIAGAADAqAG7wKgBstOUG56PGHtJWcPzl1AQBAKE2AAA"}
-00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6971,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1613977595380848,"flow_dst_last_pkt_time":1613977595380477,"flow_idle_time":3285032704,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1613977595380848,"pkt":"KDc3AG3I2MuK4S0uCABFAAEddDVAAIAGAADAqAG7wKgBstOUG56PGHtJWcPzl1AYBAKFzQAAFgMBAPABAADsAwNj3AGBpT3DvXWxFVWt8lyInfOzaE5lLOK0P1RS+v5ukgAAbsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANsAywC7AKsAmwA\/ABQCdAD0ANcAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMMAxwC3AKcAlwA7ABACcADwALwD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="}
-01411{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6971,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977595380848,"flow_dst_last_pkt_time":1613977595380477,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977595380848,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6972,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1613977595380848,"flow_dst_last_pkt_time":1613977595380908,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1613977595380908,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGthLAqAGywKgBuxue05RZw\/OXjxh7SVAQIADEJgAAAAAAAAAA"}
-01734{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6974,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977595380848,"flow_dst_last_pkt_time":1613977595391710,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1613977595391710,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","tls": {"version":"TLSv1.2","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"ee644a8a34c434abca4b737ec1d9efad","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0"}}}
-00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6977,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977595407425,"flow_src_last_pkt_time":1613977595407425,"flow_dst_last_pkt_time":1613977595407425,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977595407425,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6977,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1613977595407425,"flow_dst_last_pkt_time":1613977595407425,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1613977595407425,"pkt":"2MuK4S0uKDc3AG3ICABFAABAAABAAEAGtfrAqAGywKgBu8tHG54tLA3cAAAAALAC\/\/97PgAAAgQFtAEDAwUBAQgKHE34xQAAAAAEAgAA"}
-00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6978,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1613977595407425,"flow_dst_last_pkt_time":1613977595407489,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1613977595407489,"pkt":"KDc3AG3I2MuK4S0uCABFAAA0dDlAAIAGAADAqAG7wKgBshuey0dV\/SLKLSwN3YAS\/\/+E5AAAAgQFtAEDAwgBAQQC"}
-00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6979,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1613977595407676,"flow_dst_last_pkt_time":1613977595407489,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1613977595407676,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGthLAqAGywKgBu8tHG54tLA3dVf0iy1AQIABwXwAAAAAAAAAA"}
-00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6980,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595407489,"flow_idle_time":3285032704,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":317,"pkt_l4_len":283,"thread_ts_usec":1613977595408312,"pkt":"2MuK4S0uKDc3AG3ICABFAAEvAABAAEAGtQvAqAGywKgBu8tHG54tLA3dVf0iy1AYIAC+RgAAFgMBAQIBAAD+AwM5xa94fzbZMZS38bcet4LQXQHW847W4Z2LW\/3GqgPjFAAAgMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANsAywC7AKsAmwA\/ABQCdAD0ANcAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMMAxwC3AKcAlwA7ABACcADwAL8ASwAgAFgATABAADcANwAMACgD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="}
-01411{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6980,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1613977595407425,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595407489,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977595408312,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6986,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595463648,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1613977595463648,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodEFAAIAGAADAqAG7wKgBshuey0dV\/SLLLSwO5FAQIBSE2AAA"}
-01831{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6987,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1613977595407425,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595549041,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":813,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":813,"midstream":0,"thread_ts_usec":1613977595549041,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","tls": {"version":"TLSv1.2","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"4b505adfb4a921c5a3a39d293b0811e1","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E"}}}
-02652{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":7014,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977601740964,"flow_dst_last_pkt_time":1613977601737415,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3926,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5712,"flow_dst_tot_l4_payload_len":2727,"midstream":0,"thread_ts_usec":1613977601740964,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":410271.2,"max":3021750,"stddev":825943.1,"var":682181918720.0,"ent":2.9,"data": [491,529,333,431,328,10474,0,10878,39566,40320,8749,0,9516,516873,517463,1553,27804,26175,2358,56316,902900,957284,0,0,1754245,1753698,16355,71246,2966766,3021750,4006]},"pktlen": {"min":40,"avg":306.3,"max":3966,"stddev":747.4,"var":558552.1,"ent":3.1,"data": [52,52,40,285,46,46,1500,183,40,1326,46,954,80,40,87,46,75,74,46,74,40,3966,46,46,46,79,46,141,40,99,46,116]},"bins": {"c_to_s": [6,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1],"s_to_c": [11,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,1,1,0,0,1,1,1,0,1,1,0,0,1,0],"entropies": [4.461627960,4.714205742,4.680641174,5.380415440,4.190888405,4.260394573,7.726966381,6.171197891,4.680641174,7.726874828,4.303872585,7.788730145,5.640313625,4.630640984,5.698182583,4.200505257,5.465894222,5.550601006,4.303872585,5.570474148,4.680640697,7.956365585,4.157026768,4.303872585,4.190888405,5.661315441,4.260394096,6.538077354,4.630641460,6.000421047,4.260393620,6.241518974]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9485,"source":"anydesk.pcapng","alias":"nDPId-test","packets-captured":9485,"packets-processed":9484,"total-skipped-flows":0,"total-l4-payload-len":4424268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":7,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_usec":1663090549161771}
-00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9485,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549161771,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9485,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549161771,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8b6ZAAEAGlofAqAGAw7WusLyEAbsbAqeoAAAAAKAC+vBE2wAAAgQFtAQCCAo49hnFAAAAAAEDAwc="}
-00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9486,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549179486,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADYGEC7Dta6wwKgBgAG7vIT\/L0tlGwKnqaAS\/ogbxgAAAgQFtAQCCAqczD4KOPYZxQEDAwc="}
-00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9487,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1663090549179586,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549179586,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0b6dAAEAGlo7AqAGAw7WusLyEAbsbAqep\/y9LZoAQAfZHFAAAAQEICjj2GdaczD4K"}
-00905{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9488,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1663090549180495,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":3285032704,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":355,"pkt_l4_len":321,"thread_ts_usec":1663090549180495,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAFVb6hAAEAGlWzAqAGAw7WusLyEAbsbAqep\/y9LZoAYAfYShgAAAQEICjj2GdeczD4KFgMBARwBAAEYAwPezn7TVz\/Q\/8BnfJIGEA0lTFPiRL5wdTC0FDXR7VNhOwAAgMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANsAywC7AKsAmwA\/ABQCdAD0ANcAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMMAxwC3AKcAlwA7ABACcADwAL8ASwAgAFgATABAADcANwAMACgD\/AQAAbwALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQEAEAAWABQTYW55ZGVzay82LjIuMC9saW51eA=="}
-01464{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9488,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549180495,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549180495,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","tls": {"version":"TLSv1.2","ja3":"29b5a018fa5992fe23560c16af0dc9fc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"anydesk\/6.2.0\/linux"}}}
-00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9489,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1663090549180495,"flow_dst_last_pkt_time":1663090549197307,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549197307,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA08UVAADYGHvDDta6wwKgBgAG7vIT\/L0tmGwKoyoAQAftF2wAAAQEICpzMPhw49hnX"}
-01526{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9490,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549180495,"flow_dst_last_pkt_time":1663090549200737,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1663090549200737,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","tls": {"version":"TLSv1.2","ja3":"29b5a018fa5992fe23560c16af0dc9fc","ja3s":"e58f0b3c1e9eefb8ee4f92aeceee5858","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"anydesk\/6.2.0\/linux"}}}
-01729{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9492,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549200799,"flow_dst_last_pkt_time":1663090549200825,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1663090549200825,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","tls": {"version":"TLSv1.2","ja3":"29b5a018fa5992fe23560c16af0dc9fc","ja3s":"e58f0b3c1e9eefb8ee4f92aeceee5858","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","advertised_alpns":"anydesk\/6.2.0\/linux","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3"}}}
-02529{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":9516,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090558034917,"flow_dst_last_pkt_time":1663090558365585,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5817,"flow_dst_tot_l4_payload_len":3029,"midstream":0,"thread_ts_usec":1663090558365585,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":583127.8,"max":8444631,"stddev":2063627.1,"var":4258557067264.0,"ent":1.5,"data": [17715,17815,909,17821,3430,20304,88,41,3772,21850,18137,104,44,888,64188,13442,76786,1527,18418,206643,224790,16,4,18683,18,62779,11,80221,8427892,8444631,313993]},"pktlen": {"min":52,"avg":328.9,"max":1500,"stddev":495.5,"var":245485.5,"ent":3.8,"data": [60,60,52,341,52,1500,52,1132,52,1146,103,52,92,52,199,52,198,52,137,52,145,1500,1500,1273,52,52,92,90,52,137,52,145]},"bins": {"c_to_s": [8,0,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,2,0,0],"s_to_c": [7,4,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,1,0,0,1,1],"entropies": [4.759216309,5.287539482,5.061608315,5.575212479,5.085552692,7.541802406,5.085552692,7.720355034,5.138531685,7.691242218,6.017449379,5.100070000,6.076607704,5.061608315,6.938662529,5.176993370,6.939621925,5.176993370,6.553288460,5.176993370,6.578802109,7.876228809,7.874102592,7.832963467,5.176993370,5.176993370,6.054868221,5.938801765,5.138531685,6.484602451,5.215455055,6.623850822]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00770{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9521,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1613977595407425,"flow_src_last_pkt_time":1613977595964011,"flow_dst_last_pkt_time":1613977595963376,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1286,"flow_dst_max_l4_payload_len":914,"flow_src_tot_l4_payload_len":1549,"flow_dst_tot_l4_payload_len":1767,"midstream":0,"thread_ts_usec":1663090558383202,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01458{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9521,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":947,"flow_dst_packets_processed":1555,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977618224574,"flow_dst_last_pkt_time":1613977618224857,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5506,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1977868,"flow_dst_tot_l4_payload_len":24838,"midstream":0,"thread_ts_usec":1663090558383202,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9521,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613977585542630,"flow_src_last_pkt_time":1613977585542630,"flow_dst_last_pkt_time":1613977585553797,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1663090558383202,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","proto_id":"5.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9521,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585260893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1663090558383202,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","proto_id":"5.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01323{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9538,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":27,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090607951443,"flow_dst_last_pkt_time":1663090607968067,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5903,"flow_dst_tot_l4_payload_len":3063,"midstream":0,"thread_ts_usec":1663090607968067,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9538,"source":"anydesk.pcapng","alias":"nDPId-test","packets-captured":9538,"packets-processed":9538,"total-skipped-flows":0,"total-l4-payload-len":4433234,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_usec":1663090607968067}
+00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"anydesk.pcapng","alias":"nDPId-test","packets-captured":62,"packets-processed":61,"total-skipped-flows":0,"total-l4-payload-len":14319,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1613977585247036}
+00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585247036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977585247036,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585247036,"flow_idle_time":200000000,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1613977585247036,"pkt":"EBMx8Tl22MuK4S0uCABFAABM5C0AAIARAADAqAG7wKgBAeh3ADUAOIRW7CIBAAABAAAAAAAADnJlbGF5LTMxODVhODQ3A25ldAdhbnlkZXNrA2NvbQAAAQAB"}
+01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585247036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977585247036,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","proto_id":"5.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"relay-3185a847.net.anydesk.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585260893,"flow_idle_time":200000000,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1613977585260893,"pkt":"2MuK4S0uEBMx8Tl2CABFAABcjnRAADkRLxDAqAEBwKgBuwA16HcASAAA7CKBgAABAAEAAAAADnJlbGF5LTMxODVhODQ3A25ldAdhbnlkZXNrA2NvbQAAAQABwAwAAQABAADSNAAEJT3fDw=="}
+01078{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585260893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1613977585260893,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","proto_id":"5.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"relay-3185a847.net.anydesk.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"37.61.223.15"}}}
+00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585542630,"flow_src_last_pkt_time":1613977585542630,"flow_dst_last_pkt_time":1613977585542630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977585542630,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1613977585542630,"flow_dst_last_pkt_time":1613977585542630,"flow_idle_time":200000000,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1613977585542630,"pkt":"EBMx8Tl22MuK4S0uCABFAABM5C4AAIARAADAqAG7wKgBAdhQADUAOIRW6okBAAABAAAAAAAADnJlbGF5LTliNjgyN2YyA25ldAdhbnlkZXNrA2NvbQAAAQAB"}
+01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585542630,"flow_src_last_pkt_time":1613977585542630,"flow_dst_last_pkt_time":1613977585542630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977585542630,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","proto_id":"5.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"relay-9b6827f2.net.anydesk.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1613977585542630,"flow_dst_last_pkt_time":1613977585553797,"flow_idle_time":200000000,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1613977585553797,"pkt":"2MuK4S0uEBMx8Tl2CABFAABcBhBAADkRt3TAqAEBwKgBuwA12FAASAAA6omBgAABAAEAAAAADnJlbGF5LTliNjgyN2YyA25ldAdhbnlkZXNrA2NvbQAAAQABwAwAAQABAABtXAAEisckcw=="}
+01080{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613977585542630,"flow_src_last_pkt_time":1613977585542630,"flow_dst_last_pkt_time":1613977585553797,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1613977585553797,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","proto_id":"5.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"relay-9b6827f2.net.anydesk.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"138.199.36.115"}}}
+01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1591342198821353,"flow_src_last_pkt_time":1591342244652502,"flow_dst_last_pkt_time":1591342244652493,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":159,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":355,"midstream":1,"thread_ts_usec":1613977585553797,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+01451{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":22,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342209805588,"flow_dst_last_pkt_time":1591342209768308,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5797,"flow_dst_tot_l4_payload_len":7915,"midstream":0,"thread_ts_usec":1613977585553797,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
+00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977595379986,"flow_dst_last_pkt_time":1613977595379986,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977595379986,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1613977595379986,"flow_dst_last_pkt_time":1613977595379986,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1613977595379986,"pkt":"KDc3AG3I2MuK4S0uCABFAAA0dDNAAIAGAADAqAG7wKgBstOUG56PGHtIAAAAAIAC+vCE5AAAAgQFtAEDAwgBAQQC"}
+00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1613977595379986,"flow_dst_last_pkt_time":1613977595380477,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1613977595380477,"pkt":"2MuK4S0uKDc3AG3ICABFAAA0AABAAEAGtgbAqAGywKgBuxue05RZw\/OWjxh7SYAS\/\/+kVwAAAgQFtAEDAwUEAgAA"}
+00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1613977595380515,"flow_dst_last_pkt_time":1613977595380477,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1613977595380515,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodDRAAIAGAADAqAG7wKgBstOUG56PGHtJWcPzl1AQBAKE2AAA"}
+00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1613977595380848,"flow_dst_last_pkt_time":1613977595380477,"flow_idle_time":3285032704,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1613977595380848,"pkt":"KDc3AG3I2MuK4S0uCABFAAEddDVAAIAGAADAqAG7wKgBstOUG56PGHtJWcPzl1AYBAKFzQAAFgMBAPABAADsAwNj3AGBpT3DvXWxFVWt8lyInfOzaE5lLOK0P1RS+v5ukgAAbsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANsAywC7AKsAmwA\/ABQCdAD0ANcAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMMAxwC3AKcAlwA7ABACcADwALwD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="}
+01409{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977595380848,"flow_dst_last_pkt_time":1613977595380477,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977595380848,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1613977595380848,"flow_dst_last_pkt_time":1613977595380908,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1613977595380908,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGthLAqAGywKgBuxue05RZw\/OXjxh7SVAQIADEJgAAAAAAAAAA"}
+01732{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977595380848,"flow_dst_last_pkt_time":1613977595391710,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1613977595391710,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","tls": {"version":"TLSv1.2","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"ee644a8a34c434abca4b737ec1d9efad","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0"}}}
+00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977595407425,"flow_src_last_pkt_time":1613977595407425,"flow_dst_last_pkt_time":1613977595407425,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977595407425,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1613977595407425,"flow_dst_last_pkt_time":1613977595407425,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1613977595407425,"pkt":"2MuK4S0uKDc3AG3ICABFAABAAABAAEAGtfrAqAGywKgBu8tHG54tLA3cAAAAALAC\/\/97PgAAAgQFtAEDAwUBAQgKHE34xQAAAAAEAgAA"}
+00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1613977595407425,"flow_dst_last_pkt_time":1613977595407489,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1613977595407489,"pkt":"KDc3AG3I2MuK4S0uCABFAAA0dDlAAIAGAADAqAG7wKgBshuey0dV\/SLKLSwN3YAS\/\/+E5AAAAgQFtAEDAwgBAQQC"}
+00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1613977595407676,"flow_dst_last_pkt_time":1613977595407489,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1613977595407676,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGthLAqAGywKgBu8tHG54tLA3dVf0iy1AQIABwXwAAAAAAAAAA"}
+00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595407489,"flow_idle_time":3285032704,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":317,"pkt_l4_len":283,"thread_ts_usec":1613977595408312,"pkt":"2MuK4S0uKDc3AG3ICABFAAEvAABAAEAGtQvAqAGywKgBu8tHG54tLA3dVf0iy1AYIAC+RgAAFgMBAQIBAAD+AwM5xa94fzbZMZS38bcet4LQXQHW847W4Z2LW\/3GqgPjFAAAgMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANsAywC7AKsAmwA\/ABQCdAD0ANcAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMMAxwC3AKcAlwA7ABACcADwAL8ASwAgAFgATABAADcANwAMACgD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="}
+01409{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1613977595407425,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595407489,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977595408312,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595463648,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1613977595463648,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodEFAAIAGAADAqAG7wKgBshuey0dV\/SLLLSwO5FAQIBSE2AAA"}
+01829{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":85,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1613977595407425,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595549041,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":813,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":813,"midstream":0,"thread_ts_usec":1613977595549041,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","tls": {"version":"TLSv1.2","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"4b505adfb4a921c5a3a39d293b0811e1","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E"}}}
+02651{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":112,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977601740964,"flow_dst_last_pkt_time":1613977601737415,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3926,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5712,"flow_dst_tot_l4_payload_len":2727,"midstream":0,"thread_ts_usec":1613977601740964,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":410271.2,"max":3021750,"stddev":825943.1,"var":682181918720.0,"ent":2.9,"data": [491,529,333,431,328,10474,0,10878,39566,40320,8749,0,9516,516873,517463,1553,27804,26175,2358,56316,902900,957284,0,0,1754245,1753698,16355,71246,2966766,3021750,4006]},"pktlen": {"min":40,"avg":306.3,"max":3966,"stddev":747.4,"var":558552.1,"ent":3.1,"data": [52,52,40,285,46,46,1500,183,40,1326,46,954,80,40,87,46,75,74,46,74,40,3966,46,46,46,79,46,141,40,99,46,116]},"bins": {"c_to_s": [6,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1],"s_to_c": [11,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,1,1,0,0,1,1,1,0,1,1,0,0,1,0],"entropies": [4.461627960,4.714205742,4.680641174,5.380415440,4.190888405,4.260394573,7.726966381,6.171197891,4.680641174,7.726874828,4.303872585,7.788730145,5.640313625,4.630640984,5.698182583,4.200505257,5.465894222,5.550601006,4.303872585,5.570474148,4.680640697,7.956365585,4.157026768,4.303872585,4.190888405,5.661315441,4.260394096,6.538077354,4.630641460,6.000421047,4.260393620,6.241518974]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
+00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2583,"source":"anydesk.pcapng","alias":"nDPId-test","packets-captured":2583,"packets-processed":2582,"total-skipped-flows":0,"total-l4-payload-len":2020565,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":7,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_usec":1663090549161771}
+00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2583,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549161771,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2583,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549161771,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8b6ZAAEAGlofAqAGAw7WusLyEAbsbAqeoAAAAAKAC+vBE2wAAAgQFtAQCCAo49hnFAAAAAAEDAwc="}
+00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2584,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549179486,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADYGEC7Dta6wwKgBgAG7vIT\/L0tlGwKnqaAS\/ogbxgAAAgQFtAQCCAqczD4KOPYZxQEDAwc="}
+00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2585,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1663090549179586,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549179586,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0b6dAAEAGlo7AqAGAw7WusLyEAbsbAqep\/y9LZoAQAfZHFAAAAQEICjj2GdaczD4K"}
+00905{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2586,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1663090549180495,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":3285032704,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":355,"pkt_l4_len":321,"thread_ts_usec":1663090549180495,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAFVb6hAAEAGlWzAqAGAw7WusLyEAbsbAqep\/y9LZoAYAfYShgAAAQEICjj2GdeczD4KFgMBARwBAAEYAwPezn7TVz\/Q\/8BnfJIGEA0lTFPiRL5wdTC0FDXR7VNhOwAAgMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANsAywC7AKsAmwA\/ABQCdAD0ANcAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMMAxwC3AKcAlwA7ABACcADwAL8ASwAgAFgATABAADcANwAMACgD\/AQAAbwALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQEAEAAWABQTYW55ZGVzay82LjIuMC9saW51eA=="}
+01464{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2586,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549180495,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549180495,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","tls": {"version":"TLSv1.2","ja3":"29b5a018fa5992fe23560c16af0dc9fc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"anydesk\/6.2.0\/linux"}}}
+00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2587,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1663090549180495,"flow_dst_last_pkt_time":1663090549197307,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549197307,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA08UVAADYGHvDDta6wwKgBgAG7vIT\/L0tmGwKoyoAQAftF2wAAAQEICpzMPhw49hnX"}
+01526{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2588,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549180495,"flow_dst_last_pkt_time":1663090549200737,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1663090549200737,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","tls": {"version":"TLSv1.2","ja3":"29b5a018fa5992fe23560c16af0dc9fc","ja3s":"e58f0b3c1e9eefb8ee4f92aeceee5858","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"anydesk\/6.2.0\/linux"}}}
+01729{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2590,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549200799,"flow_dst_last_pkt_time":1663090549200825,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1663090549200825,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","tls": {"version":"TLSv1.2","ja3":"29b5a018fa5992fe23560c16af0dc9fc","ja3s":"e58f0b3c1e9eefb8ee4f92aeceee5858","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","advertised_alpns":"anydesk\/6.2.0\/linux","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3"}}}
+02529{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2614,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090558034917,"flow_dst_last_pkt_time":1663090558365585,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5817,"flow_dst_tot_l4_payload_len":3029,"midstream":0,"thread_ts_usec":1663090558365585,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":583127.8,"max":8444631,"stddev":2063627.1,"var":4258557067264.0,"ent":1.5,"data": [17715,17815,909,17821,3430,20304,88,41,3772,21850,18137,104,44,888,64188,13442,76786,1527,18418,206643,224790,16,4,18683,18,62779,11,80221,8427892,8444631,313993]},"pktlen": {"min":52,"avg":328.9,"max":1500,"stddev":495.5,"var":245485.5,"ent":3.8,"data": [60,60,52,341,52,1500,52,1132,52,1146,103,52,92,52,199,52,198,52,137,52,145,1500,1500,1273,52,52,92,90,52,137,52,145]},"bins": {"c_to_s": [8,0,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,2,0,0],"s_to_c": [7,4,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,1,0,0,1,1],"entropies": [4.759216309,5.287539482,5.061608315,5.575212479,5.085552692,7.541802406,5.085552692,7.720355034,5.138531685,7.691242218,6.017449379,5.100070000,6.076607704,5.061608315,6.938662529,5.176993370,6.939621925,5.176993370,6.553288460,5.176993370,6.578802109,7.876228809,7.874102592,7.832963467,5.176993370,5.176993370,6.054868221,5.938801765,5.138531685,6.484602451,5.215455055,6.623850822]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
+00770{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2619,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1613977595407425,"flow_src_last_pkt_time":1613977595964011,"flow_dst_last_pkt_time":1613977595963376,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1286,"flow_dst_max_l4_payload_len":914,"flow_src_tot_l4_payload_len":1549,"flow_dst_tot_l4_payload_len":1767,"midstream":0,"thread_ts_usec":1663090558383202,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01458{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2619,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":947,"flow_dst_packets_processed":1555,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977618224574,"flow_dst_last_pkt_time":1613977618224857,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5506,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1977868,"flow_dst_tot_l4_payload_len":24838,"midstream":0,"thread_ts_usec":1663090558383202,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
+00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2619,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613977585542630,"flow_src_last_pkt_time":1613977585542630,"flow_dst_last_pkt_time":1613977585553797,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1663090558383202,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","proto_id":"5.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2619,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585260893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1663090558383202,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","proto_id":"5.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01323{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2636,"source":"anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":27,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090607951443,"flow_dst_last_pkt_time":1663090607968067,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5903,"flow_dst_tot_l4_payload_len":3063,"midstream":0,"thread_ts_usec":1663090607968067,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
+00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2636,"source":"anydesk.pcapng","alias":"nDPId-test","packets-captured":2636,"packets-processed":2636,"total-skipped-flows":0,"total-l4-payload-len":2029531,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_usec":1663090607968067}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
-~~ packets captured/processed: 9538/9538
+~~ packets captured/processed: 2636/2636
 ~~ skipped flows.............: 0
-~~ total layer4 data length..: 4433234 bytes
+~~ total layer4 data length..: 2029531 bytes
 ~~ total detected protocols..: 7
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6745635 bytes
-~~ total memory freed........: 6745635 bytes
-~~ total allocations/frees...: 132076/132076
+~~ total memory allocated....: 6550430 bytes
+~~ total memory freed........: 6550430 bytes
+~~ total allocations/frees...: 125184/125184
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 494 chars
-~~ json string max len.......: 2657 chars
+~~ json string max len.......: 2656 chars
 ~~ json string avg len.......: 1574 chars
diff --git a/test/results/avast.pcap.out b/test/results/avast.pcap.out
index e4d02c213..465750bf8 100644
--- a/test/results/avast.pcap.out
+++ b/test/results/avast.pcap.out
@@ -107,9 +107,9 @@
 ~~ total active/idle flows...: 10/10
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6452544 bytes
-~~ total memory freed........: 6452544 bytes
-~~ total allocations/frees...: 122687/122687
+~~ total memory allocated....: 6457521 bytes
+~~ total memory freed........: 6457521 bytes
+~~ total allocations/frees...: 122697/122697
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 945 chars
diff --git a/test/results/avast_securedns.pcapng.out b/test/results/avast_securedns.pcapng.out
index 2f97e813f..a409a61c9 100644
--- a/test/results/avast_securedns.pcapng.out
+++ b/test/results/avast_securedns.pcapng.out
@@ -224,9 +224,9 @@
 ~~ total active/idle flows...: 39/39
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6482379 bytes
-~~ total memory freed........: 6482379 bytes
-~~ total allocations/frees...: 122931/122931
+~~ total memory allocated....: 6487588 bytes
+~~ total memory freed........: 6487588 bytes
+~~ total allocations/frees...: 122941/122941
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 502 chars
 ~~ json string max len.......: 972 chars
diff --git a/test/results/bad-dns-traffic.pcap.out b/test/results/bad-dns-traffic.pcap.out
index c731885b8..66105e10d 100644
--- a/test/results/bad-dns-traffic.pcap.out
+++ b/test/results/bad-dns-traffic.pcap.out
@@ -45,9 +45,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6426748 bytes
-~~ total memory freed........: 6426748 bytes
-~~ total allocations/frees...: 122846/122846
+~~ total memory allocated....: 6431669 bytes
+~~ total memory freed........: 6431669 bytes
+~~ total allocations/frees...: 122856/122856
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 500 chars
 ~~ json string max len.......: 2479 chars
diff --git a/test/results/badpackets.pcap.out b/test/results/badpackets.pcap.out
index ba542e219..1dbbb1ec6 100644
--- a/test/results/badpackets.pcap.out
+++ b/test/results/badpackets.pcap.out
@@ -200,9 +200,9 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6409946 bytes
-~~ total memory freed........: 6409946 bytes
-~~ total allocations/frees...: 122425/122425
+~~ total memory allocated....: 6414843 bytes
+~~ total memory freed........: 6414843 bytes
+~~ total allocations/frees...: 122435/122435
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 312 chars
 ~~ json string max len.......: 2297 chars
diff --git a/test/results/bitcoin.pcap.out b/test/results/bitcoin.pcap.out
index 936c0c3b5..e1041c117 100644
--- a/test/results/bitcoin.pcap.out
+++ b/test/results/bitcoin.pcap.out
@@ -64,9 +64,9 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6439219 bytes
-~~ total memory freed........: 6439219 bytes
-~~ total allocations/frees...: 123128/123128
+~~ total memory allocated....: 6444164 bytes
+~~ total memory freed........: 6444164 bytes
+~~ total allocations/frees...: 123138/123138
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 2455 chars
diff --git a/test/results/bittorrent.pcap.out b/test/results/bittorrent.pcap.out
index 5703015a5..4c6dc0141 100644
--- a/test/results/bittorrent.pcap.out
+++ b/test/results/bittorrent.pcap.out
@@ -170,9 +170,9 @@
 ~~ total active/idle flows...: 24/24
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6506873 bytes
-~~ total memory freed........: 6506873 bytes
-~~ total allocations/frees...: 123010/123010
+~~ total memory allocated....: 6511962 bytes
+~~ total memory freed........: 6511962 bytes
+~~ total allocations/frees...: 123020/123020
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 495 chars
 ~~ json string max len.......: 2377 chars
diff --git a/test/results/bittorrent_utp.pcap.out b/test/results/bittorrent_utp.pcap.out
index 952e6756e..73ca76d68 100644
--- a/test/results/bittorrent_utp.pcap.out
+++ b/test/results/bittorrent_utp.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414240 bytes
-~~ total memory freed........: 6414240 bytes
-~~ total allocations/frees...: 122522/122522
+~~ total memory allocated....: 6419145 bytes
+~~ total memory freed........: 6419145 bytes
+~~ total allocations/frees...: 122532/122532
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 499 chars
 ~~ json string max len.......: 2356 chars
diff --git a/test/results/bjnp.pcap.out b/test/results/bjnp.pcap.out
index 8d5db1446..0d1c8bd42 100644
--- a/test/results/bjnp.pcap.out
+++ b/test/results/bjnp.pcap.out
@@ -49,9 +49,9 @@
 ~~ total active/idle flows...: 10/10
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6428236 bytes
-~~ total memory freed........: 6428236 bytes
-~~ total allocations/frees...: 122545/122545
+~~ total memory allocated....: 6433213 bytes
+~~ total memory freed........: 6433213 bytes
+~~ total allocations/frees...: 122555/122555
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 478 chars
 ~~ json string max len.......: 949 chars
diff --git a/test/results/bot.pcap.out b/test/results/bot.pcap.out
index c66adcac9..6094cee67 100644
--- a/test/results/bot.pcap.out
+++ b/test/results/bot.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6423626 bytes
-~~ total memory freed........: 6423626 bytes
-~~ total allocations/frees...: 122843/122843
+~~ total memory allocated....: 6428538 bytes
+~~ total memory freed........: 6428538 bytes
+~~ total allocations/frees...: 122854/122854
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 488 chars
 ~~ json string max len.......: 2119 chars
diff --git a/test/results/bt_search.pcap.out b/test/results/bt_search.pcap.out
index 873bee7c8..41df10206 100644
--- a/test/results/bt_search.pcap.out
+++ b/test/results/bt_search.pcap.out
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411776 bytes
-~~ total memory freed........: 6411776 bytes
-~~ total allocations/frees...: 122437/122437
+~~ total memory allocated....: 6416681 bytes
+~~ total memory freed........: 6416681 bytes
+~~ total allocations/frees...: 122447/122447
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 494 chars
 ~~ json string max len.......: 948 chars
diff --git a/test/results/cachefly.pcapng.out b/test/results/cachefly.pcapng.out
index 82eb1abd2..166fe6e0d 100644
--- a/test/results/cachefly.pcapng.out
+++ b/test/results/cachefly.pcapng.out
@@ -19,9 +19,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6461414 bytes
-~~ total memory freed........: 6461414 bytes
-~~ total allocations/frees...: 122507/122507
+~~ total memory allocated....: 6466319 bytes
+~~ total memory freed........: 6466319 bytes
+~~ total allocations/frees...: 122517/122517
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 495 chars
 ~~ json string max len.......: 2686 chars
diff --git a/test/results/capwap.pcap.out b/test/results/capwap.pcap.out
index 8338e5c89..41ed42a6a 100644
--- a/test/results/capwap.pcap.out
+++ b/test/results/capwap.pcap.out
@@ -76,9 +76,9 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6430403 bytes
-~~ total memory freed........: 6430403 bytes
-~~ total allocations/frees...: 122875/122875
+~~ total memory allocated....: 6435340 bytes
+~~ total memory freed........: 6435340 bytes
+~~ total allocations/frees...: 122885/122885
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 289 chars
 ~~ json string max len.......: 2237 chars
diff --git a/test/results/cassandra.pcap.out b/test/results/cassandra.pcap.out
index dcdc97172..d246f6e15 100644
--- a/test/results/cassandra.pcap.out
+++ b/test/results/cassandra.pcap.out
@@ -27,9 +27,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6425936 bytes
-~~ total memory freed........: 6425936 bytes
-~~ total allocations/frees...: 122735/122735
+~~ total memory allocated....: 6430849 bytes
+~~ total memory freed........: 6430849 bytes
+~~ total allocations/frees...: 122745/122745
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 494 chars
 ~~ json string max len.......: 2181 chars
diff --git a/test/results/check_mk_new.pcap.out b/test/results/check_mk_new.pcap.out
index d529a3dba..9e2e52e37 100644
--- a/test/results/check_mk_new.pcap.out
+++ b/test/results/check_mk_new.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414588 bytes
-~~ total memory freed........: 6414588 bytes
-~~ total allocations/frees...: 122534/122534
+~~ total memory allocated....: 6419493 bytes
+~~ total memory freed........: 6419493 bytes
+~~ total allocations/frees...: 122544/122544
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 497 chars
 ~~ json string max len.......: 2112 chars
diff --git a/test/results/chrome.pcap.out b/test/results/chrome.pcap.out
index 1de6a613e..0cc70bdb4 100644
--- a/test/results/chrome.pcap.out
+++ b/test/results/chrome.pcap.out
@@ -74,9 +74,9 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 7030264 bytes
-~~ total memory freed........: 7030264 bytes
-~~ total allocations/frees...: 128201/128201
+~~ total memory allocated....: 7035209 bytes
+~~ total memory freed........: 7035209 bytes
+~~ total allocations/frees...: 128211/128211
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 2142 chars
diff --git a/test/results/citrix.pcap.out b/test/results/citrix.pcap.out
index 100352cfb..aa2dabf70 100644
--- a/test/results/citrix.pcap.out
+++ b/test/results/citrix.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414646 bytes
-~~ total memory freed........: 6414646 bytes
-~~ total allocations/frees...: 122536/122536
+~~ total memory allocated....: 6419551 bytes
+~~ total memory freed........: 6419551 bytes
+~~ total allocations/frees...: 122546/122546
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 462 chars
 ~~ json string max len.......: 2035 chars
diff --git a/test/results/cloudflare-warp.pcap.out b/test/results/cloudflare-warp.pcap.out
index 084e7d3b7..a31857ac9 100644
--- a/test/results/cloudflare-warp.pcap.out
+++ b/test/results/cloudflare-warp.pcap.out
@@ -69,9 +69,9 @@
 ~~ total active/idle flows...: 8/8
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6448672 bytes
-~~ total memory freed........: 6448672 bytes
-~~ total allocations/frees...: 122601/122601
+~~ total memory allocated....: 6453633 bytes
+~~ total memory freed........: 6453633 bytes
+~~ total allocations/frees...: 122611/122611
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 500 chars
 ~~ json string max len.......: 1526 chars
diff --git a/test/results/coap_mqtt.pcap.out b/test/results/coap_mqtt.pcap.out
index d78a84c3d..d007ddce7 100644
--- a/test/results/coap_mqtt.pcap.out
+++ b/test/results/coap_mqtt.pcap.out
@@ -127,9 +127,9 @@
 ~~ total active/idle flows...: 16/16
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6693844 bytes
-~~ total memory freed........: 6693844 bytes
-~~ total allocations/frees...: 131119/131119
+~~ total memory allocated....: 6698869 bytes
+~~ total memory freed........: 6698869 bytes
+~~ total allocations/frees...: 131129/131129
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 494 chars
 ~~ json string max len.......: 2300 chars
diff --git a/test/results/collectd-stats/1kxun.pcap.out b/test/results/collectd-stats/1kxun.pcap.out
index 437dca306..8fb2ce635 100644
--- a/test/results/collectd-stats/1kxun.pcap.out
+++ b/test/results/collectd-stats/1kxun.pcap.out
@@ -1,5 +1,5 @@
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:1299
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:1466306
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:1302
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:1471284
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:197
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:9
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:188
@@ -7,11 +7,11 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:38
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:22
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:177
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:20
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:23
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:14
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:173316
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:4790574
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:13
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:15
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:624
 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1
@@ -19,8 +19,8 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:10
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:152
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:66
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:153
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:68
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0
@@ -31,7 +31,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:48
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:49
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0
@@ -43,7 +43,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:91
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:48
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:50
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:34
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0
@@ -92,8 +92,8 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:5
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:8
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/443-chrome.pcap.out b/test/results/collectd-stats/443-chrome.pcap.out
index 47044c4cc..98c29e30f 100644
--- a/test/results/collectd-stats/443-chrome.pcap.out
+++ b/test/results/collectd-stats/443-chrome.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/443-curl.pcap.out b/test/results/collectd-stats/443-curl.pcap.out
index ffdb1d513..68fdcdde4 100644
--- a/test/results/collectd-stats/443-curl.pcap.out
+++ b/test/results/collectd-stats/443-curl.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/443-firefox.pcap.out b/test/results/collectd-stats/443-firefox.pcap.out
index 0143531f9..1f10ddf0c 100644
--- a/test/results/collectd-stats/443-firefox.pcap.out
+++ b/test/results/collectd-stats/443-firefox.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/443-git.pcap.out b/test/results/collectd-stats/443-git.pcap.out
index 395e010ee..be23b2e38 100644
--- a/test/results/collectd-stats/443-git.pcap.out
+++ b/test/results/collectd-stats/443-git.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/443-opvn.pcap.out b/test/results/collectd-stats/443-opvn.pcap.out
index 2a7fe3f19..411ca0a50 100644
--- a/test/results/collectd-stats/443-opvn.pcap.out
+++ b/test/results/collectd-stats/443-opvn.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/443-safari.pcap.out b/test/results/collectd-stats/443-safari.pcap.out
index d0cc32373..db21db3cb 100644
--- a/test/results/collectd-stats/443-safari.pcap.out
+++ b/test/results/collectd-stats/443-safari.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/4in4tunnel.pcap.out b/test/results/collectd-stats/4in4tunnel.pcap.out
index 356e3f0e3..183b9a3ee 100644
--- a/test/results/collectd-stats/4in4tunnel.pcap.out
+++ b/test/results/collectd-stats/4in4tunnel.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/4in6tunnel.pcap.out b/test/results/collectd-stats/4in6tunnel.pcap.out
index 6283e8c5e..06fa9bc44 100644
--- a/test/results/collectd-stats/4in6tunnel.pcap.out
+++ b/test/results/collectd-stats/4in6tunnel.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/6in4tunnel.pcap.out b/test/results/collectd-stats/6in4tunnel.pcap.out
index d4bff0418..9fe6759bd 100644
--- a/test/results/collectd-stats/6in4tunnel.pcap.out
+++ b/test/results/collectd-stats/6in4tunnel.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/6in6tunnel.pcap.out b/test/results/collectd-stats/6in6tunnel.pcap.out
index ee70b7bb9..cf06bc4d7 100644
--- a/test/results/collectd-stats/6in6tunnel.pcap.out
+++ b/test/results/collectd-stats/6in6tunnel.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/BGP_Cisco_hdlc_slarp.pcap.out b/test/results/collectd-stats/BGP_Cisco_hdlc_slarp.pcap.out
index 37d60be5e..e41bb9cb9 100644
--- a/test/results/collectd-stats/BGP_Cisco_hdlc_slarp.pcap.out
+++ b/test/results/collectd-stats/BGP_Cisco_hdlc_slarp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/BGP_redist.pcap.out b/test/results/collectd-stats/BGP_redist.pcap.out
index 17c1dc5b3..ced5133da 100644
--- a/test/results/collectd-stats/BGP_redist.pcap.out
+++ b/test/results/collectd-stats/BGP_redist.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/EAQ.pcap.out b/test/results/collectd-stats/EAQ.pcap.out
index b6e702ce8..c60c2b999 100644
--- a/test/results/collectd-stats/EAQ.pcap.out
+++ b/test/results/collectd-stats/EAQ.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/collectd-stats/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
index 275473a3e..51b7df071 100644
--- a/test/results/collectd-stats/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
+++ b/test/results/collectd-stats/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/IEC104.pcap.out b/test/results/collectd-stats/IEC104.pcap.out
index f6f3593c6..74a39517f 100644
--- a/test/results/collectd-stats/IEC104.pcap.out
+++ b/test/results/collectd-stats/IEC104.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/KakaoTalk_chat.pcap.out b/test/results/collectd-stats/KakaoTalk_chat.pcap.out
index 66c5a781d..f4e8cc6a7 100644
--- a/test/results/collectd-stats/KakaoTalk_chat.pcap.out
+++ b/test/results/collectd-stats/KakaoTalk_chat.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/KakaoTalk_talk.pcap.out b/test/results/collectd-stats/KakaoTalk_talk.pcap.out
index 6403ddc91..ad9ace5dc 100644
--- a/test/results/collectd-stats/KakaoTalk_talk.pcap.out
+++ b/test/results/collectd-stats/KakaoTalk_talk.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/NTPv2.pcap.out b/test/results/collectd-stats/NTPv2.pcap.out
index de35520a1..de1edf6e4 100644
--- a/test/results/collectd-stats/NTPv2.pcap.out
+++ b/test/results/collectd-stats/NTPv2.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/NTPv3.pcap.out b/test/results/collectd-stats/NTPv3.pcap.out
index 673e0524c..f0f160ca5 100644
--- a/test/results/collectd-stats/NTPv3.pcap.out
+++ b/test/results/collectd-stats/NTPv3.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/NTPv4.pcap.out b/test/results/collectd-stats/NTPv4.pcap.out
index 673e0524c..f0f160ca5 100644
--- a/test/results/collectd-stats/NTPv4.pcap.out
+++ b/test/results/collectd-stats/NTPv4.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/Oscar.pcap.out b/test/results/collectd-stats/Oscar.pcap.out
index f7211355e..b64d736c3 100644
--- a/test/results/collectd-stats/Oscar.pcap.out
+++ b/test/results/collectd-stats/Oscar.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/TivoDVR.pcap.out b/test/results/collectd-stats/TivoDVR.pcap.out
index 992112342..3e37367be 100644
--- a/test/results/collectd-stats/TivoDVR.pcap.out
+++ b/test/results/collectd-stats/TivoDVR.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/WebattackRCE.pcap.out b/test/results/collectd-stats/WebattackRCE.pcap.out
index ee627c668..d5c932ec2 100644
--- a/test/results/collectd-stats/WebattackRCE.pcap.out
+++ b/test/results/collectd-stats/WebattackRCE.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:3191
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:2933997
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:2934557
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:797
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:797
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/WebattackSQLinj.pcap.out b/test/results/collectd-stats/WebattackSQLinj.pcap.out
index c852c88cf..b8d51fdbe 100644
--- a/test/results/collectd-stats/WebattackSQLinj.pcap.out
+++ b/test/results/collectd-stats/WebattackSQLinj.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/WebattackXSS.pcap.out b/test/results/collectd-stats/WebattackXSS.pcap.out
index 60784c5cd..7b92c81ee 100644
--- a/test/results/collectd-stats/WebattackXSS.pcap.out
+++ b/test/results/collectd-stats/WebattackXSS.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/activision.pcap.out b/test/results/collectd-stats/activision.pcap.out
index 10da9e6bf..dce04c84c 100644
--- a/test/results/collectd-stats/activision.pcap.out
+++ b/test/results/collectd-stats/activision.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/afp.pcap.out b/test/results/collectd-stats/afp.pcap.out
index ff779432f..b0631d4f9 100644
--- a/test/results/collectd-stats/afp.pcap.out
+++ b/test/results/collectd-stats/afp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/agora-sd-rtn.pcap.out b/test/results/collectd-stats/agora-sd-rtn.pcap.out
index abab2f013..3b463fd27 100644
--- a/test/results/collectd-stats/agora-sd-rtn.pcap.out
+++ b/test/results/collectd-stats/agora-sd-rtn.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/ah.pcapng.out b/test/results/collectd-stats/ah.pcapng.out
index a98472ef3..cb1aba929 100644
--- a/test/results/collectd-stats/ah.pcapng.out
+++ b/test/results/collectd-stats/ah.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/ajp.pcap.out b/test/results/collectd-stats/ajp.pcap.out
index d546fffc1..6d674345f 100644
--- a/test/results/collectd-stats/ajp.pcap.out
+++ b/test/results/collectd-stats/ajp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/alexa-app.pcapng.out b/test/results/collectd-stats/alexa-app.pcapng.out
index 64cfa679b..a22db396d 100644
--- a/test/results/collectd-stats/alexa-app.pcapng.out
+++ b/test/results/collectd-stats/alexa-app.pcapng.out
@@ -1,16 +1,16 @@
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:1424
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:1225239
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:1422
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:1221382
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:160
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:104
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:56
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:77
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:24
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:23
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:14
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:146
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:151
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:150
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:406714
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:819373
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:399153
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:588052
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:59
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:679
@@ -19,7 +19,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:15
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:359
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:358
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0
@@ -31,7 +31,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:182
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:181
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/alicloud.pcap.out b/test/results/collectd-stats/alicloud.pcap.out
index ec53f4e3a..31adebd5a 100644
--- a/test/results/collectd-stats/alicloud.pcap.out
+++ b/test/results/collectd-stats/alicloud.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/among_us.pcap.out b/test/results/collectd-stats/among_us.pcap.out
index 60b55b5fd..315cf1fbf 100644
--- a/test/results/collectd-stats/among_us.pcap.out
+++ b/test/results/collectd-stats/among_us.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/amqp.pcap.out b/test/results/collectd-stats/amqp.pcap.out
index b58c0aa0f..f1f97a9b2 100644
--- a/test/results/collectd-stats/amqp.pcap.out
+++ b/test/results/collectd-stats/amqp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/android.pcap.out b/test/results/collectd-stats/android.pcap.out
index 8435913ed..170ad7eea 100644
--- a/test/results/collectd-stats/android.pcap.out
+++ b/test/results/collectd-stats/android.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/anyconnect-vpn.pcap.out b/test/results/collectd-stats/anyconnect-vpn.pcap.out
index 148262cf4..b2e7caeb3 100644
--- a/test/results/collectd-stats/anyconnect-vpn.pcap.out
+++ b/test/results/collectd-stats/anyconnect-vpn.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/anydesk.pcapng.out b/test/results/collectd-stats/anydesk.pcapng.out
index 891a79d1a..b63e33e04 100644
--- a/test/results/collectd-stats/anydesk.pcapng.out
+++ b/test/results/collectd-stats/anydesk.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:67
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:63215
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:63142
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:6
@@ -9,8 +9,8 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:9
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:2001883
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:2431351
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:1991465
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:38066
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:29
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/avast.pcap.out b/test/results/collectd-stats/avast.pcap.out
index bd63648fe..54154e77c 100644
--- a/test/results/collectd-stats/avast.pcap.out
+++ b/test/results/collectd-stats/avast.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/avast_securedns.pcapng.out b/test/results/collectd-stats/avast_securedns.pcapng.out
index c630833da..2f627d062 100644
--- a/test/results/collectd-stats/avast_securedns.pcapng.out
+++ b/test/results/collectd-stats/avast_securedns.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/bad-dns-traffic.pcap.out b/test/results/collectd-stats/bad-dns-traffic.pcap.out
index cff2fc560..9d72e0c46 100644
--- a/test/results/collectd-stats/bad-dns-traffic.pcap.out
+++ b/test/results/collectd-stats/bad-dns-traffic.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/badpackets.pcap.out b/test/results/collectd-stats/badpackets.pcap.out
index 9958fd79b..5f24ce2f0 100644
--- a/test/results/collectd-stats/badpackets.pcap.out
+++ b/test/results/collectd-stats/badpackets.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/bitcoin.pcap.out b/test/results/collectd-stats/bitcoin.pcap.out
index ef723513d..c5d960d6a 100644
--- a/test/results/collectd-stats/bitcoin.pcap.out
+++ b/test/results/collectd-stats/bitcoin.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/bittorrent.pcap.out b/test/results/collectd-stats/bittorrent.pcap.out
index 34c636a06..2482228e2 100644
--- a/test/results/collectd-stats/bittorrent.pcap.out
+++ b/test/results/collectd-stats/bittorrent.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/bittorrent_utp.pcap.out b/test/results/collectd-stats/bittorrent_utp.pcap.out
index 13e7190b9..49a1a31ce 100644
--- a/test/results/collectd-stats/bittorrent_utp.pcap.out
+++ b/test/results/collectd-stats/bittorrent_utp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/bjnp.pcap.out b/test/results/collectd-stats/bjnp.pcap.out
index c8a860e38..e63aae9ab 100644
--- a/test/results/collectd-stats/bjnp.pcap.out
+++ b/test/results/collectd-stats/bjnp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/bot.pcap.out b/test/results/collectd-stats/bot.pcap.out
index 84fbbdf74..49bf59072 100644
--- a/test/results/collectd-stats/bot.pcap.out
+++ b/test/results/collectd-stats/bot.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/bt_search.pcap.out b/test/results/collectd-stats/bt_search.pcap.out
index 56fd9738b..4719b0be5 100644
--- a/test/results/collectd-stats/bt_search.pcap.out
+++ b/test/results/collectd-stats/bt_search.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/cachefly.pcapng.out b/test/results/collectd-stats/cachefly.pcapng.out
index 3347fdeec..5d5d06afc 100644
--- a/test/results/collectd-stats/cachefly.pcapng.out
+++ b/test/results/collectd-stats/cachefly.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/capwap.pcap.out b/test/results/collectd-stats/capwap.pcap.out
index 9c77fd461..14d0849d4 100644
--- a/test/results/collectd-stats/capwap.pcap.out
+++ b/test/results/collectd-stats/capwap.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/cassandra.pcap.out b/test/results/collectd-stats/cassandra.pcap.out
index 7be61ec99..2508540c9 100644
--- a/test/results/collectd-stats/cassandra.pcap.out
+++ b/test/results/collectd-stats/cassandra.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/check_mk_new.pcap.out b/test/results/collectd-stats/check_mk_new.pcap.out
index b64bb39c5..457501686 100644
--- a/test/results/collectd-stats/check_mk_new.pcap.out
+++ b/test/results/collectd-stats/check_mk_new.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/chrome.pcap.out b/test/results/collectd-stats/chrome.pcap.out
index ce19163b8..780cb14c0 100644
--- a/test/results/collectd-stats/chrome.pcap.out
+++ b/test/results/collectd-stats/chrome.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/citrix.pcap.out b/test/results/collectd-stats/citrix.pcap.out
index d2af4f9bf..244873f5a 100644
--- a/test/results/collectd-stats/citrix.pcap.out
+++ b/test/results/collectd-stats/citrix.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/cloudflare-warp.pcap.out b/test/results/collectd-stats/cloudflare-warp.pcap.out
index bba0c4e64..1b8e119b5 100644
--- a/test/results/collectd-stats/cloudflare-warp.pcap.out
+++ b/test/results/collectd-stats/cloudflare-warp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/coap_mqtt.pcap.out b/test/results/collectd-stats/coap_mqtt.pcap.out
index 7d30a5fcd..5218b578a 100644
--- a/test/results/collectd-stats/coap_mqtt.pcap.out
+++ b/test/results/collectd-stats/coap_mqtt.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/collectd.pcap.out b/test/results/collectd-stats/collectd.pcap.out
index 384481caa..eaa7a9b58 100644
--- a/test/results/collectd-stats/collectd.pcap.out
+++ b/test/results/collectd-stats/collectd.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/corba.pcap.out b/test/results/collectd-stats/corba.pcap.out
index 8de091cc5..810247a12 100644
--- a/test/results/collectd-stats/corba.pcap.out
+++ b/test/results/collectd-stats/corba.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/cpha.pcap.out b/test/results/collectd-stats/cpha.pcap.out
index e9917ed11..4edf8c8c0 100644
--- a/test/results/collectd-stats/cpha.pcap.out
+++ b/test/results/collectd-stats/cpha.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/crynet.pcap.out b/test/results/collectd-stats/crynet.pcap.out
index 854580edc..892eb1174 100644
--- a/test/results/collectd-stats/crynet.pcap.out
+++ b/test/results/collectd-stats/crynet.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dazn.pcapng.out b/test/results/collectd-stats/dazn.pcapng.out
index fbf362973..3b9c3c807 100644
--- a/test/results/collectd-stats/dazn.pcapng.out
+++ b/test/results/collectd-stats/dazn.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dcerpc.pcap.out b/test/results/collectd-stats/dcerpc.pcap.out
index 8ff42e8e9..f03c63abe 100644
--- a/test/results/collectd-stats/dcerpc.pcap.out
+++ b/test/results/collectd-stats/dcerpc.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dhcp-fuzz.pcapng.out b/test/results/collectd-stats/dhcp-fuzz.pcapng.out
index 722db7335..e83f63250 100644
--- a/test/results/collectd-stats/dhcp-fuzz.pcapng.out
+++ b/test/results/collectd-stats/dhcp-fuzz.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/diameter.pcap.out b/test/results/collectd-stats/diameter.pcap.out
index de6844462..35b396494 100644
--- a/test/results/collectd-stats/diameter.pcap.out
+++ b/test/results/collectd-stats/diameter.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/discord.pcap.out b/test/results/collectd-stats/discord.pcap.out
index b40ef6a34..3a04b6907 100644
--- a/test/results/collectd-stats/discord.pcap.out
+++ b/test/results/collectd-stats/discord.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dlt_ppp.pcap.out b/test/results/collectd-stats/dlt_ppp.pcap.out
index 0251b5fdc..ca7bc834d 100644
--- a/test/results/collectd-stats/dlt_ppp.pcap.out
+++ b/test/results/collectd-stats/dlt_ppp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dnp3.pcap.out b/test/results/collectd-stats/dnp3.pcap.out
index 74ad1490e..e977b68b9 100644
--- a/test/results/collectd-stats/dnp3.pcap.out
+++ b/test/results/collectd-stats/dnp3.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dns-invalid-chars.pcap.out b/test/results/collectd-stats/dns-invalid-chars.pcap.out
index 60b95f13a..d57e07e2f 100644
--- a/test/results/collectd-stats/dns-invalid-chars.pcap.out
+++ b/test/results/collectd-stats/dns-invalid-chars.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dns-tunnel-iodine.pcap.out b/test/results/collectd-stats/dns-tunnel-iodine.pcap.out
index f81c15eaf..1fb3f6b7d 100644
--- a/test/results/collectd-stats/dns-tunnel-iodine.pcap.out
+++ b/test/results/collectd-stats/dns-tunnel-iodine.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dns_ambiguous_names.pcap.out b/test/results/collectd-stats/dns_ambiguous_names.pcap.out
index 891f8951a..3547f7a3f 100644
--- a/test/results/collectd-stats/dns_ambiguous_names.pcap.out
+++ b/test/results/collectd-stats/dns_ambiguous_names.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dns_doh.pcap.out b/test/results/collectd-stats/dns_doh.pcap.out
index 70668a0b5..5e3d630d2 100644
--- a/test/results/collectd-stats/dns_doh.pcap.out
+++ b/test/results/collectd-stats/dns_doh.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dns_dot.pcap.out b/test/results/collectd-stats/dns_dot.pcap.out
index fc236b906..511978121 100644
--- a/test/results/collectd-stats/dns_dot.pcap.out
+++ b/test/results/collectd-stats/dns_dot.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dns_exfiltration.pcap.out b/test/results/collectd-stats/dns_exfiltration.pcap.out
index ef77e4dda..61cc5604b 100644
--- a/test/results/collectd-stats/dns_exfiltration.pcap.out
+++ b/test/results/collectd-stats/dns_exfiltration.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dns_fragmented.pcap.out b/test/results/collectd-stats/dns_fragmented.pcap.out
index 7a4535580..f8efcb195 100644
--- a/test/results/collectd-stats/dns_fragmented.pcap.out
+++ b/test/results/collectd-stats/dns_fragmented.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dns_invert_query.pcapng.out b/test/results/collectd-stats/dns_invert_query.pcapng.out
index 7e508b9ba..41dec6429 100644
--- a/test/results/collectd-stats/dns_invert_query.pcapng.out
+++ b/test/results/collectd-stats/dns_invert_query.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dns_long_domainname.pcap.out b/test/results/collectd-stats/dns_long_domainname.pcap.out
index deb1a0bd5..ae3e5b7af 100644
--- a/test/results/collectd-stats/dns_long_domainname.pcap.out
+++ b/test/results/collectd-stats/dns_long_domainname.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/collectd-stats/dnscrypt-v1-and-resolver-pings.pcap.out
index 11b50681d..a88d8471e 100644
--- a/test/results/collectd-stats/dnscrypt-v1-and-resolver-pings.pcap.out
+++ b/test/results/collectd-stats/dnscrypt-v1-and-resolver-pings.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dnscrypt-v2-doh.pcap.out b/test/results/collectd-stats/dnscrypt-v2-doh.pcap.out
index f363c0a39..c09d2c535 100644
--- a/test/results/collectd-stats/dnscrypt-v2-doh.pcap.out
+++ b/test/results/collectd-stats/dnscrypt-v2-doh.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dnscrypt-v2.pcap.out b/test/results/collectd-stats/dnscrypt-v2.pcap.out
index 65abe11b6..0496be601 100644
--- a/test/results/collectd-stats/dnscrypt-v2.pcap.out
+++ b/test/results/collectd-stats/dnscrypt-v2.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dnscrypt_skype_false_positive.pcapng.out b/test/results/collectd-stats/dnscrypt_skype_false_positive.pcapng.out
index 30cbc32cf..c962c039b 100644
--- a/test/results/collectd-stats/dnscrypt_skype_false_positive.pcapng.out
+++ b/test/results/collectd-stats/dnscrypt_skype_false_positive.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/doq.pcapng.out b/test/results/collectd-stats/doq.pcapng.out
index 92f973774..551f42ca0 100644
--- a/test/results/collectd-stats/doq.pcapng.out
+++ b/test/results/collectd-stats/doq.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/doq_adguard.pcapng.out b/test/results/collectd-stats/doq_adguard.pcapng.out
index 1b90b3938..3b4488182 100644
--- a/test/results/collectd-stats/doq_adguard.pcapng.out
+++ b/test/results/collectd-stats/doq_adguard.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dos_win98_smb_netbeui.pcap.out b/test/results/collectd-stats/dos_win98_smb_netbeui.pcap.out
index dc6f43b31..b3b2bf9c1 100644
--- a/test/results/collectd-stats/dos_win98_smb_netbeui.pcap.out
+++ b/test/results/collectd-stats/dos_win98_smb_netbeui.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/drda_db2.pcap.out b/test/results/collectd-stats/drda_db2.pcap.out
index 8a6e12097..747ed4a28 100644
--- a/test/results/collectd-stats/drda_db2.pcap.out
+++ b/test/results/collectd-stats/drda_db2.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dropbox.pcap.out b/test/results/collectd-stats/dropbox.pcap.out
index 2abaeece7..3aa12a8f9 100644
--- a/test/results/collectd-stats/dropbox.pcap.out
+++ b/test/results/collectd-stats/dropbox.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dtls.pcap.out b/test/results/collectd-stats/dtls.pcap.out
index 3f533c9b1..11d834987 100644
--- a/test/results/collectd-stats/dtls.pcap.out
+++ b/test/results/collectd-stats/dtls.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dtls2.pcap.out b/test/results/collectd-stats/dtls2.pcap.out
index 8e8fb8a4f..816e36940 100644
--- a/test/results/collectd-stats/dtls2.pcap.out
+++ b/test/results/collectd-stats/dtls2.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dtls_certificate.pcapng.out b/test/results/collectd-stats/dtls_certificate.pcapng.out
index eff4d948e..7049201bd 100644
--- a/test/results/collectd-stats/dtls_certificate.pcapng.out
+++ b/test/results/collectd-stats/dtls_certificate.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:7065
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:7526
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dtls_certificate_fragments.pcap.out b/test/results/collectd-stats/dtls_certificate_fragments.pcap.out
index bfc0e4dee..f29f74be7 100644
--- a/test/results/collectd-stats/dtls_certificate_fragments.pcap.out
+++ b/test/results/collectd-stats/dtls_certificate_fragments.pcap.out
@@ -1,26 +1,26 @@
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:12321
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:24
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:28213
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:2162
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:2976
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:3051
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:6050
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:5
+PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:10
 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1
-PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0
@@ -31,7 +31,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0
@@ -41,7 +41,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0
@@ -55,11 +55,11 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0
@@ -89,14 +89,14 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0
@@ -105,7 +105,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dtls_mid_sessions.pcapng.out b/test/results/collectd-stats/dtls_mid_sessions.pcapng.out
index 0ad13878f..7bd58f53e 100644
--- a/test/results/collectd-stats/dtls_mid_sessions.pcapng.out
+++ b/test/results/collectd-stats/dtls_mid_sessions.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dtls_old_version.pcapng.out b/test/results/collectd-stats/dtls_old_version.pcapng.out
index 379909fe9..bc3a6b571 100644
--- a/test/results/collectd-stats/dtls_old_version.pcapng.out
+++ b/test/results/collectd-stats/dtls_old_version.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/dtls_session_id_and_coockie_both.pcap.out b/test/results/collectd-stats/dtls_session_id_and_coockie_both.pcap.out
index 764579c5b..ec1c3ff71 100644
--- a/test/results/collectd-stats/dtls_session_id_and_coockie_both.pcap.out
+++ b/test/results/collectd-stats/dtls_session_id_and_coockie_both.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/elasticsearch.pcap.out b/test/results/collectd-stats/elasticsearch.pcap.out
index 0aca69afa..b25a984f5 100644
--- a/test/results/collectd-stats/elasticsearch.pcap.out
+++ b/test/results/collectd-stats/elasticsearch.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/emotet.pcap.out b/test/results/collectd-stats/emotet.pcap.out
index b9c5f324d..9e1150c91 100644
--- a/test/results/collectd-stats/emotet.pcap.out
+++ b/test/results/collectd-stats/emotet.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/encrypted_sni.pcap.out b/test/results/collectd-stats/encrypted_sni.pcap.out
index ac6b4b5e4..1f737f604 100644
--- a/test/results/collectd-stats/encrypted_sni.pcap.out
+++ b/test/results/collectd-stats/encrypted_sni.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/esp.pcapng.out b/test/results/collectd-stats/esp.pcapng.out
index fa1d57080..7da676848 100644
--- a/test/results/collectd-stats/esp.pcapng.out
+++ b/test/results/collectd-stats/esp.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/ethereum.pcap.out b/test/results/collectd-stats/ethereum.pcap.out
index 39bd0df00..c61dd0df4 100644
--- a/test/results/collectd-stats/ethereum.pcap.out
+++ b/test/results/collectd-stats/ethereum.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/ethernetIP.pcap.out b/test/results/collectd-stats/ethernetIP.pcap.out
index b21ad0801..367539b23 100644
--- a/test/results/collectd-stats/ethernetIP.pcap.out
+++ b/test/results/collectd-stats/ethernetIP.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/exe_download.pcap.out b/test/results/collectd-stats/exe_download.pcap.out
index d00457210..2949d04e0 100644
--- a/test/results/collectd-stats/exe_download.pcap.out
+++ b/test/results/collectd-stats/exe_download.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/exe_download_as_png.pcap.out b/test/results/collectd-stats/exe_download_as_png.pcap.out
index 1d92adcd1..f926ad607 100644
--- a/test/results/collectd-stats/exe_download_as_png.pcap.out
+++ b/test/results/collectd-stats/exe_download_as_png.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/facebook.pcap.out b/test/results/collectd-stats/facebook.pcap.out
index c287b634b..089c5b762 100644
--- a/test/results/collectd-stats/facebook.pcap.out
+++ b/test/results/collectd-stats/facebook.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/fastcgi.pcap.out b/test/results/collectd-stats/fastcgi.pcap.out
index b5bd87b42..684388823 100644
--- a/test/results/collectd-stats/fastcgi.pcap.out
+++ b/test/results/collectd-stats/fastcgi.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/firefox.pcap.out b/test/results/collectd-stats/firefox.pcap.out
index 4b82d8814..b89dd1f7e 100644
--- a/test/results/collectd-stats/firefox.pcap.out
+++ b/test/results/collectd-stats/firefox.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/fix.pcap.out b/test/results/collectd-stats/fix.pcap.out
index d95b2ab13..0cf4a3923 100644
--- a/test/results/collectd-stats/fix.pcap.out
+++ b/test/results/collectd-stats/fix.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/fix2.pcap.out b/test/results/collectd-stats/fix2.pcap.out
index 03811b987..4658177d9 100644
--- a/test/results/collectd-stats/fix2.pcap.out
+++ b/test/results/collectd-stats/fix2.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/forticlient.pcap.out b/test/results/collectd-stats/forticlient.pcap.out
index ce6f9b9e7..94cadc858 100644
--- a/test/results/collectd-stats/forticlient.pcap.out
+++ b/test/results/collectd-stats/forticlient.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/ftp-start-tls.pcap.out b/test/results/collectd-stats/ftp-start-tls.pcap.out
index d2e2ad90e..0af3bb6f9 100644
--- a/test/results/collectd-stats/ftp-start-tls.pcap.out
+++ b/test/results/collectd-stats/ftp-start-tls.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/ftp.pcap.out b/test/results/collectd-stats/ftp.pcap.out
index ffcccdcd1..3cda9d45a 100644
--- a/test/results/collectd-stats/ftp.pcap.out
+++ b/test/results/collectd-stats/ftp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/ftp_failed.pcap.out b/test/results/collectd-stats/ftp_failed.pcap.out
index c9665ad99..bec9d20c9 100644
--- a/test/results/collectd-stats/ftp_failed.pcap.out
+++ b/test/results/collectd-stats/ftp_failed.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/fuzz-2006-06-26-2594.pcap.out b/test/results/collectd-stats/fuzz-2006-06-26-2594.pcap.out
index b7fe35f99..770761e5e 100644
--- a/test/results/collectd-stats/fuzz-2006-06-26-2594.pcap.out
+++ b/test/results/collectd-stats/fuzz-2006-06-26-2594.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:2117
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:1685090
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:1685032
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:257
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:255
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/fuzz-2006-09-29-28586.pcap.out b/test/results/collectd-stats/fuzz-2006-09-29-28586.pcap.out
index e6cd1fabc..fbe8b03d7 100644
--- a/test/results/collectd-stats/fuzz-2006-09-29-28586.pcap.out
+++ b/test/results/collectd-stats/fuzz-2006-09-29-28586.pcap.out
@@ -1,5 +1,5 @@
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:219
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:178052
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:220
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:180143
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:39
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:12
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:27
@@ -7,11 +7,11 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:23
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:14756
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:10874
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:4
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:8
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:8
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:82
 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1
@@ -19,7 +19,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:13
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:14
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0
@@ -31,7 +31,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:13
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:14
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0
@@ -92,8 +92,8 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:5
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:4
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/fuzz-2020-02-16-11740.pcap.out b/test/results/collectd-stats/fuzz-2020-02-16-11740.pcap.out
index 4fd16d876..249e79ef1 100644
--- a/test/results/collectd-stats/fuzz-2020-02-16-11740.pcap.out
+++ b/test/results/collectd-stats/fuzz-2020-02-16-11740.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/fuzz-2021-06-07-c6c72a0a56.pcap.out b/test/results/collectd-stats/fuzz-2021-06-07-c6c72a0a56.pcap.out
index 976b4a103..4eaaf4192 100644
--- a/test/results/collectd-stats/fuzz-2021-06-07-c6c72a0a56.pcap.out
+++ b/test/results/collectd-stats/fuzz-2021-06-07-c6c72a0a56.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/fuzz-2021-10-13.pcap.out b/test/results/collectd-stats/fuzz-2021-10-13.pcap.out
index 99eb630e7..22b2b044f 100644
--- a/test/results/collectd-stats/fuzz-2021-10-13.pcap.out
+++ b/test/results/collectd-stats/fuzz-2021-10-13.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/genshin-impact.pcap.out b/test/results/collectd-stats/genshin-impact.pcap.out
index eed354bcb..2f390adab 100644
--- a/test/results/collectd-stats/genshin-impact.pcap.out
+++ b/test/results/collectd-stats/genshin-impact.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/git.pcap.out b/test/results/collectd-stats/git.pcap.out
index 0fd126349..6818fdd48 100644
--- a/test/results/collectd-stats/git.pcap.out
+++ b/test/results/collectd-stats/git.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/gnutella.pcap.out b/test/results/collectd-stats/gnutella.pcap.out
index 8beaa10e3..059777c2a 100644
--- a/test/results/collectd-stats/gnutella.pcap.out
+++ b/test/results/collectd-stats/gnutella.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/google_ssl.pcap.out b/test/results/collectd-stats/google_ssl.pcap.out
index 57c5b1a72..a4bb3a3ca 100644
--- a/test/results/collectd-stats/google_ssl.pcap.out
+++ b/test/results/collectd-stats/google_ssl.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/googledns_android10.pcap.out b/test/results/collectd-stats/googledns_android10.pcap.out
index a43499792..a030e67f5 100644
--- a/test/results/collectd-stats/googledns_android10.pcap.out
+++ b/test/results/collectd-stats/googledns_android10.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/gquic.pcap.out b/test/results/collectd-stats/gquic.pcap.out
index 7dcc09b36..07386c6de 100644
--- a/test/results/collectd-stats/gquic.pcap.out
+++ b/test/results/collectd-stats/gquic.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/gre_no_options.pcapng.out b/test/results/collectd-stats/gre_no_options.pcapng.out
index 13346ce62..f23a8b00c 100644
--- a/test/results/collectd-stats/gre_no_options.pcapng.out
+++ b/test/results/collectd-stats/gre_no_options.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/gtp_c.pcap.out b/test/results/collectd-stats/gtp_c.pcap.out
index d2b466c5e..094aa61b9 100644
--- a/test/results/collectd-stats/gtp_c.pcap.out
+++ b/test/results/collectd-stats/gtp_c.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/gtp_false_positive.pcapng.out b/test/results/collectd-stats/gtp_false_positive.pcapng.out
index 218086be0..1fef0931c 100644
--- a/test/results/collectd-stats/gtp_false_positive.pcapng.out
+++ b/test/results/collectd-stats/gtp_false_positive.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/gtp_prime.pcapng.out b/test/results/collectd-stats/gtp_prime.pcapng.out
index 4a8de891a..fb1950e6c 100644
--- a/test/results/collectd-stats/gtp_prime.pcapng.out
+++ b/test/results/collectd-stats/gtp_prime.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/h323-overflow.pcap.out b/test/results/collectd-stats/h323-overflow.pcap.out
index f64c6bd46..6e29b1292 100644
--- a/test/results/collectd-stats/h323-overflow.pcap.out
+++ b/test/results/collectd-stats/h323-overflow.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/h323.pcap.out b/test/results/collectd-stats/h323.pcap.out
index 8ca8f03dd..c32ea3009 100644
--- a/test/results/collectd-stats/h323.pcap.out
+++ b/test/results/collectd-stats/h323.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/hangout.pcap.out b/test/results/collectd-stats/hangout.pcap.out
index 70db90402..ee5b296e6 100644
--- a/test/results/collectd-stats/hangout.pcap.out
+++ b/test/results/collectd-stats/hangout.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/hpvirtgrp.pcap.out b/test/results/collectd-stats/hpvirtgrp.pcap.out
index 0f3ec6ca6..272bc8763 100644
--- a/test/results/collectd-stats/hpvirtgrp.pcap.out
+++ b/test/results/collectd-stats/hpvirtgrp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/hsrp0.pcap.out b/test/results/collectd-stats/hsrp0.pcap.out
index 50fdc7d45..6f780be17 100644
--- a/test/results/collectd-stats/hsrp0.pcap.out
+++ b/test/results/collectd-stats/hsrp0.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/hsrp2.pcap.out b/test/results/collectd-stats/hsrp2.pcap.out
index a2860288f..b47b5c435 100644
--- a/test/results/collectd-stats/hsrp2.pcap.out
+++ b/test/results/collectd-stats/hsrp2.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/hsrp2_ipv6.pcapng.out b/test/results/collectd-stats/hsrp2_ipv6.pcapng.out
index af6154c62..233b289a3 100644
--- a/test/results/collectd-stats/hsrp2_ipv6.pcapng.out
+++ b/test/results/collectd-stats/hsrp2_ipv6.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/http-crash-content-disposition.pcap.out b/test/results/collectd-stats/http-crash-content-disposition.pcap.out
index 22b601f6b..5d694592f 100644
--- a/test/results/collectd-stats/http-crash-content-disposition.pcap.out
+++ b/test/results/collectd-stats/http-crash-content-disposition.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/http-lines-split.pcap.out b/test/results/collectd-stats/http-lines-split.pcap.out
index 2617ee1a9..bdaa615c5 100644
--- a/test/results/collectd-stats/http-lines-split.pcap.out
+++ b/test/results/collectd-stats/http-lines-split.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/http-manipulated.pcap.out b/test/results/collectd-stats/http-manipulated.pcap.out
index b7ba105f5..769b0a3c1 100644
--- a/test/results/collectd-stats/http-manipulated.pcap.out
+++ b/test/results/collectd-stats/http-manipulated.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/http-proxy.pcapng.out b/test/results/collectd-stats/http-proxy.pcapng.out
index afe258e0b..0253c9ac0 100644
--- a/test/results/collectd-stats/http-proxy.pcapng.out
+++ b/test/results/collectd-stats/http-proxy.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/http_auth.pcap.out b/test/results/collectd-stats/http_auth.pcap.out
index 91a9d14f8..abda7edc2 100644
--- a/test/results/collectd-stats/http_auth.pcap.out
+++ b/test/results/collectd-stats/http_auth.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/http_connect.pcap.out b/test/results/collectd-stats/http_connect.pcap.out
index c68735724..444f456f3 100644
--- a/test/results/collectd-stats/http_connect.pcap.out
+++ b/test/results/collectd-stats/http_connect.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/http_guessed_host_and_guessed.pcapng.out b/test/results/collectd-stats/http_guessed_host_and_guessed.pcapng.out
index 5d30941ad..ac5e71180 100644
--- a/test/results/collectd-stats/http_guessed_host_and_guessed.pcapng.out
+++ b/test/results/collectd-stats/http_guessed_host_and_guessed.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/http_ipv6.pcap.out b/test/results/collectd-stats/http_ipv6.pcap.out
index 5daa3690d..509e5f120 100644
--- a/test/results/collectd-stats/http_ipv6.pcap.out
+++ b/test/results/collectd-stats/http_ipv6.pcap.out
@@ -1,14 +1,14 @@
 PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:115
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:97938
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:98015
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:15
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:12
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:1
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:6
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:8
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:10659
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:40534
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:4
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/http_on_sip_port.pcap.out b/test/results/collectd-stats/http_on_sip_port.pcap.out
index ec36fe933..8a22a9940 100644
--- a/test/results/collectd-stats/http_on_sip_port.pcap.out
+++ b/test/results/collectd-stats/http_on_sip_port.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/i3d.pcap.out b/test/results/collectd-stats/i3d.pcap.out
index 82820fd6a..b20174f74 100644
--- a/test/results/collectd-stats/i3d.pcap.out
+++ b/test/results/collectd-stats/i3d.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/iax.pcap.out b/test/results/collectd-stats/iax.pcap.out
index dfa386a7f..1dea89cc3 100644
--- a/test/results/collectd-stats/iax.pcap.out
+++ b/test/results/collectd-stats/iax.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/icmp-tunnel.pcap.out b/test/results/collectd-stats/icmp-tunnel.pcap.out
index f72cb24af..dedc9abc2 100644
--- a/test/results/collectd-stats/icmp-tunnel.pcap.out
+++ b/test/results/collectd-stats/icmp-tunnel.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/iec60780-5-104.pcap.out b/test/results/collectd-stats/iec60780-5-104.pcap.out
index e94f8082f..dc781b584 100644
--- a/test/results/collectd-stats/iec60780-5-104.pcap.out
+++ b/test/results/collectd-stats/iec60780-5-104.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/imap-starttls.pcap.out b/test/results/collectd-stats/imap-starttls.pcap.out
index 6559d053c..6028b7783 100644
--- a/test/results/collectd-stats/imap-starttls.pcap.out
+++ b/test/results/collectd-stats/imap-starttls.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/imap.pcap.out b/test/results/collectd-stats/imap.pcap.out
index b4283b055..11c0756e7 100644
--- a/test/results/collectd-stats/imap.pcap.out
+++ b/test/results/collectd-stats/imap.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/imaps.pcap.out b/test/results/collectd-stats/imaps.pcap.out
index e5c7d1de1..b3f49708d 100644
--- a/test/results/collectd-stats/imaps.pcap.out
+++ b/test/results/collectd-stats/imaps.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/imo.pcap.out b/test/results/collectd-stats/imo.pcap.out
index 7ccc2a2ee..782385e51 100644
--- a/test/results/collectd-stats/imo.pcap.out
+++ b/test/results/collectd-stats/imo.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/instagram.pcap.out b/test/results/collectd-stats/instagram.pcap.out
index 89c68e396..fcc796d5c 100644
--- a/test/results/collectd-stats/instagram.pcap.out
+++ b/test/results/collectd-stats/instagram.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/ip_fragmented_garbage.pcap.out b/test/results/collectd-stats/ip_fragmented_garbage.pcap.out
index b59ec865b..e1367b9d6 100644
--- a/test/results/collectd-stats/ip_fragmented_garbage.pcap.out
+++ b/test/results/collectd-stats/ip_fragmented_garbage.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/iphone.pcap.out b/test/results/collectd-stats/iphone.pcap.out
index f1395d693..171d01f5d 100644
--- a/test/results/collectd-stats/iphone.pcap.out
+++ b/test/results/collectd-stats/iphone.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/ipp.pcap.out b/test/results/collectd-stats/ipp.pcap.out
index 175657700..4900e8eb0 100644
--- a/test/results/collectd-stats/ipp.pcap.out
+++ b/test/results/collectd-stats/ipp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/ipsec_isakmp_esp.pcap.out b/test/results/collectd-stats/ipsec_isakmp_esp.pcap.out
index 8d4e0ec4b..b06dc1cf5 100644
--- a/test/results/collectd-stats/ipsec_isakmp_esp.pcap.out
+++ b/test/results/collectd-stats/ipsec_isakmp_esp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/ipv6_in_gtp.pcap.out b/test/results/collectd-stats/ipv6_in_gtp.pcap.out
index 9ee6a658d..226bfebec 100644
--- a/test/results/collectd-stats/ipv6_in_gtp.pcap.out
+++ b/test/results/collectd-stats/ipv6_in_gtp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/irc.pcap.out b/test/results/collectd-stats/irc.pcap.out
index c69693065..4ad16d5f2 100644
--- a/test/results/collectd-stats/irc.pcap.out
+++ b/test/results/collectd-stats/irc.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/ja3_lots_of_cipher_suites.pcap.out b/test/results/collectd-stats/ja3_lots_of_cipher_suites.pcap.out
index 1f2f4be97..72b57be81 100644
--- a/test/results/collectd-stats/ja3_lots_of_cipher_suites.pcap.out
+++ b/test/results/collectd-stats/ja3_lots_of_cipher_suites.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/ja3_lots_of_cipher_suites_2_anon.pcap.out b/test/results/collectd-stats/ja3_lots_of_cipher_suites_2_anon.pcap.out
index f17150985..bca55d718 100644
--- a/test/results/collectd-stats/ja3_lots_of_cipher_suites_2_anon.pcap.out
+++ b/test/results/collectd-stats/ja3_lots_of_cipher_suites_2_anon.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/jabber.pcap.out b/test/results/collectd-stats/jabber.pcap.out
index cbe6baaa4..50c63d361 100644
--- a/test/results/collectd-stats/jabber.pcap.out
+++ b/test/results/collectd-stats/jabber.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/kerberos-error.pcap.out b/test/results/collectd-stats/kerberos-error.pcap.out
index 7bd0a2bf7..43070885e 100644
--- a/test/results/collectd-stats/kerberos-error.pcap.out
+++ b/test/results/collectd-stats/kerberos-error.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/kerberos-login.pcap.out b/test/results/collectd-stats/kerberos-login.pcap.out
index 69acaab96..b44ae6584 100644
--- a/test/results/collectd-stats/kerberos-login.pcap.out
+++ b/test/results/collectd-stats/kerberos-login.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/kerberos.pcap.out b/test/results/collectd-stats/kerberos.pcap.out
index c578b8d78..d3edf5d94 100644
--- a/test/results/collectd-stats/kerberos.pcap.out
+++ b/test/results/collectd-stats/kerberos.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/kerberos_fuzz.pcapng.out b/test/results/collectd-stats/kerberos_fuzz.pcapng.out
index 3a98990d9..0e701a7f1 100644
--- a/test/results/collectd-stats/kerberos_fuzz.pcapng.out
+++ b/test/results/collectd-stats/kerberos_fuzz.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/kismet.pcap.out b/test/results/collectd-stats/kismet.pcap.out
index 4b3eba1b5..ccf7a59bc 100644
--- a/test/results/collectd-stats/kismet.pcap.out
+++ b/test/results/collectd-stats/kismet.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/kontiki.pcap.out b/test/results/collectd-stats/kontiki.pcap.out
index f3258a070..1591fd167 100644
--- a/test/results/collectd-stats/kontiki.pcap.out
+++ b/test/results/collectd-stats/kontiki.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:48
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:36927
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:36881
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:8
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:8
@@ -9,8 +9,8 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:2
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:7989
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:3708441
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:2261
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:33151
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:20
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/line.pcap.out b/test/results/collectd-stats/line.pcap.out
index 962c8e3ee..814b04608 100644
--- a/test/results/collectd-stats/line.pcap.out
+++ b/test/results/collectd-stats/line.pcap.out
@@ -1,16 +1,16 @@
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:52
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:51321
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:51
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:50308
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:4
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:9470648
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:9804815
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:25568
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:23936
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:25
@@ -19,7 +19,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:1
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:8
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0
@@ -36,7 +36,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interv
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:3
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:5
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/lisp_registration.pcap.out b/test/results/collectd-stats/lisp_registration.pcap.out
index f335080f5..fcf1bddf4 100644
--- a/test/results/collectd-stats/lisp_registration.pcap.out
+++ b/test/results/collectd-stats/lisp_registration.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/log4j-webapp-exploit.pcap.out b/test/results/collectd-stats/log4j-webapp-exploit.pcap.out
index e70dc8530..28edc0dcc 100644
--- a/test/results/collectd-stats/log4j-webapp-exploit.pcap.out
+++ b/test/results/collectd-stats/log4j-webapp-exploit.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/long_tls_certificate.pcap.out b/test/results/collectd-stats/long_tls_certificate.pcap.out
index 8b9af05c7..72f044b80 100644
--- a/test/results/collectd-stats/long_tls_certificate.pcap.out
+++ b/test/results/collectd-stats/long_tls_certificate.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/lru_ipv6_caches.pcapng.out b/test/results/collectd-stats/lru_ipv6_caches.pcapng.out
new file mode 100644
index 000000000..8b439acff
--- /dev/null
+++ b/test/results/collectd-stats/lru_ipv6_caches.pcapng.out
@@ -0,0 +1,133 @@
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:83
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:76599
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:12
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:12
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:8
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:3
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:4
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:14408
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:846
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:41
+PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:10
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:6
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:3
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:12
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:3
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:9
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_0_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/malformed_dns.pcap.out b/test/results/collectd-stats/malformed_dns.pcap.out
index 0efb6b9d5..604cbdfd3 100644
--- a/test/results/collectd-stats/malformed_dns.pcap.out
+++ b/test/results/collectd-stats/malformed_dns.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:14829
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:14833
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/malformed_icmp.pcap.out b/test/results/collectd-stats/malformed_icmp.pcap.out
index b4ff948cd..6334874ef 100644
--- a/test/results/collectd-stats/malformed_icmp.pcap.out
+++ b/test/results/collectd-stats/malformed_icmp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/malware.pcap.out b/test/results/collectd-stats/malware.pcap.out
index fbd26aaca..5fcb460eb 100644
--- a/test/results/collectd-stats/malware.pcap.out
+++ b/test/results/collectd-stats/malware.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/memcached.cap.out b/test/results/collectd-stats/memcached.cap.out
index 753e7da2b..7a2dc27ff 100644
--- a/test/results/collectd-stats/memcached.cap.out
+++ b/test/results/collectd-stats/memcached.cap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/mgcp.pcapng.out b/test/results/collectd-stats/mgcp.pcapng.out
index 058463100..1cb28f0a5 100644
--- a/test/results/collectd-stats/mgcp.pcapng.out
+++ b/test/results/collectd-stats/mgcp.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/modbus.pcap.out b/test/results/collectd-stats/modbus.pcap.out
index b486cc460..c8d611d52 100644
--- a/test/results/collectd-stats/modbus.pcap.out
+++ b/test/results/collectd-stats/modbus.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/monero.pcap.out b/test/results/collectd-stats/monero.pcap.out
index df1c4b00c..866881deb 100644
--- a/test/results/collectd-stats/monero.pcap.out
+++ b/test/results/collectd-stats/monero.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/mongo_false_positive.pcapng.out b/test/results/collectd-stats/mongo_false_positive.pcapng.out
index bf3303466..a24a6f94d 100644
--- a/test/results/collectd-stats/mongo_false_positive.pcapng.out
+++ b/test/results/collectd-stats/mongo_false_positive.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/mongodb.pcap.out b/test/results/collectd-stats/mongodb.pcap.out
index d2d69c4a1..dc7b9461b 100644
--- a/test/results/collectd-stats/mongodb.pcap.out
+++ b/test/results/collectd-stats/mongodb.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/mpeg-dash.pcap.out b/test/results/collectd-stats/mpeg-dash.pcap.out
index 8696d0373..183b699a5 100644
--- a/test/results/collectd-stats/mpeg-dash.pcap.out
+++ b/test/results/collectd-stats/mpeg-dash.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:30
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:26116
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:26376
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:4
@@ -11,7 +11,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:2220
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:1591
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:13
 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1
@@ -92,7 +92,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/mpeg.pcap.out b/test/results/collectd-stats/mpeg.pcap.out
index f5740d325..1efde8044 100644
--- a/test/results/collectd-stats/mpeg.pcap.out
+++ b/test/results/collectd-stats/mpeg.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/mpegts.pcap.out b/test/results/collectd-stats/mpegts.pcap.out
index 1c1146545..5d475eb0e 100644
--- a/test/results/collectd-stats/mpegts.pcap.out
+++ b/test/results/collectd-stats/mpegts.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/mqtt.pcap.out b/test/results/collectd-stats/mqtt.pcap.out
index bed8a1197..e50f5f13d 100644
--- a/test/results/collectd-stats/mqtt.pcap.out
+++ b/test/results/collectd-stats/mqtt.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/mssql_tds.pcap.out b/test/results/collectd-stats/mssql_tds.pcap.out
index 1866f511c..59fcd3767 100644
--- a/test/results/collectd-stats/mssql_tds.pcap.out
+++ b/test/results/collectd-stats/mssql_tds.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/munin.pcap.out b/test/results/collectd-stats/munin.pcap.out
index fd9282b40..c9fef8ab6 100644
--- a/test/results/collectd-stats/munin.pcap.out
+++ b/test/results/collectd-stats/munin.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/mysql-8.pcap.out b/test/results/collectd-stats/mysql-8.pcap.out
index 944f4fbe8..20cb8f9b5 100644
--- a/test/results/collectd-stats/mysql-8.pcap.out
+++ b/test/results/collectd-stats/mysql-8.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/natpmp.pcap.out b/test/results/collectd-stats/natpmp.pcap.out
index febc34673..a074eb673 100644
--- a/test/results/collectd-stats/natpmp.pcap.out
+++ b/test/results/collectd-stats/natpmp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/nats.pcap.out b/test/results/collectd-stats/nats.pcap.out
index 3c6bcfc26..6952dbfe1 100644
--- a/test/results/collectd-stats/nats.pcap.out
+++ b/test/results/collectd-stats/nats.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/ndpi_match_string_subprotocol__error.pcapng.out b/test/results/collectd-stats/ndpi_match_string_subprotocol__error.pcapng.out
index 4b28bd8dc..ef3380a99 100644
--- a/test/results/collectd-stats/ndpi_match_string_subprotocol__error.pcapng.out
+++ b/test/results/collectd-stats/ndpi_match_string_subprotocol__error.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/nest_log_sink.pcap.out b/test/results/collectd-stats/nest_log_sink.pcap.out
index 714d05aa8..9d9bb0c05 100644
--- a/test/results/collectd-stats/nest_log_sink.pcap.out
+++ b/test/results/collectd-stats/nest_log_sink.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/netbios.pcap.out b/test/results/collectd-stats/netbios.pcap.out
index 810fa4a74..3316b5f42 100644
--- a/test/results/collectd-stats/netbios.pcap.out
+++ b/test/results/collectd-stats/netbios.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/netbios_wildcard_dns_query.pcap.out b/test/results/collectd-stats/netbios_wildcard_dns_query.pcap.out
index 80f214253..abfe09c85 100644
--- a/test/results/collectd-stats/netbios_wildcard_dns_query.pcap.out
+++ b/test/results/collectd-stats/netbios_wildcard_dns_query.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/netflix.pcap.out b/test/results/collectd-stats/netflix.pcap.out
index a6a5daf34..5462e90c7 100644
--- a/test/results/collectd-stats/netflix.pcap.out
+++ b/test/results/collectd-stats/netflix.pcap.out
@@ -1,16 +1,16 @@
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:559
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:537933
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:554
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:527720
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:61
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:40
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:21
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:10
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:36
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:35
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:26
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:9
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:32
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:60
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:61
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:197691
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:5489166
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:183951
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:1082912
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:31
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:266
@@ -20,7 +20,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:26
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:105
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:104
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0
@@ -40,7 +40,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:36
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:35
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/netflow-fritz.pcap.out b/test/results/collectd-stats/netflow-fritz.pcap.out
index a0a2b2ad2..2c0fbf3bb 100644
--- a/test/results/collectd-stats/netflow-fritz.pcap.out
+++ b/test/results/collectd-stats/netflow-fritz.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/netflowv9.pcap.out b/test/results/collectd-stats/netflowv9.pcap.out
index 7a3b84a9a..f99b6621a 100644
--- a/test/results/collectd-stats/netflowv9.pcap.out
+++ b/test/results/collectd-stats/netflowv9.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/nfsv2.pcap.out b/test/results/collectd-stats/nfsv2.pcap.out
index ebdee0d0a..6b75b3d0b 100644
--- a/test/results/collectd-stats/nfsv2.pcap.out
+++ b/test/results/collectd-stats/nfsv2.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/nfsv3.pcap.out b/test/results/collectd-stats/nfsv3.pcap.out
index 9e795698e..4df8f6dd6 100644
--- a/test/results/collectd-stats/nfsv3.pcap.out
+++ b/test/results/collectd-stats/nfsv3.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/nintendo.pcap.out b/test/results/collectd-stats/nintendo.pcap.out
index 525ff6da5..2d38b831b 100644
--- a/test/results/collectd-stats/nintendo.pcap.out
+++ b/test/results/collectd-stats/nintendo.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/nntp.pcap.out b/test/results/collectd-stats/nntp.pcap.out
index 95686b9ff..7cb7849fa 100644
--- a/test/results/collectd-stats/nntp.pcap.out
+++ b/test/results/collectd-stats/nntp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/no_sni.pcap.out b/test/results/collectd-stats/no_sni.pcap.out
index 9391b9a5a..fe2f059b9 100644
--- a/test/results/collectd-stats/no_sni.pcap.out
+++ b/test/results/collectd-stats/no_sni.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/ocs.pcap.out b/test/results/collectd-stats/ocs.pcap.out
index 2f25b009c..c9a74ebae 100644
--- a/test/results/collectd-stats/ocs.pcap.out
+++ b/test/results/collectd-stats/ocs.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/ocsp.pcapng.out b/test/results/collectd-stats/ocsp.pcapng.out
index 57892f163..76139c661 100644
--- a/test/results/collectd-stats/ocsp.pcapng.out
+++ b/test/results/collectd-stats/ocsp.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/ookla.pcap.out b/test/results/collectd-stats/ookla.pcap.out
index e78f1288b..b163596a9 100644
--- a/test/results/collectd-stats/ookla.pcap.out
+++ b/test/results/collectd-stats/ookla.pcap.out
@@ -1,5 +1,5 @@
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:20
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:14737
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:21
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:15948
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:0
@@ -7,18 +7,18 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:2
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:885186
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:3463927
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:10
 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0
@@ -40,7 +40,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0
@@ -92,7 +92,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/openvpn.pcap.out b/test/results/collectd-stats/openvpn.pcap.out
index 92778bb90..aca48b250 100644
--- a/test/results/collectd-stats/openvpn.pcap.out
+++ b/test/results/collectd-stats/openvpn.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/oracle12.pcapng.out b/test/results/collectd-stats/oracle12.pcapng.out
index 3857136a0..cedc9b701 100644
--- a/test/results/collectd-stats/oracle12.pcapng.out
+++ b/test/results/collectd-stats/oracle12.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/os_detected.pcapng.out b/test/results/collectd-stats/os_detected.pcapng.out
index 02298fa42..1a500e72e 100644
--- a/test/results/collectd-stats/os_detected.pcapng.out
+++ b/test/results/collectd-stats/os_detected.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/ospfv2_add_new_prefix.pcap.out b/test/results/collectd-stats/ospfv2_add_new_prefix.pcap.out
index c2b903040..a9843e0ec 100644
--- a/test/results/collectd-stats/ospfv2_add_new_prefix.pcap.out
+++ b/test/results/collectd-stats/ospfv2_add_new_prefix.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/pgm.pcap.out b/test/results/collectd-stats/pgm.pcap.out
index a4e5702ce..fd714720f 100644
--- a/test/results/collectd-stats/pgm.pcap.out
+++ b/test/results/collectd-stats/pgm.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/pgsql.pcap.out b/test/results/collectd-stats/pgsql.pcap.out
index 707073813..f6e524826 100644
--- a/test/results/collectd-stats/pgsql.pcap.out
+++ b/test/results/collectd-stats/pgsql.pcap.out
@@ -1,25 +1,25 @@
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:19
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:12162
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:2
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:52
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:33675
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:6
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:3
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:801
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:1302
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:1157
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:1836
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:10
+PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:30
 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1
-PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0
@@ -37,7 +37,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0
@@ -55,10 +55,10 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/pim.pcap.out b/test/results/collectd-stats/pim.pcap.out
index d8c8d81c4..eb194a0ed 100644
--- a/test/results/collectd-stats/pim.pcap.out
+++ b/test/results/collectd-stats/pim.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/pinterest.pcap.out b/test/results/collectd-stats/pinterest.pcap.out
index 08f292ef3..0755b50c8 100644
--- a/test/results/collectd-stats/pinterest.pcap.out
+++ b/test/results/collectd-stats/pinterest.pcap.out
@@ -1,16 +1,16 @@
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:303
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:304982
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:302
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:302360
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:37
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:32
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:16
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:15
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:16
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:21
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:36
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:114664
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:26375679
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:32739
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:611338
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:137
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/pluralsight.pcap.out b/test/results/collectd-stats/pluralsight.pcap.out
index 583e2c56b..f0f4a8338 100644
--- a/test/results/collectd-stats/pluralsight.pcap.out
+++ b/test/results/collectd-stats/pluralsight.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/pop3.pcap.out b/test/results/collectd-stats/pop3.pcap.out
index 4bb3cf5f5..54126901b 100644
--- a/test/results/collectd-stats/pop3.pcap.out
+++ b/test/results/collectd-stats/pop3.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/pop3_stls.pcap.out b/test/results/collectd-stats/pop3_stls.pcap.out
index 00693d1d3..7abfd270d 100644
--- a/test/results/collectd-stats/pop3_stls.pcap.out
+++ b/test/results/collectd-stats/pop3_stls.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/pops.pcapng.out b/test/results/collectd-stats/pops.pcapng.out
index 589036d5a..1050f8cdd 100644
--- a/test/results/collectd-stats/pops.pcapng.out
+++ b/test/results/collectd-stats/pops.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/pps.pcap.out b/test/results/collectd-stats/pps.pcap.out
index 76eb050bd..76a04a5d2 100644
--- a/test/results/collectd-stats/pps.pcap.out
+++ b/test/results/collectd-stats/pps.pcap.out
@@ -1,17 +1,17 @@
 PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:657
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:628956
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:631727
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:107
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:103
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:35
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:8
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:2
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:71
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:76
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:2
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:34
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:29
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:248444
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:1872658
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:4
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:288
 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1
@@ -20,7 +20,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:58
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:15
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:25
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0
@@ -43,7 +43,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:34
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:44
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:11
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0
@@ -92,7 +92,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/pptp.pcap.out b/test/results/collectd-stats/pptp.pcap.out
index cede8eb02..eeb677993 100644
--- a/test/results/collectd-stats/pptp.pcap.out
+++ b/test/results/collectd-stats/pptp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/psiphon3.pcap.out b/test/results/collectd-stats/psiphon3.pcap.out
index e8fef3201..b7aac841b 100644
--- a/test/results/collectd-stats/psiphon3.pcap.out
+++ b/test/results/collectd-stats/psiphon3.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/punycode-idn.pcap.out b/test/results/collectd-stats/punycode-idn.pcap.out
index 6dd6c653f..eb13ef2ac 100644
--- a/test/results/collectd-stats/punycode-idn.pcap.out
+++ b/test/results/collectd-stats/punycode-idn.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic-23.pcap.out b/test/results/collectd-stats/quic-23.pcap.out
index 29a2eb192..e6d269ff6 100644
--- a/test/results/collectd-stats/quic-23.pcap.out
+++ b/test/results/collectd-stats/quic-23.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic-24.pcap.out b/test/results/collectd-stats/quic-24.pcap.out
index 9a18b97f8..af4d020a5 100644
--- a/test/results/collectd-stats/quic-24.pcap.out
+++ b/test/results/collectd-stats/quic-24.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic-27.pcap.out b/test/results/collectd-stats/quic-27.pcap.out
index f49d97ea7..72888ad71 100644
--- a/test/results/collectd-stats/quic-27.pcap.out
+++ b/test/results/collectd-stats/quic-27.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic-28.pcap.out b/test/results/collectd-stats/quic-28.pcap.out
index 659a80dec..7bbda3fbd 100644
--- a/test/results/collectd-stats/quic-28.pcap.out
+++ b/test/results/collectd-stats/quic-28.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic-29.pcap.out b/test/results/collectd-stats/quic-29.pcap.out
index 62ccd3ce4..f4cb5bdbb 100644
--- a/test/results/collectd-stats/quic-29.pcap.out
+++ b/test/results/collectd-stats/quic-29.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic-33.pcapng.out b/test/results/collectd-stats/quic-33.pcapng.out
index 41e10a10c..b88813f7e 100644
--- a/test/results/collectd-stats/quic-33.pcapng.out
+++ b/test/results/collectd-stats/quic-33.pcapng.out
@@ -1,16 +1,16 @@
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:16353
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:13977
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:8598
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:1270620
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:1432
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:3470
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:5
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic-34.pcap.out b/test/results/collectd-stats/quic-34.pcap.out
index 3ce04e52e..ca5d10fb2 100644
--- a/test/results/collectd-stats/quic-34.pcap.out
+++ b/test/results/collectd-stats/quic-34.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic-fuzz-overflow.pcapng.out b/test/results/collectd-stats/quic-fuzz-overflow.pcapng.out
index f25a6c226..8856cf845 100644
--- a/test/results/collectd-stats/quic-fuzz-overflow.pcapng.out
+++ b/test/results/collectd-stats/quic-fuzz-overflow.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic-mvfst-22.pcap.out b/test/results/collectd-stats/quic-mvfst-22.pcap.out
index 4b9d77281..597760d14 100644
--- a/test/results/collectd-stats/quic-mvfst-22.pcap.out
+++ b/test/results/collectd-stats/quic-mvfst-22.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic-mvfst-22_decryption_error.pcap.out b/test/results/collectd-stats/quic-mvfst-22_decryption_error.pcap.out
index 7506a3a60..5601dea8b 100644
--- a/test/results/collectd-stats/quic-mvfst-22_decryption_error.pcap.out
+++ b/test/results/collectd-stats/quic-mvfst-22_decryption_error.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic-mvfst-27.pcapng.out b/test/results/collectd-stats/quic-mvfst-27.pcapng.out
index 6eec44885..d99d6442b 100644
--- a/test/results/collectd-stats/quic-mvfst-27.pcapng.out
+++ b/test/results/collectd-stats/quic-mvfst-27.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic-mvfst-exp.pcap.out b/test/results/collectd-stats/quic-mvfst-exp.pcap.out
index 1133c800a..19c87bab5 100644
--- a/test/results/collectd-stats/quic-mvfst-exp.pcap.out
+++ b/test/results/collectd-stats/quic-mvfst-exp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic-v2-01.pcapng.out b/test/results/collectd-stats/quic-v2-01.pcapng.out
index 70a1ee908..26ce12444 100644
--- a/test/results/collectd-stats/quic-v2-01.pcapng.out
+++ b/test/results/collectd-stats/quic-v2-01.pcapng.out
@@ -1,16 +1,16 @@
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:16831
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:14456
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:5301
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:1267919
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:3333
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:3910
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:5
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic.pcap.out b/test/results/collectd-stats/quic.pcap.out
index 133fdbd96..25a0f2fec 100644
--- a/test/results/collectd-stats/quic.pcap.out
+++ b/test/results/collectd-stats/quic.pcap.out
@@ -1,14 +1,14 @@
 PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:80
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:112565
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:112642
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:10
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:10
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:2
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:9
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:41643
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:285405
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic046.pcap.out b/test/results/collectd-stats/quic046.pcap.out
index 15e6b29ca..f123e2e81 100644
--- a/test/results/collectd-stats/quic046.pcap.out
+++ b/test/results/collectd-stats/quic046.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic_0RTT.pcap.out b/test/results/collectd-stats/quic_0RTT.pcap.out
index 4e9c16788..63604fc8a 100644
--- a/test/results/collectd-stats/quic_0RTT.pcap.out
+++ b/test/results/collectd-stats/quic_0RTT.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic_crypto_aes_auth_size.pcap.out b/test/results/collectd-stats/quic_crypto_aes_auth_size.pcap.out
index 974fd885f..96dac19ca 100644
--- a/test/results/collectd-stats/quic_crypto_aes_auth_size.pcap.out
+++ b/test/results/collectd-stats/quic_crypto_aes_auth_size.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic_frags_ch_in_multiple_packets.pcapng.out b/test/results/collectd-stats/quic_frags_ch_in_multiple_packets.pcapng.out
index bf59bde5c..5fa02a6a8 100644
--- a/test/results/collectd-stats/quic_frags_ch_in_multiple_packets.pcapng.out
+++ b/test/results/collectd-stats/quic_frags_ch_in_multiple_packets.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/collectd-stats/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out
index 778ab9802..956fd3039 100644
--- a/test/results/collectd-stats/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out
+++ b/test/results/collectd-stats/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic_interop_V.pcapng.out b/test/results/collectd-stats/quic_interop_V.pcapng.out
index 9ec9f2de7..458e3be50 100644
--- a/test/results/collectd-stats/quic_interop_V.pcapng.out
+++ b/test/results/collectd-stats/quic_interop_V.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic_q39.pcap.out b/test/results/collectd-stats/quic_q39.pcap.out
index 8e32a3eda..631e2f0df 100644
--- a/test/results/collectd-stats/quic_q39.pcap.out
+++ b/test/results/collectd-stats/quic_q39.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic_q43.pcap.out b/test/results/collectd-stats/quic_q43.pcap.out
index c59532f8d..2be31c35e 100644
--- a/test/results/collectd-stats/quic_q43.pcap.out
+++ b/test/results/collectd-stats/quic_q43.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic_q46.pcap.out b/test/results/collectd-stats/quic_q46.pcap.out
index eec3b6436..f5af6aedc 100644
--- a/test/results/collectd-stats/quic_q46.pcap.out
+++ b/test/results/collectd-stats/quic_q46.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic_q46_b.pcap.out b/test/results/collectd-stats/quic_q46_b.pcap.out
index c7192b454..8dffde86f 100644
--- a/test/results/collectd-stats/quic_q46_b.pcap.out
+++ b/test/results/collectd-stats/quic_q46_b.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic_q50.pcap.out b/test/results/collectd-stats/quic_q50.pcap.out
index 6a64947a1..65a5b0dee 100644
--- a/test/results/collectd-stats/quic_q50.pcap.out
+++ b/test/results/collectd-stats/quic_q50.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic_t50.pcap.out b/test/results/collectd-stats/quic_t50.pcap.out
index e996806ee..69ea2aadd 100644
--- a/test/results/collectd-stats/quic_t50.pcap.out
+++ b/test/results/collectd-stats/quic_t50.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quic_t51.pcap.out b/test/results/collectd-stats/quic_t51.pcap.out
index b2a0e9a1e..c56232e97 100644
--- a/test/results/collectd-stats/quic_t51.pcap.out
+++ b/test/results/collectd-stats/quic_t51.pcap.out
@@ -1,16 +1,16 @@
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:19386
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:16177
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:1
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:21835
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:524919
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:2888
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:5904
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:5
@@ -19,7 +19,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0
@@ -31,7 +31,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/quickplay.pcap.out b/test/results/collectd-stats/quickplay.pcap.out
index f5924e321..6ebf0c2ab 100644
--- a/test/results/collectd-stats/quickplay.pcap.out
+++ b/test/results/collectd-stats/quickplay.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/radius_false_positive.pcapng.out b/test/results/collectd-stats/radius_false_positive.pcapng.out
index 7c4d27011..feef5cbcd 100644
--- a/test/results/collectd-stats/radius_false_positive.pcapng.out
+++ b/test/results/collectd-stats/radius_false_positive.pcapng.out
@@ -1,14 +1,14 @@
 PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:10827
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:10904
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:6859
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:0
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/raknet.pcap.out b/test/results/collectd-stats/raknet.pcap.out
index 7444a36c0..817dfa78a 100644
--- a/test/results/collectd-stats/raknet.pcap.out
+++ b/test/results/collectd-stats/raknet.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/rdp.pcap.out b/test/results/collectd-stats/rdp.pcap.out
index 7935686d6..12d82d46f 100644
--- a/test/results/collectd-stats/rdp.pcap.out
+++ b/test/results/collectd-stats/rdp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/reasm_crash_anon.pcapng.out b/test/results/collectd-stats/reasm_crash_anon.pcapng.out
index a59237370..3c506d331 100644
--- a/test/results/collectd-stats/reasm_crash_anon.pcapng.out
+++ b/test/results/collectd-stats/reasm_crash_anon.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/reasm_segv_anon.pcapng.out b/test/results/collectd-stats/reasm_segv_anon.pcapng.out
index 5b9d00864..991fdb242 100644
--- a/test/results/collectd-stats/reasm_segv_anon.pcapng.out
+++ b/test/results/collectd-stats/reasm_segv_anon.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/reddit.pcap.out b/test/results/collectd-stats/reddit.pcap.out
index 200a4259e..0c74469a9 100644
--- a/test/results/collectd-stats/reddit.pcap.out
+++ b/test/results/collectd-stats/reddit.pcap.out
@@ -1,16 +1,16 @@
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:603
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:572939
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:599
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:564376
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:60
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:23
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:37
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:28
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:25
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:59
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:94
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:93
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:236469
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:10336954
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:218262
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:1975447
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:298
@@ -20,7 +20,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:17
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:54
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:82
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:81
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0
@@ -32,7 +32,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:51
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:76
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:75
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/riotgames.pcap.out b/test/results/collectd-stats/riotgames.pcap.out
index f1b72a9f7..26c29f1ec 100644
--- a/test/results/collectd-stats/riotgames.pcap.out
+++ b/test/results/collectd-stats/riotgames.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/rsh-syslog-false-positive.pcap.out b/test/results/collectd-stats/rsh-syslog-false-positive.pcap.out
index e51e68771..17a9d841b 100644
--- a/test/results/collectd-stats/rsh-syslog-false-positive.pcap.out
+++ b/test/results/collectd-stats/rsh-syslog-false-positive.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/rsh.pcap.out b/test/results/collectd-stats/rsh.pcap.out
index fe0b0db3e..00700000c 100644
--- a/test/results/collectd-stats/rsh.pcap.out
+++ b/test/results/collectd-stats/rsh.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/rsync.pcap.out b/test/results/collectd-stats/rsync.pcap.out
index 7ad9271c0..bdc4547bc 100644
--- a/test/results/collectd-stats/rsync.pcap.out
+++ b/test/results/collectd-stats/rsync.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/rtmp.pcap.out b/test/results/collectd-stats/rtmp.pcap.out
index 84a8b6b6a..89cc3e2e6 100644
--- a/test/results/collectd-stats/rtmp.pcap.out
+++ b/test/results/collectd-stats/rtmp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/rtsp.pcap.out b/test/results/collectd-stats/rtsp.pcap.out
index b280c4f3d..f57ff12e6 100644
--- a/test/results/collectd-stats/rtsp.pcap.out
+++ b/test/results/collectd-stats/rtsp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/rtsp_setup_http.pcapng.out b/test/results/collectd-stats/rtsp_setup_http.pcapng.out
index f74338283..0f1dc3309 100644
--- a/test/results/collectd-stats/rtsp_setup_http.pcapng.out
+++ b/test/results/collectd-stats/rtsp_setup_http.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/rx.pcap.out b/test/results/collectd-stats/rx.pcap.out
index 046340c3e..66ca39dca 100644
--- a/test/results/collectd-stats/rx.pcap.out
+++ b/test/results/collectd-stats/rx.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/s7comm.pcap.out b/test/results/collectd-stats/s7comm.pcap.out
index a679cc460..078b05082 100644
--- a/test/results/collectd-stats/s7comm.pcap.out
+++ b/test/results/collectd-stats/s7comm.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/safari.pcap.out b/test/results/collectd-stats/safari.pcap.out
index 58fb5894a..a8ec05349 100644
--- a/test/results/collectd-stats/safari.pcap.out
+++ b/test/results/collectd-stats/safari.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/salesforce.pcap.out b/test/results/collectd-stats/salesforce.pcap.out
index de5a518a8..4574f7fb8 100644
--- a/test/results/collectd-stats/salesforce.pcap.out
+++ b/test/results/collectd-stats/salesforce.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/sccp_hw_conf_register.pcapng.out b/test/results/collectd-stats/sccp_hw_conf_register.pcapng.out
index c4b111040..3c4e0b2a3 100644
--- a/test/results/collectd-stats/sccp_hw_conf_register.pcapng.out
+++ b/test/results/collectd-stats/sccp_hw_conf_register.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/sctp.cap.out b/test/results/collectd-stats/sctp.cap.out
index fef8565a2..8894fa8d6 100644
--- a/test/results/collectd-stats/sctp.cap.out
+++ b/test/results/collectd-stats/sctp.cap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/selfsigned.pcap.out b/test/results/collectd-stats/selfsigned.pcap.out
index 2b827fb16..1b496ebd6 100644
--- a/test/results/collectd-stats/selfsigned.pcap.out
+++ b/test/results/collectd-stats/selfsigned.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/sflow.pcap.out b/test/results/collectd-stats/sflow.pcap.out
index 5ccfffe89..94a93aca3 100644
--- a/test/results/collectd-stats/sflow.pcap.out
+++ b/test/results/collectd-stats/sflow.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/signal.pcap.out b/test/results/collectd-stats/signal.pcap.out
index 608636ec7..1a5a8877c 100644
--- a/test/results/collectd-stats/signal.pcap.out
+++ b/test/results/collectd-stats/signal.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/simple-dnscrypt.pcap.out b/test/results/collectd-stats/simple-dnscrypt.pcap.out
index ae99d40f1..72942d93e 100644
--- a/test/results/collectd-stats/simple-dnscrypt.pcap.out
+++ b/test/results/collectd-stats/simple-dnscrypt.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/sip.pcap.out b/test/results/collectd-stats/sip.pcap.out
index a440a7d03..6bf972dd4 100644
--- a/test/results/collectd-stats/sip.pcap.out
+++ b/test/results/collectd-stats/sip.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/sip_hello.pcapng.out b/test/results/collectd-stats/sip_hello.pcapng.out
index cc3879685..e5ac770b7 100644
--- a/test/results/collectd-stats/sip_hello.pcapng.out
+++ b/test/results/collectd-stats/sip_hello.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/sites.pcapng.out b/test/results/collectd-stats/sites.pcapng.out
index 163f08448..5e31cd27d 100644
--- a/test/results/collectd-stats/sites.pcapng.out
+++ b/test/results/collectd-stats/sites.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/skinny.pcap.out b/test/results/collectd-stats/skinny.pcap.out
index c7fdaf93d..2052c504a 100644
--- a/test/results/collectd-stats/skinny.pcap.out
+++ b/test/results/collectd-stats/skinny.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/skype-conference-call.pcap.out b/test/results/collectd-stats/skype-conference-call.pcap.out
index b93bb8c25..6f42f5c95 100644
--- a/test/results/collectd-stats/skype-conference-call.pcap.out
+++ b/test/results/collectd-stats/skype-conference-call.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/skype.pcap.out b/test/results/collectd-stats/skype.pcap.out
index 72b80d9fc..0c2d5fb80 100644
--- a/test/results/collectd-stats/skype.pcap.out
+++ b/test/results/collectd-stats/skype.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/skype_no_unknown.pcap.out b/test/results/collectd-stats/skype_no_unknown.pcap.out
index cf5a3668d..c0e5ad17d 100644
--- a/test/results/collectd-stats/skype_no_unknown.pcap.out
+++ b/test/results/collectd-stats/skype_no_unknown.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/skype_udp.pcap.out b/test/results/collectd-stats/skype_udp.pcap.out
index 8130525c0..9f6df83ca 100644
--- a/test/results/collectd-stats/skype_udp.pcap.out
+++ b/test/results/collectd-stats/skype_udp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/smb_deletefile.pcap.out b/test/results/collectd-stats/smb_deletefile.pcap.out
index ec7322bcf..2138882ea 100644
--- a/test/results/collectd-stats/smb_deletefile.pcap.out
+++ b/test/results/collectd-stats/smb_deletefile.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/smb_frags.pcap.out b/test/results/collectd-stats/smb_frags.pcap.out
index 1ed82a85c..c08c4d94b 100644
--- a/test/results/collectd-stats/smb_frags.pcap.out
+++ b/test/results/collectd-stats/smb_frags.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/smbv1.pcap.out b/test/results/collectd-stats/smbv1.pcap.out
index f0fd21c40..f0324d3ff 100644
--- a/test/results/collectd-stats/smbv1.pcap.out
+++ b/test/results/collectd-stats/smbv1.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/smpp_in_general.pcap.out b/test/results/collectd-stats/smpp_in_general.pcap.out
index f24f26ff1..c5b26ba63 100644
--- a/test/results/collectd-stats/smpp_in_general.pcap.out
+++ b/test/results/collectd-stats/smpp_in_general.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/smtp-starttls.pcap.out b/test/results/collectd-stats/smtp-starttls.pcap.out
index 9dc3f3e29..8b7a73f05 100644
--- a/test/results/collectd-stats/smtp-starttls.pcap.out
+++ b/test/results/collectd-stats/smtp-starttls.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/smtp.pcap.out b/test/results/collectd-stats/smtp.pcap.out
index 3518f2e4e..6492610d0 100644
--- a/test/results/collectd-stats/smtp.pcap.out
+++ b/test/results/collectd-stats/smtp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/smtps.pcapng.out b/test/results/collectd-stats/smtps.pcapng.out
index 91c584fd3..c8b4d2fd9 100644
--- a/test/results/collectd-stats/smtps.pcapng.out
+++ b/test/results/collectd-stats/smtps.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/snapchat.pcap.out b/test/results/collectd-stats/snapchat.pcap.out
index 32c602b17..f0477e5c3 100644
--- a/test/results/collectd-stats/snapchat.pcap.out
+++ b/test/results/collectd-stats/snapchat.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/snapchat_call.pcapng.out b/test/results/collectd-stats/snapchat_call.pcapng.out
index a1a8592ed..d553c10e2 100644
--- a/test/results/collectd-stats/snapchat_call.pcapng.out
+++ b/test/results/collectd-stats/snapchat_call.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/snmp.pcap.out b/test/results/collectd-stats/snmp.pcap.out
index d736e93cc..12e5a4463 100644
--- a/test/results/collectd-stats/snmp.pcap.out
+++ b/test/results/collectd-stats/snmp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/soap.pcap.out b/test/results/collectd-stats/soap.pcap.out
index e593203f7..99ac5e44c 100644
--- a/test/results/collectd-stats/soap.pcap.out
+++ b/test/results/collectd-stats/soap.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/socks-http-example.pcap.out b/test/results/collectd-stats/socks-http-example.pcap.out
index 397a5b2a5..4fded4b19 100644
--- a/test/results/collectd-stats/socks-http-example.pcap.out
+++ b/test/results/collectd-stats/socks-http-example.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/softether.pcap.out b/test/results/collectd-stats/softether.pcap.out
index 1f820f815..a39ae7c01 100644
--- a/test/results/collectd-stats/softether.pcap.out
+++ b/test/results/collectd-stats/softether.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/someip-tp.pcap.out b/test/results/collectd-stats/someip-tp.pcap.out
index 6efb4f399..7295424b2 100644
--- a/test/results/collectd-stats/someip-tp.pcap.out
+++ b/test/results/collectd-stats/someip-tp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/someip-udp-method-call.pcapng.out b/test/results/collectd-stats/someip-udp-method-call.pcapng.out
index 1f18f4406..410ef23da 100644
--- a/test/results/collectd-stats/someip-udp-method-call.pcapng.out
+++ b/test/results/collectd-stats/someip-udp-method-call.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/someip_sd_sample.pcap.out b/test/results/collectd-stats/someip_sd_sample.pcap.out
index a4c74401c..bd7494ea8 100644
--- a/test/results/collectd-stats/someip_sd_sample.pcap.out
+++ b/test/results/collectd-stats/someip_sd_sample.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/sql_injection.pcap.out b/test/results/collectd-stats/sql_injection.pcap.out
index a7a10e22a..cd017468e 100644
--- a/test/results/collectd-stats/sql_injection.pcap.out
+++ b/test/results/collectd-stats/sql_injection.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/ssdp-m-search-ua.pcap.out b/test/results/collectd-stats/ssdp-m-search-ua.pcap.out
index 933339e58..58cd86866 100644
--- a/test/results/collectd-stats/ssdp-m-search-ua.pcap.out
+++ b/test/results/collectd-stats/ssdp-m-search-ua.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/ssdp-m-search.pcap.out b/test/results/collectd-stats/ssdp-m-search.pcap.out
index f125e062e..4d5c80277 100644
--- a/test/results/collectd-stats/ssdp-m-search.pcap.out
+++ b/test/results/collectd-stats/ssdp-m-search.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/ssh.pcap.out b/test/results/collectd-stats/ssh.pcap.out
index e4d860675..d338bbf5c 100644
--- a/test/results/collectd-stats/ssh.pcap.out
+++ b/test/results/collectd-stats/ssh.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/ssl-cert-name-mismatch.pcap.out b/test/results/collectd-stats/ssl-cert-name-mismatch.pcap.out
index 1a5dd18ec..287632536 100644
--- a/test/results/collectd-stats/ssl-cert-name-mismatch.pcap.out
+++ b/test/results/collectd-stats/ssl-cert-name-mismatch.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/starcraft_battle.pcap.out b/test/results/collectd-stats/starcraft_battle.pcap.out
index c04251dac..4225a3d41 100644
--- a/test/results/collectd-stats/starcraft_battle.pcap.out
+++ b/test/results/collectd-stats/starcraft_battle.pcap.out
@@ -1,14 +1,14 @@
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:379
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:277736
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:380
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:278927
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:52
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:26
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:26
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:3
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:11
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:12
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:39
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:13
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:11037
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:305631
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:3
@@ -20,7 +20,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:9
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:40
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0
@@ -34,7 +34,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interva
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:27
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0
@@ -92,7 +92,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0
@@ -104,7 +104,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/steam.pcap.out b/test/results/collectd-stats/steam.pcap.out
index ad983061c..4128f8427 100644
--- a/test/results/collectd-stats/steam.pcap.out
+++ b/test/results/collectd-stats/steam.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/steam_datagram_relay_ping.pcapng.out b/test/results/collectd-stats/steam_datagram_relay_ping.pcapng.out
index 29c4afa81..083484bd2 100644
--- a/test/results/collectd-stats/steam_datagram_relay_ping.pcapng.out
+++ b/test/results/collectd-stats/steam_datagram_relay_ping.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/stun.pcap.out b/test/results/collectd-stats/stun.pcap.out
index 473e9af92..a0cb8d7a8 100644
--- a/test/results/collectd-stats/stun.pcap.out
+++ b/test/results/collectd-stats/stun.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/stun_signal.pcapng.out b/test/results/collectd-stats/stun_signal.pcapng.out
index ce55775c6..398633899 100644
--- a/test/results/collectd-stats/stun_signal.pcapng.out
+++ b/test/results/collectd-stats/stun_signal.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/syncthing.pcap.out b/test/results/collectd-stats/syncthing.pcap.out
index ff5ce29ff..78a88796a 100644
--- a/test/results/collectd-stats/syncthing.pcap.out
+++ b/test/results/collectd-stats/syncthing.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/synscan.pcap.out b/test/results/collectd-stats/synscan.pcap.out
index 528f08137..0c32429fe 100644
--- a/test/results/collectd-stats/synscan.pcap.out
+++ b/test/results/collectd-stats/synscan.pcap.out
@@ -1,14 +1,14 @@
 PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:7996
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:5791731
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:5791889
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1994
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1989
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:120
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:122
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:1874
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:1872
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:0
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/syslog.pcap.out b/test/results/collectd-stats/syslog.pcap.out
index a87983c48..86b4d9cef 100644
--- a/test/results/collectd-stats/syslog.pcap.out
+++ b/test/results/collectd-stats/syslog.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/targusdataspeed_false_positives.pcap.out b/test/results/collectd-stats/targusdataspeed_false_positives.pcap.out
index 6357d22c0..8e2bed03d 100644
--- a/test/results/collectd-stats/targusdataspeed_false_positives.pcap.out
+++ b/test/results/collectd-stats/targusdataspeed_false_positives.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/teams.pcap.out b/test/results/collectd-stats/teams.pcap.out
index 31b25abf8..c82821ea8 100644
--- a/test/results/collectd-stats/teams.pcap.out
+++ b/test/results/collectd-stats/teams.pcap.out
@@ -1,24 +1,24 @@
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:682
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:624166
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:680
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:620083
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:83
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:17
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:66
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:17
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:16
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:80
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:64
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:63
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:1
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:499693
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:828158
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:26
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:293772
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:293323
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:25
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:16
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:317
 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:106
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:105
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:37
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0
@@ -41,7 +41,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:22
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:51
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:44
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:43
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0
@@ -104,7 +104,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/teamspeak3.pcap.out b/test/results/collectd-stats/teamspeak3.pcap.out
index b896f752f..1983d7253 100644
--- a/test/results/collectd-stats/teamspeak3.pcap.out
+++ b/test/results/collectd-stats/teamspeak3.pcap.out
@@ -1,26 +1,26 @@
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:7290
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:260
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:207287
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:142
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:1365
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:4245
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:1872
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:5
+PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:10
 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1
-PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:99
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:144
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0
@@ -36,7 +36,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interv
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:144
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0
@@ -55,11 +55,11 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/teamviewer.pcap.out b/test/results/collectd-stats/teamviewer.pcap.out
index f609c25b8..366c15864 100644
--- a/test/results/collectd-stats/teamviewer.pcap.out
+++ b/test/results/collectd-stats/teamviewer.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/telegram.pcap.out b/test/results/collectd-stats/telegram.pcap.out
index 2b28de443..051c968fe 100644
--- a/test/results/collectd-stats/telegram.pcap.out
+++ b/test/results/collectd-stats/telegram.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:339
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:279331
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:278823
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:48
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:48
@@ -11,7 +11,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:159435
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:109098
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:4
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:163
 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1
@@ -104,7 +104,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:1
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/telnet.pcap.out b/test/results/collectd-stats/telnet.pcap.out
index fae3434cb..1bac717f9 100644
--- a/test/results/collectd-stats/telnet.pcap.out
+++ b/test/results/collectd-stats/telnet.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/teredo.pcap.out b/test/results/collectd-stats/teredo.pcap.out
index 02119267f..83610aa8a 100644
--- a/test/results/collectd-stats/teredo.pcap.out
+++ b/test/results/collectd-stats/teredo.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tftp.pcap.out b/test/results/collectd-stats/tftp.pcap.out
index 9de07b80d..8a2da15cd 100644
--- a/test/results/collectd-stats/tftp.pcap.out
+++ b/test/results/collectd-stats/tftp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/threema.pcap.out b/test/results/collectd-stats/threema.pcap.out
index 7bac30e4e..192210331 100644
--- a/test/results/collectd-stats/threema.pcap.out
+++ b/test/results/collectd-stats/threema.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tinc.pcap.out b/test/results/collectd-stats/tinc.pcap.out
index a5f602c10..ae2f5744c 100644
--- a/test/results/collectd-stats/tinc.pcap.out
+++ b/test/results/collectd-stats/tinc.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tk.pcap.out b/test/results/collectd-stats/tk.pcap.out
index cdce4bcb9..ba4244a9a 100644
--- a/test/results/collectd-stats/tk.pcap.out
+++ b/test/results/collectd-stats/tk.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tls-appdata.pcap.out b/test/results/collectd-stats/tls-appdata.pcap.out
index e74f9a71e..449b812da 100644
--- a/test/results/collectd-stats/tls-appdata.pcap.out
+++ b/test/results/collectd-stats/tls-appdata.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tls-esni-fuzzed.pcap.out b/test/results/collectd-stats/tls-esni-fuzzed.pcap.out
index 69277f904..eb1cfe949 100644
--- a/test/results/collectd-stats/tls-esni-fuzzed.pcap.out
+++ b/test/results/collectd-stats/tls-esni-fuzzed.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tls-rdn-extract.pcap.out b/test/results/collectd-stats/tls-rdn-extract.pcap.out
index a53b82a70..cbf1ffc5c 100644
--- a/test/results/collectd-stats/tls-rdn-extract.pcap.out
+++ b/test/results/collectd-stats/tls-rdn-extract.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tls_2_reasms.pcapng.out b/test/results/collectd-stats/tls_2_reasms.pcapng.out
index 72433506a..d74f41cb6 100644
--- a/test/results/collectd-stats/tls_2_reasms.pcapng.out
+++ b/test/results/collectd-stats/tls_2_reasms.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tls_2_reasms_b.pcapng.out b/test/results/collectd-stats/tls_2_reasms_b.pcapng.out
index 48686e584..e96c7b27c 100644
--- a/test/results/collectd-stats/tls_2_reasms_b.pcapng.out
+++ b/test/results/collectd-stats/tls_2_reasms_b.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tls_alert.pcap.out b/test/results/collectd-stats/tls_alert.pcap.out
index 0f7f29535..f29f94e34 100644
--- a/test/results/collectd-stats/tls_alert.pcap.out
+++ b/test/results/collectd-stats/tls_alert.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tls_certificate_too_long.pcap.out b/test/results/collectd-stats/tls_certificate_too_long.pcap.out
index baaf289d2..1add378a2 100644
--- a/test/results/collectd-stats/tls_certificate_too_long.pcap.out
+++ b/test/results/collectd-stats/tls_certificate_too_long.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tls_cipher_lens.pcap.out b/test/results/collectd-stats/tls_cipher_lens.pcap.out
index 53619c1a0..ce1c8f550 100644
--- a/test/results/collectd-stats/tls_cipher_lens.pcap.out
+++ b/test/results/collectd-stats/tls_cipher_lens.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tls_client_certificate_with_missing_server_one.pcapng.out b/test/results/collectd-stats/tls_client_certificate_with_missing_server_one.pcapng.out
index b7eed95b6..630391dc4 100644
--- a/test/results/collectd-stats/tls_client_certificate_with_missing_server_one.pcapng.out
+++ b/test/results/collectd-stats/tls_client_certificate_with_missing_server_one.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tls_esni_sni_both.pcap.out b/test/results/collectd-stats/tls_esni_sni_both.pcap.out
index aea7bf091..1e30b86f8 100644
--- a/test/results/collectd-stats/tls_esni_sni_both.pcap.out
+++ b/test/results/collectd-stats/tls_esni_sni_both.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tls_false_positives.pcapng.out b/test/results/collectd-stats/tls_false_positives.pcapng.out
index 30d80cbe0..502a1547e 100644
--- a/test/results/collectd-stats/tls_false_positives.pcapng.out
+++ b/test/results/collectd-stats/tls_false_positives.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tls_invalid_reads.pcap.out b/test/results/collectd-stats/tls_invalid_reads.pcap.out
index ec27d6fb2..2a447a2c1 100644
--- a/test/results/collectd-stats/tls_invalid_reads.pcap.out
+++ b/test/results/collectd-stats/tls_invalid_reads.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tls_long_cert.pcap.out b/test/results/collectd-stats/tls_long_cert.pcap.out
index bbd1b8633..464400f54 100644
--- a/test/results/collectd-stats/tls_long_cert.pcap.out
+++ b/test/results/collectd-stats/tls_long_cert.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tls_missing_ch_frag.pcap.out b/test/results/collectd-stats/tls_missing_ch_frag.pcap.out
index 46199ec8f..06b6ace91 100644
--- a/test/results/collectd-stats/tls_missing_ch_frag.pcap.out
+++ b/test/results/collectd-stats/tls_missing_ch_frag.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tls_multiple_synack_different_seq.pcapng.out b/test/results/collectd-stats/tls_multiple_synack_different_seq.pcapng.out
index 5424748ec..fecd369a8 100644
--- a/test/results/collectd-stats/tls_multiple_synack_different_seq.pcapng.out
+++ b/test/results/collectd-stats/tls_multiple_synack_different_seq.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tls_port_80.pcapng.out b/test/results/collectd-stats/tls_port_80.pcapng.out
index dd8eb8034..07799af34 100644
--- a/test/results/collectd-stats/tls_port_80.pcapng.out
+++ b/test/results/collectd-stats/tls_port_80.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tls_torrent.pcapng.out b/test/results/collectd-stats/tls_torrent.pcapng.out
index 4efaa3c09..89b958b76 100644
--- a/test/results/collectd-stats/tls_torrent.pcapng.out
+++ b/test/results/collectd-stats/tls_torrent.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tls_unidirectional.pcap.out b/test/results/collectd-stats/tls_unidirectional.pcap.out
index a8dec5258..6beb6c86b 100644
--- a/test/results/collectd-stats/tls_unidirectional.pcap.out
+++ b/test/results/collectd-stats/tls_unidirectional.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:21
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:21944
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:24689
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:2
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tls_verylong_certificate.pcap.out b/test/results/collectd-stats/tls_verylong_certificate.pcap.out
index b151457b4..f58ff1825 100644
--- a/test/results/collectd-stats/tls_verylong_certificate.pcap.out
+++ b/test/results/collectd-stats/tls_verylong_certificate.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/toca-boca.pcap.out b/test/results/collectd-stats/toca-boca.pcap.out
index 7fcbe0abc..b6416f9f3 100644
--- a/test/results/collectd-stats/toca-boca.pcap.out
+++ b/test/results/collectd-stats/toca-boca.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tor.pcap.out b/test/results/collectd-stats/tor.pcap.out
index 95fa3bfa5..d2225fd71 100644
--- a/test/results/collectd-stats/tor.pcap.out
+++ b/test/results/collectd-stats/tor.pcap.out
@@ -1,16 +1,16 @@
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:167
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:114398
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:166
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:112062
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:8
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:3
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:7
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:6
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:6
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:10
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:288361
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:2523597
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:149127
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:1255423
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:8
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:32
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:47
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tplink_shp.pcap.out b/test/results/collectd-stats/tplink_shp.pcap.out
new file mode 100644
index 000000000..bd2bbe1aa
--- /dev/null
+++ b/test/results/collectd-stats/tplink_shp.pcap.out
@@ -0,0 +1,133 @@
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:314
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:287698
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:8
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:8
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:241
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:3
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:8
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:7279
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:40
+PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:4
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:249
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:249
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:8
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:8
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_0_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/trickbot.pcap.out b/test/results/collectd-stats/trickbot.pcap.out
index 1deddda40..f1a474f1b 100644
--- a/test/results/collectd-stats/trickbot.pcap.out
+++ b/test/results/collectd-stats/trickbot.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tumblr.pcap.out b/test/results/collectd-stats/tumblr.pcap.out
index b03b7c243..1b400194d 100644
--- a/test/results/collectd-stats/tumblr.pcap.out
+++ b/test/results/collectd-stats/tumblr.pcap.out
@@ -1,16 +1,16 @@
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:321
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:265920
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:320
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:263231
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:47
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:46
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:11
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:10
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:28
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:19
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:15
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:83231
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:22113263
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:21294
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:608402
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:151
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/tunnelbear.pcap.out b/test/results/collectd-stats/tunnelbear.pcap.out
index f0961a5ef..b1378a93f 100644
--- a/test/results/collectd-stats/tunnelbear.pcap.out
+++ b/test/results/collectd-stats/tunnelbear.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/aimini-http.pcap.out b/test/results/collectd-stats/tuya_lp.pcap.out
index 0bba2959b..1ff6dcf89 100644
--- a/test/results/collectd-stats/aimini-http.pcap.out
+++ b/test/results/collectd-stats/tuya_lp.pcap.out
@@ -1,26 +1,26 @@
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:36
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:25738
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:4
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:4
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:107
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:84735
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:13
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:13
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:4
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:13
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:39030
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:40100
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:17832
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:20
+PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:65
 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:4
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:13
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0
@@ -54,12 +54,12 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:4
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:4
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:13
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:13
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:4
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:13
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/ubntac2.pcap.out b/test/results/collectd-stats/ubntac2.pcap.out
index 578657bf3..8615c3283 100644
--- a/test/results/collectd-stats/ubntac2.pcap.out
+++ b/test/results/collectd-stats/ubntac2.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/ultrasurf.pcap.out b/test/results/collectd-stats/ultrasurf.pcap.out
index 55e97493d..f78bca7d2 100644
--- a/test/results/collectd-stats/ultrasurf.pcap.out
+++ b/test/results/collectd-stats/ultrasurf.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/upnp.pcap.out b/test/results/collectd-stats/upnp.pcap.out
index 99dc3d753..f6c6c28d0 100644
--- a/test/results/collectd-stats/upnp.pcap.out
+++ b/test/results/collectd-stats/upnp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/viber.pcap.out b/test/results/collectd-stats/viber.pcap.out
index fc3ff9185..0895b2c11 100644
--- a/test/results/collectd-stats/viber.pcap.out
+++ b/test/results/collectd-stats/viber.pcap.out
@@ -1,14 +1,14 @@
 PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:224
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:180352
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:180429
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:29
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:23
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:4
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:3
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:26
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:20
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:25611
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:100826
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:0
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/vnc.pcap.out b/test/results/collectd-stats/vnc.pcap.out
index 198be508e..e02679369 100644
--- a/test/results/collectd-stats/vnc.pcap.out
+++ b/test/results/collectd-stats/vnc.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/vrrp3.pcapng.out b/test/results/collectd-stats/vrrp3.pcapng.out
index 4334ad877..03a203024 100644
--- a/test/results/collectd-stats/vrrp3.pcapng.out
+++ b/test/results/collectd-stats/vrrp3.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/vxlan.pcap.out b/test/results/collectd-stats/vxlan.pcap.out
index c10b40646..397a91e60 100644
--- a/test/results/collectd-stats/vxlan.pcap.out
+++ b/test/results/collectd-stats/vxlan.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/wa_video.pcap.out b/test/results/collectd-stats/wa_video.pcap.out
index 03d95ed71..6ffdc9878 100644
--- a/test/results/collectd-stats/wa_video.pcap.out
+++ b/test/results/collectd-stats/wa_video.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/wa_voice.pcap.out b/test/results/collectd-stats/wa_voice.pcap.out
index 24aa2d982..3731082a2 100644
--- a/test/results/collectd-stats/wa_voice.pcap.out
+++ b/test/results/collectd-stats/wa_voice.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/waze.pcap.out b/test/results/collectd-stats/waze.pcap.out
index e80051859..4fdd6b7c5 100644
--- a/test/results/collectd-stats/waze.pcap.out
+++ b/test/results/collectd-stats/waze.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/webex.pcap.out b/test/results/collectd-stats/webex.pcap.out
index 2380914a0..23352977e 100644
--- a/test/results/collectd-stats/webex.pcap.out
+++ b/test/results/collectd-stats/webex.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/websocket.pcap.out b/test/results/collectd-stats/websocket.pcap.out
index e6ce2f26d..15ceea044 100644
--- a/test/results/collectd-stats/websocket.pcap.out
+++ b/test/results/collectd-stats/websocket.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/wechat.pcap.out b/test/results/collectd-stats/wechat.pcap.out
index d007c9646..ace163028 100644
--- a/test/results/collectd-stats/wechat.pcap.out
+++ b/test/results/collectd-stats/wechat.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/weibo.pcap.out b/test/results/collectd-stats/weibo.pcap.out
index 89235302c..e8ff920b5 100644
--- a/test/results/collectd-stats/weibo.pcap.out
+++ b/test/results/collectd-stats/weibo.pcap.out
@@ -1,17 +1,17 @@
 PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:268
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:212170
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:212070
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:44
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:43
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:6
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:19
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:21
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:23
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:10
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:9449
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:225426
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:117
 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1
@@ -104,7 +104,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/whatsapp.pcap.out b/test/results/collectd-stats/whatsapp.pcap.out
index 7d33c8b64..a1f7fb56b 100644
--- a/test/results/collectd-stats/whatsapp.pcap.out
+++ b/test/results/collectd-stats/whatsapp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/whatsapp_login_call.pcap.out b/test/results/collectd-stats/whatsapp_login_call.pcap.out
index e282fd624..1b912da7d 100644
--- a/test/results/collectd-stats/whatsapp_login_call.pcap.out
+++ b/test/results/collectd-stats/whatsapp_login_call.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/whatsapp_login_chat.pcap.out b/test/results/collectd-stats/whatsapp_login_chat.pcap.out
index 3e355e9fa..e54b1feb7 100644
--- a/test/results/collectd-stats/whatsapp_login_chat.pcap.out
+++ b/test/results/collectd-stats/whatsapp_login_chat.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/whatsapp_voice_and_message.pcap.out b/test/results/collectd-stats/whatsapp_voice_and_message.pcap.out
index fcaa2cad0..417587d22 100644
--- a/test/results/collectd-stats/whatsapp_voice_and_message.pcap.out
+++ b/test/results/collectd-stats/whatsapp_voice_and_message.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/whatsappfiles.pcap.out b/test/results/collectd-stats/whatsappfiles.pcap.out
index aef0ef352..7f3e3b86e 100644
--- a/test/results/collectd-stats/whatsappfiles.pcap.out
+++ b/test/results/collectd-stats/whatsappfiles.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/whois.pcapng.out b/test/results/collectd-stats/whois.pcapng.out
index 9482f0892..fd8f52411 100644
--- a/test/results/collectd-stats/whois.pcapng.out
+++ b/test/results/collectd-stats/whois.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/windowsupdate_over_http.pcap.out b/test/results/collectd-stats/windowsupdate_over_http.pcap.out
index e3d4fc234..1dae93603 100644
--- a/test/results/collectd-stats/windowsupdate_over_http.pcap.out
+++ b/test/results/collectd-stats/windowsupdate_over_http.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/wireguard.pcap.out b/test/results/collectd-stats/wireguard.pcap.out
index 1bcf71d95..d53fe5f8a 100644
--- a/test/results/collectd-stats/wireguard.pcap.out
+++ b/test/results/collectd-stats/wireguard.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/wow.pcap.out b/test/results/collectd-stats/wow.pcap.out
index edf3868da..3d04017d2 100644
--- a/test/results/collectd-stats/wow.pcap.out
+++ b/test/results/collectd-stats/wow.pcap.out
@@ -1,5 +1,5 @@
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:44
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:28510
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:46
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:31212
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:3
@@ -7,11 +7,11 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:5
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:2812
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:1774
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:25
 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1
@@ -20,7 +20,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:5
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0
@@ -34,7 +34,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interva
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:5
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0
@@ -92,7 +92,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/xdmcp.pcap.out b/test/results/collectd-stats/xdmcp.pcap.out
index b9d108faf..6a5a0b25a 100644
--- a/test/results/collectd-stats/xdmcp.pcap.out
+++ b/test/results/collectd-stats/xdmcp.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/xiaomi.pcap.out b/test/results/collectd-stats/xiaomi.pcap.out
index 3adb2a087..4555f61cc 100644
--- a/test/results/collectd-stats/xiaomi.pcap.out
+++ b/test/results/collectd-stats/xiaomi.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/xss.pcap.out b/test/results/collectd-stats/xss.pcap.out
index 6282fd2a7..d164d5537 100644
--- a/test/results/collectd-stats/xss.pcap.out
+++ b/test/results/collectd-stats/xss.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/youtube_quic.pcap.out b/test/results/collectd-stats/youtube_quic.pcap.out
index ef53469ef..e3555920c 100644
--- a/test/results/collectd-stats/youtube_quic.pcap.out
+++ b/test/results/collectd-stats/youtube_quic.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/youtubeupload.pcap.out b/test/results/collectd-stats/youtubeupload.pcap.out
index d1b2e56de..f20729086 100644
--- a/test/results/collectd-stats/youtubeupload.pcap.out
+++ b/test/results/collectd-stats/youtubeupload.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/z3950.pcapng.out b/test/results/collectd-stats/z3950.pcapng.out
index 2598f670d..942ae0f01 100644
--- a/test/results/collectd-stats/z3950.pcapng.out
+++ b/test/results/collectd-stats/z3950.pcapng.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/zabbix.pcap.out b/test/results/collectd-stats/zabbix.pcap.out
index 826164571..86f0270f9 100644
--- a/test/results/collectd-stats/zabbix.pcap.out
+++ b/test/results/collectd-stats/zabbix.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/zattoo.pcap.out b/test/results/collectd-stats/zattoo.pcap.out
index 1d7d3ecd3..d120b38a5 100644
--- a/test/results/collectd-stats/zattoo.pcap.out
+++ b/test/results/collectd-stats/zattoo.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/zcash.pcap.out b/test/results/collectd-stats/zcash.pcap.out
index d41739dd3..38c83cfd5 100644
--- a/test/results/collectd-stats/zcash.pcap.out
+++ b/test/results/collectd-stats/zcash.pcap.out
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/zoom.pcap.out b/test/results/collectd-stats/zoom.pcap.out
index 5ff940d05..aa2c39e71 100644
--- a/test/results/collectd-stats/zoom.pcap.out
+++ b/test/results/collectd-stats/zoom.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:250
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:202575
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:202614
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:33
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:27
@@ -40,14 +40,14 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:21
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:18
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:1
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:26
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:29
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/zoom2.pcap.out b/test/results/collectd-stats/zoom2.pcap.out
index c3527dcb7..3f0dbae7b 100644
--- a/test/results/collectd-stats/zoom2.pcap.out
+++ b/test/results/collectd-stats/zoom2.pcap.out
@@ -1,16 +1,16 @@
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:52
-PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:44388
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:49
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:42057
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:4
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:3
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:4331102
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:4151360
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:368562
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:278396
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:25
@@ -129,3 +129,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd-stats/zoom_p2p.pcapng.out b/test/results/collectd-stats/zoom_p2p.pcapng.out
new file mode 100644
index 000000000..1272fa039
--- /dev/null
+++ b/test/results/collectd-stats/zoom_p2p.pcapng.out
@@ -0,0 +1,133 @@
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:134
+PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:105804
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:13
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:13
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:27
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:4
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:4
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:12
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:137033
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:103149
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:58
+PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:32
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:8
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:9
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:15
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:13
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:11
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_0_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
diff --git a/test/results/collectd.pcap.out b/test/results/collectd.pcap.out
index b145e2cbd..733f31b60 100644
--- a/test/results/collectd.pcap.out
+++ b/test/results/collectd.pcap.out
@@ -80,9 +80,9 @@
 ~~ total active/idle flows...: 9/9
 ~~ total timeout flows.......: 3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6428411 bytes
-~~ total memory freed........: 6428411 bytes
-~~ total allocations/frees...: 122602/122602
+~~ total memory allocated....: 6433380 bytes
+~~ total memory freed........: 6433380 bytes
+~~ total allocations/frees...: 122612/122612
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 493 chars
 ~~ json string max len.......: 2363 chars
diff --git a/test/results/corba.pcap.out b/test/results/corba.pcap.out
index b6d16a1c1..68d0f2f72 100644
--- a/test/results/corba.pcap.out
+++ b/test/results/corba.pcap.out
@@ -33,9 +33,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6422128 bytes
-~~ total memory freed........: 6422128 bytes
-~~ total allocations/frees...: 122483/122483
+~~ total memory allocated....: 6427049 bytes
+~~ total memory freed........: 6427049 bytes
+~~ total allocations/frees...: 122493/122493
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 1152 chars
diff --git a/test/results/cpha.pcap.out b/test/results/cpha.pcap.out
index 7895d7861..36cc0a568 100644
--- a/test/results/cpha.pcap.out
+++ b/test/results/cpha.pcap.out
@@ -13,9 +13,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411747 bytes
-~~ total memory freed........: 6411747 bytes
-~~ total allocations/frees...: 122436/122436
+~~ total memory allocated....: 6416652 bytes
+~~ total memory freed........: 6416652 bytes
+~~ total allocations/frees...: 122446/122446
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 929 chars
diff --git a/test/results/crynet.pcap.out b/test/results/crynet.pcap.out
index 914ada6a7..b4f9d840f 100644
--- a/test/results/crynet.pcap.out
+++ b/test/results/crynet.pcap.out
@@ -44,9 +44,9 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6418886 bytes
-~~ total memory freed........: 6418886 bytes
-~~ total allocations/frees...: 122529/122529
+~~ total memory allocated....: 6423815 bytes
+~~ total memory freed........: 6423815 bytes
+~~ total allocations/frees...: 122539/122539
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 954 chars
diff --git a/test/results/dazn.pcapng.out b/test/results/dazn.pcapng.out
index 772d68ff0..87137aab8 100644
--- a/test/results/dazn.pcapng.out
+++ b/test/results/dazn.pcapng.out
@@ -33,9 +33,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6428066 bytes
-~~ total memory freed........: 6428066 bytes
-~~ total allocations/frees...: 122482/122482
+~~ total memory allocated....: 6432987 bytes
+~~ total memory freed........: 6432987 bytes
+~~ total allocations/frees...: 122492/122492
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 2459 chars
diff --git a/test/results/dcerpc.pcap.out b/test/results/dcerpc.pcap.out
index 912ba1d41..b7443e633 100644
--- a/test/results/dcerpc.pcap.out
+++ b/test/results/dcerpc.pcap.out
@@ -35,9 +35,9 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6417610 bytes
-~~ total memory freed........: 6417610 bytes
-~~ total allocations/frees...: 122485/122485
+~~ total memory allocated....: 6422539 bytes
+~~ total memory freed........: 6422539 bytes
+~~ total allocations/frees...: 122495/122495
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 1770 chars
diff --git a/test/results/dhcp-fuzz.pcapng.out b/test/results/dhcp-fuzz.pcapng.out
index 49c4da8b2..9905a344f 100644
--- a/test/results/dhcp-fuzz.pcapng.out
+++ b/test/results/dhcp-fuzz.pcapng.out
@@ -13,9 +13,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411747 bytes
-~~ total memory freed........: 6411747 bytes
-~~ total allocations/frees...: 122436/122436
+~~ total memory allocated....: 6416652 bytes
+~~ total memory freed........: 6416652 bytes
+~~ total allocations/frees...: 122446/122446
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 496 chars
 ~~ json string max len.......: 983 chars
diff --git a/test/results/diameter.pcap.out b/test/results/diameter.pcap.out
index f3587a26d..a4783b75f 100644
--- a/test/results/diameter.pcap.out
+++ b/test/results/diameter.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411920 bytes
-~~ total memory freed........: 6411920 bytes
-~~ total allocations/frees...: 122442/122442
+~~ total memory allocated....: 6416825 bytes
+~~ total memory freed........: 6416825 bytes
+~~ total allocations/frees...: 122452/122452
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 493 chars
 ~~ json string max len.......: 976 chars
diff --git a/test/results/discord.pcap.out b/test/results/discord.pcap.out
index e6bfee034..ff697fe4c 100644
--- a/test/results/discord.pcap.out
+++ b/test/results/discord.pcap.out
@@ -322,9 +322,9 @@
 ~~ total active/idle flows...: 34/34
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6490068 bytes
-~~ total memory freed........: 6490068 bytes
-~~ total allocations/frees...: 123221/123221
+~~ total memory allocated....: 6495237 bytes
+~~ total memory freed........: 6495237 bytes
+~~ total allocations/frees...: 123231/123231
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 478 chars
 ~~ json string max len.......: 2420 chars
diff --git a/test/results/dlt_ppp.pcap.out b/test/results/dlt_ppp.pcap.out
index 669f3083a..b1787efca 100644
--- a/test/results/dlt_ppp.pcap.out
+++ b/test/results/dlt_ppp.pcap.out
@@ -10,9 +10,9 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6409946 bytes
-~~ total memory freed........: 6409946 bytes
-~~ total allocations/frees...: 122425/122425
+~~ total memory allocated....: 6414843 bytes
+~~ total memory freed........: 6414843 bytes
+~~ total allocations/frees...: 122435/122435
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 269 chars
 ~~ json string max len.......: 1917 chars
diff --git a/test/results/dnp3.pcap.out b/test/results/dnp3.pcap.out
index d783c09ed..1b3cd738e 100644
--- a/test/results/dnp3.pcap.out
+++ b/test/results/dnp3.pcap.out
@@ -88,9 +88,9 @@
 ~~ total active/idle flows...: 8/8
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6440541 bytes
-~~ total memory freed........: 6440541 bytes
-~~ total allocations/frees...: 123072/123072
+~~ total memory allocated....: 6445502 bytes
+~~ total memory freed........: 6445502 bytes
+~~ total allocations/frees...: 123082/123082
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 2077 chars
diff --git a/test/results/dns-invalid-chars.pcap.out b/test/results/dns-invalid-chars.pcap.out
index 273a3cd72..3ca6955d3 100644
--- a/test/results/dns-invalid-chars.pcap.out
+++ b/test/results/dns-invalid-chars.pcap.out
@@ -15,9 +15,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411804 bytes
-~~ total memory freed........: 6411804 bytes
-~~ total allocations/frees...: 122438/122438
+~~ total memory allocated....: 6416709 bytes
+~~ total memory freed........: 6416709 bytes
+~~ total allocations/frees...: 122448/122448
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 502 chars
 ~~ json string max len.......: 1070 chars
diff --git a/test/results/dns-tunnel-iodine.pcap.out b/test/results/dns-tunnel-iodine.pcap.out
index 95655102f..a37b444b8 100644
--- a/test/results/dns-tunnel-iodine.pcap.out
+++ b/test/results/dns-tunnel-iodine.pcap.out
@@ -19,9 +19,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6424357 bytes
-~~ total memory freed........: 6424357 bytes
-~~ total allocations/frees...: 122871/122871
+~~ total memory allocated....: 6429287 bytes
+~~ total memory freed........: 6429287 bytes
+~~ total allocations/frees...: 122882/122882
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 502 chars
 ~~ json string max len.......: 2278 chars
diff --git a/test/results/dns_ambiguous_names.pcap.out b/test/results/dns_ambiguous_names.pcap.out
index 7c40bc91a..57cd47ff0 100644
--- a/test/results/dns_ambiguous_names.pcap.out
+++ b/test/results/dns_ambiguous_names.pcap.out
@@ -69,9 +69,9 @@
 ~~ total active/idle flows...: 10/10
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6428550 bytes
-~~ total memory freed........: 6428550 bytes
-~~ total allocations/frees...: 122556/122556
+~~ total memory allocated....: 6433527 bytes
+~~ total memory freed........: 6433527 bytes
+~~ total allocations/frees...: 122566/122566
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 504 chars
 ~~ json string max len.......: 1090 chars
diff --git a/test/results/dns_doh.pcap.out b/test/results/dns_doh.pcap.out
index 356e54c60..88674fde9 100644
--- a/test/results/dns_doh.pcap.out
+++ b/test/results/dns_doh.pcap.out
@@ -19,9 +19,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6425387 bytes
-~~ total memory freed........: 6425387 bytes
-~~ total allocations/frees...: 122584/122584
+~~ total memory allocated....: 6430292 bytes
+~~ total memory freed........: 6430292 bytes
+~~ total allocations/frees...: 122594/122594
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 2150 chars
diff --git a/test/results/dns_dot.pcap.out b/test/results/dns_dot.pcap.out
index 3b48a2e3f..756125ae7 100644
--- a/test/results/dns_dot.pcap.out
+++ b/test/results/dns_dot.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6420776 bytes
-~~ total memory freed........: 6420776 bytes
-~~ total allocations/frees...: 122478/122478
+~~ total memory allocated....: 6425681 bytes
+~~ total memory freed........: 6425681 bytes
+~~ total allocations/frees...: 122488/122488
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 1895 chars
diff --git a/test/results/dns_exfiltration.pcap.out b/test/results/dns_exfiltration.pcap.out
index 2202dbc3b..53e7cbff5 100644
--- a/test/results/dns_exfiltration.pcap.out
+++ b/test/results/dns_exfiltration.pcap.out
@@ -20,9 +20,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6420560 bytes
-~~ total memory freed........: 6420560 bytes
-~~ total allocations/frees...: 122738/122738
+~~ total memory allocated....: 6425465 bytes
+~~ total memory freed........: 6425465 bytes
+~~ total allocations/frees...: 122748/122748
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 501 chars
 ~~ json string max len.......: 2487 chars
diff --git a/test/results/dns_fragmented.pcap.out b/test/results/dns_fragmented.pcap.out
index 65073dcd6..79290cab2 100644
--- a/test/results/dns_fragmented.pcap.out
+++ b/test/results/dns_fragmented.pcap.out
@@ -4,7 +4,7 @@
 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1558968008021140,"flow_dst_last_pkt_time":1558968008021140,"flow_idle_time":200000000,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1558968008021140,"pkt":"AAwpil3XAIac51UUCABFAABE5WoAAG8R7BGs2ShMwRjj7t1oADUAMAwz1D8AEAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAAAA=="}
 01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968008021140,"flow_src_last_pkt_time":1558968008021140,"flow_dst_last_pkt_time":1558968008021140,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968008021140,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 02477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1558968008021140,"flow_dst_last_pkt_time":1558968008021712,"flow_idle_time":200000000,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1558968008021712,"pkt":"AIac51UUAAwpil3XCABFAAXc0P4gAEARCebBGOPurNkoTAA13WgGrrRj1D+EEAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwAMAABAAAAPAEIAQADCgMBAAHQVNwo8VCsO0nmM2u3Mcqv14N851ULDM7hf1Hi2ooDrm7SR4cYS\/ptdvSMUJEyqPCUSF3Clw\/mlYs7YppfPvATwlxTT37RaXRQswUTRh4\/3GtYPxZXJOr+Wr2nwf4Rqm1imNixBim+ZLWFho\/CQdJqyhqg2VT8ongtHWFb9Nojmjr1IXZe0LYFcm0d1eoB5YaBtAcRvhm41KfjcjwpW7jDiMH5W1RgefeOj8kBkIJxjV9i9TB7pjmmAvw91J8s0GTTJqo\/ORsAzT8BHg3y6usJtQVH8ezMMHBFbjtgdGJlMoj4kn1KBk8Jtj9ZxjTIZWIo922PVb8sQqj0JytLOU69wAwALgABAAAAPAIfADAKAgAAADxdChURXOJ+MzN7CHdlYmVybGFiAmRlAB+yP4V\/njTX1ZrAUX52Q4ppNzTYQFwUb\/fZ7UyQYLNxrrstLuUEImGhNwZoGn47E0jCxJscYiApT\/lYiL2L1ySUl4RKqHIjPNuYuibs67t5ZabkYsahlYEA\/lOcM3eIQx9pu5Og7p1d2yBSUETOBiGw2mFf2+ESni6Ue4XPXEEYzAhiMRhuYOJAy8gBqoPjkRBcJfWJSQLCsK1uYySkTZfbAzgJeVM0nXd6azgG0BhRE+LeaO6rN3QVHDtfgnwRdZ0mqwEcP9Ixz7o9MUVSKZ24Kp1QfS5nvEHn5PilNALbZYZOO0cQAeV8BhlxVuALLDecEOLC8sY1mx6ozY5\/aRypyHA9HCrJT0qIHJwgtxE7ldoWyzsz32MKgZvCYMZSPOXK\/W3p61FPtD4iT4Id6xXDvyRuALL3waMUMwy3mSjXDHAdpXWaCOMfYx2IzRk4rN5TDQtUohYwaoSbystwDYKnhZGi9jS0G8FObyWhTrKCl7aTkMBaFEejCh0dfD5WJP+MDS\/TR32BG0S+GtGTl4n1Y8wgyP7nkz3\/REcevkIvpJRUImVc8A\/VPTI+9KvBSkoLPA9Za\/IpqUpgDVsKWU5bp0V0TdEryxvtwOnVXXdH0\/hJMgIgWhmZzY2\/UVoRBVGptWsAIhn5sO+UhcjvZ41p3t\/1mWp23BdUACblNtHcw2MALgABAAAAPAEfADAKAgAAADxdChURXOJ+M5BHCHdlYmVybGFiAmRlAHoYKuiyNMNSWsfXwtRR8n\/pKy73at02yEwt1EoWyfptV8sUoxs="}
-01056{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968008021140,"flow_src_last_pkt_time":1558968008021140,"flow_dst_last_pkt_time":1558968008021712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":1472,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":1472,"midstream":0,"thread_ts_usec":1558968008021712,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}}
+01056{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968008021140,"flow_src_last_pkt_time":1558968008021140,"flow_dst_last_pkt_time":1558968008021712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":1472,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":1472,"midstream":0,"thread_ts_usec":1558968008021712,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":46,"rsp_addr":"0.0.0.0"}}}
 00312{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1558968008021729,"packet_id":3,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":230,"global_ts_usec":1558968008021729}
 00613{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":264,"pkt_l4_len":0,"thread_ts_usec":1558968008021712,"pkt":"AIac51UUAAwpil3XCABFAAD60P4AuUARLg\/BGOPurNkoTJJWaQ8FS9tIHo+oVjY51cy6+fgiJNB2zCSb2h1J8D40RJyUZYc0lguNGrMzvogBYnbxInuDKD2B8SGaumxsynJulBSZTde74knucmk+7g4DbM0zyfRD0W3RhD3u0NFdji\/0zmiI817VkCE2GpVvuL3F8KDCC+EMYjJlOHqM+STJxPq9ZF8xJcVITkC6EY6CdRmYmQdqvRYWzDXPjGtyu5XT13H1VC8IJisNUehBDr2PeppANUdXFlyqVQ6mARL6UnTBT0xam7DpmuxycO7BOql2rC7KBJb4lykg9AAAKRAAAACAAAAA"}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968010233766,"flow_src_last_pkt_time":1558968010233766,"flow_dst_last_pkt_time":1558968010233766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968010233766,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -37,7 +37,7 @@
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1558968021026749,"flow_dst_last_pkt_time":1558968021026749,"flow_idle_time":200000000,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1558968021026749,"pkt":"AAwpil3XAIac51UUCABFAABEdWYAAGwRujZKfS+IwRjj7ufCADUAMBuRFagAEAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAAAA=="}
 01042{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968021026749,"flow_src_last_pkt_time":1558968021026749,"flow_dst_last_pkt_time":1558968021026749,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968021026749,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 02479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1558968021026749,"flow_dst_last_pkt_time":1558968021027012,"flow_idle_time":200000000,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1558968021027012,"pkt":"AIac51UUAAwpil3XCABFAAXciTwgAEARrMjBGOPuSn0viAA158IGrsPBFaiEEAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AQgBAAMKAwEAAdBU3CjxUKw7SeYza7cxyq\/Xg3znVQsMzuF\/UeLaigOubtJHhxhL+m129IxQkTKo8JRIXcKXD+aViztiml8+8BPCXFNPftFpdFCzBRNGHj\/ca1g\/Flck6v5avafB\/hGqbWKY2LEGKb5ktYWGj8JB0mrKGqDZVPyieC0dYVv02iOaOvUhdl7QtgVybR3V6gHlhoG0BxG+GbjUp+NyPClbuMOIwflbVGB5946PyQGQgnGNX2L1MHumOaYC\/D3UnyzQZNMmqj85GwDNPwEeDfLq6wm1BUfx7MwwcEVuO2B0YmUyiPiSfUoGTwm2P1nGNMhlYij3bY9VvyxCqPQnK0s5Tr3ADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwALgABAAAAPAIfADAKAgAAADxdChURXOJ+MzN7CHdlYmVybGFiAmRlAB+yP4V\/njTX1ZrAUX52Q4ppNzTYQFwUb\/fZ7UyQYLNxrrstLuUEImGhNwZoGn47E0jCxJscYiApT\/lYiL2L1ySUl4RKqHIjPNuYuibs67t5ZabkYsahlYEA\/lOcM3eIQx9pu5Og7p1d2yBSUETOBiGw2mFf2+ESni6Ue4XPXEEYzAhiMRhuYOJAy8gBqoPjkRBcJfWJSQLCsK1uYySkTZfbAzgJeVM0nXd6azgG0BhRE+LeaO6rN3QVHDtfgnwRdZ0mqwEcP9Ixz7o9MUVSKZ24Kp1QfS5nvEHn5PilNALbZYZOO0cQAeV8BhlxVuALLDecEOLC8sY1mx6ozY5\/aRypyHA9HCrJT0qIHJwgtxE7ldoWyzsz32MKgZvCYMZSPOXK\/W3p61FPtD4iT4Id6xXDvyRuALL3waMUMwy3mSjXDHAdpXWaCOMfYx2IzRk4rN5TDQtUohYwaoSbystwDYKnhZGi9jS0G8FObyWhTrKCl7aTkMBaFEejCh0dfD5WJP+MDS\/TR32BG0S+GtGTl4n1Y8wgyP7nkz3\/REcevkIvpJRUImVc8A\/VPTI+9KvBSkoLPA9Za\/IpqUpgDVsKWU5bp0V0TdEryxvtwOnVXXdH0\/hJMgIgWhmZzY2\/UVoRBVGptWsAIhn5sO+UhcjvZ41p3t\/1mWp23BdUACblNtHcw2MALgABAAAAPAEfADAKAgAAADxdChURXOJ+M5BHCHdlYmVybGFiAmRlAHoYKuiyNMNSWsfXwtRR8n\/pKy73at02yEwt1EoWyfptV8sUoxs="}
-01057{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968021026749,"flow_src_last_pkt_time":1558968021026749,"flow_dst_last_pkt_time":1558968021027012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":1472,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":1472,"midstream":0,"thread_ts_usec":1558968021027012,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}}
+01057{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968021026749,"flow_src_last_pkt_time":1558968021026749,"flow_dst_last_pkt_time":1558968021027012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":1472,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":1472,"midstream":0,"thread_ts_usec":1558968021027012,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":46,"rsp_addr":"0.0.0.0"}}}
 00313{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1558968021027052,"packet_id":17,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":230,"global_ts_usec":1558968021027052}
 00613{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":264,"pkt_l4_len":0,"thread_ts_usec":1558968021027012,"pkt":"AIac51UUAAwpil3XCABFAAD6iTwAuUAR0PHBGOPuSn0viJJWaQ8FS9tIHo+oVjY51cy6+fgiJNB2zCSb2h1J8D40RJyUZYc0lguNGrMzvogBYnbxInuDKD2B8SGaumxsynJulBSZTde74knucmk+7g4DbM0zyfRD0W3RhD3u0NFdji\/0zmiI817VkCE2GpVvuL3F8KDCC+EMYjJlOHqM+STJxPq9ZF8xJcVITkC6EY6CdRmYmQdqvRYWzDXPjGtyu5XT13H1VC8IJisNUehBDr2PeppANUdXFlyqVQ6mARL6UnTBT0xam7DpmuxycO7BOql2rC7KBJb4lykg9AAAKRAAAACAAAAA"}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968031134211,"flow_src_last_pkt_time":1558968031134211,"flow_dst_last_pkt_time":1558968031134211,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968031134211,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -103,14 +103,14 @@
 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869900222469,"flow_src_last_pkt_time":1560869900222469,"flow_dst_last_pkt_time":1560869900222469,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869900222469,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1560869905222619,"flow_dst_last_pkt_time":1560869900222469,"flow_idle_time":200000000,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"thread_ts_usec":1560869905222619,"pkt":"CFsOoYNeAAwpfKTLht1gDZ0NADwRQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBT2bEANQA8zxHCoAEgAAEAAAAAAAEId2ViZXJsYWICZGUAADAAAQAAKRAAAACAAAAMAAoACPFs5uYvfUZc"}
 02451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1560869905222619,"flow_dst_last_pkt_time":1560869905232984,"flow_idle_time":200000000,"pkt_caplen":1494,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1494,"pkt_l4_len":1432,"thread_ts_usec":1560869905232984,"pkt":"AAwpfKTLCFsOoYNeht1gC9IyBaAsPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLEQAAAQAABpoANdmxBspAOcKghQAAAQAEAAAAAQh3ZWJlcmxhYgJkZQAAMAABwAwAMAABAAAAPAIIAQEDCgMBAAHd7\/3tIq12CjsLWBAd1T3u8\/far4uZXvf8tV18qZaecv+cWqq5v63pRvKYMfBrDVtiIL4iSgCelIlOORESqB\/n89qn9klBRxVsJMHolsi2eBGR4aML4ghMfeD+DrMDSl5nWB3t\/K5Rz2vtzsqVvYGH0fZYQiit53gj6vP2hRbE0yO3UPkNpBEVogjAsm5eFjsLAaP0ZZzzOMrnzCiJQAYjOTVkDzZiOo2MwGKWKMlIXfR55yCA5TUPPR6V0HRZsrDK2l2G+6gzqDhIjqHbbSh9Mv77SdkkVNOUReABLpmnCFMwIuSy9nDEMQu7e65QyOF+NjUXziwKhrjnnJRY86s9znQCVnoPwAJ0m29NgBgpEN+9E19YVr3gF7esaT1ji4B10iyBf5c\/sJfg5vGTVg55+cxCbhI98aL2tYPM5kVyTpqgOlYRqnsMRfHPsinjRDh8+F+P0S5lhyLhG726D9NA5OQPW4cmRlbMrTiYPjcIRULbwVi5g\/NhRbX0rdr5mxRTcAGTp0WViThvS+0xXBiJtThFC5qIVMhS7ARjFwxTrtZNKOqapuPebbAbjMiTaX3UKD8DpFKbCouo5jaur0Y77zYiW3BcpU0K6hxkxrjqKblLAW1F4\/5zq+COo+NpOhgyLk8iw5Gla3a8V5hp3zZ0rXalprx16P2BcHZbPW3E+8AMADAAAQAAADwBCAEAAwoDAQAB0FTcKPFQrDtJ5jNrtzHKr9eDfOdVCwzO4X9R4tqKA65u0keHGEv6bXb0jFCRMqjwlEhdwpcP5pWLO2KaXz7wE8JcU09+0Wl0ULMFE0YeP9xrWD8WVyTq\/lq9p8H+EaptYpjYsQYpvmS1hYaPwkHSasoaoNlU\/KJ4LR1hW\/TaI5o69SF2XtC2BXJtHdXqAeWGgbQHEb4ZuNSn43I8KVu4w4jB+VtUYHn3jo\/JAZCCcY1fYvUwe6Y5pgL8PdSfLNBk0yaqPzkbAM0\/AR4N8urrCbUFR\/HszDBwRW47YHRiZTKI+JJ9SgZPCbY\/WcY0yGViKPdtj1W\/LEKo9CcrSzlOvcAMAC4AAQAAADwCHwAwCgIAAAA8XSexsF0AI8Ezewh3ZWJlcmxhYgJkZQDDZMohasNCzdZy+qXT+i9EuX\/inlaoHckoPQ6pZUM55HOKiXWwbCF2bgR2vTatltfgdQMYsjHLb9y8\/8K16x1bINo7jHhPhiQ3mZPnhRDbC819\/mg\/DAJlEfo4\/PIHroaOXHkEsxclA3Sfl5XzqMY8dIIjCMSIRohmpz3ajd1g8Q5nPhvruiTi3rbkkaFuvAu6JBazSxvplBTGRsLiwD\/keT1H0ch7BVc1oZ6xmkqy68vIsD63Fj1r1Prt7pmrCHTCuEgsO78D9dCQuWCLkJQxGUVXJj5CI3Hv7xFFgpu2WdK7EiEBH5rHphjb8hJPFep1cggzgdSO7gr4PL16UQJ4paFWEovlSSSKN6CqV0KlzY5UKpoC4bOcRMiiujkcgLRcJzDNjTcP59699eiRBYcnSUNu7NR\/AQOsLe1gcGBMYVI28uXABijFJJPUYQFFRKKQYYy7U8augfodJClNM+5PjDrN7VUaoyW\/CtbFigLZaje\/SbLFkod9oTkuhnetL7fyEnlGfxKmEZ218qPcsKDJRrRyymc+WdZ+tPcZvQXr6AVS7RZSoUTV\/+5dVd2kWuuF2w5rsnAIOU3wwIEPhsTwq9njhb9Bp9jOMH3FFbo4srNvY4pocOs9Lic1Os813bu7VyQz3Nrv\/xfPOPvvG\/\/ufcPEO13FnB7dwg\/ymTeeu8NjAC4AAQAAADwBHwAwCgIAAAA8XSexsF0AI8GQRwh3"}
-01089{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1560869900222469,"flow_src_last_pkt_time":1560869905222619,"flow_dst_last_pkt_time":1560869905232984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":1424,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":1424,"midstream":0,"thread_ts_usec":1560869905232984,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}}
+01089{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1560869900222469,"flow_src_last_pkt_time":1560869905222619,"flow_dst_last_pkt_time":1560869905232984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":1424,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":1424,"midstream":0,"thread_ts_usec":1560869905232984,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":46,"rsp_addr":"0.0.0.0"}}}
 00314{"error_event_id":12,"error_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1560869905233034,"packet_id":39,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":334,"global_ts_usec":1560869905233034}
 00758{"packet_event_id":1,"packet_event_name":"packet","packet_id":39,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_caplen":368,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":368,"pkt_l4_len":0,"thread_ts_usec":1560869905232984,"pkt":"AAwpfKTLCFsOoYNeht1gC9IyATosPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLEQAFmAAABpplYmVybGFiAmRlAKU8TJxFacYrnzjzribJyhzI\/PZTM81o7M0N53bVhGij+9zhJRNeoUG2ZbhJAUMEBAu7geapxJ7U1z+UqhkFSi8Qu6jROnMih5xzmixXOjO2RiHT8eMzQMHqilreexmdz+7rH4jCggpAg2YenRMzpvhrf0+OEWUNhwq6dNYVlNWg1Yf1oxCRsZ6Xiq2pemle4KOkgobWECgdELaMnIZKUJ0WtpAZJuCbAIPvak3YgHcNPR4Sbx1lKRTPW6QxjFsHJ5X\/B6mNMVtqG97wzaO\/ugVwH81Qt2Llpj5Wb873AtMbd7OQYLwhJ7fhxJ9xNJn6SlVRp6C+1P2Wyu\/7U0mgP+sAACkQAAAAgAAAHAAKABjxbObmL31GXCozdz5dCPwRZU4FwINgbJY="}
 00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869910534637,"flow_src_last_pkt_time":1560869910534637,"flow_dst_last_pkt_time":1560869910534637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869910534637,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1560869910534637,"flow_dst_last_pkt_time":1560869910534637,"flow_idle_time":200000000,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1560869910534637,"pkt":"CFsOoYNeAAwpfKTLCABFAABQVdgAAEARt8DC9wUGwRjj7spPADUAPG1Sic4BIAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAADAAKAAgdxATcWA6WbA=="}
 01040{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869910534637,"flow_src_last_pkt_time":1560869910534637,"flow_dst_last_pkt_time":1560869910534637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869910534637,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 02477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1560869910534637,"flow_dst_last_pkt_time":1560869910547607,"flow_idle_time":200000000,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1560869910547607,"pkt":"AAwpfKTLCFsOoYNeCABFAAXc3KUgAEARC2fBGOPuwvcFBgA1yk8Gysn4ic6FAAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AQgBAAMKAwEAAdBU3CjxUKw7SeYza7cxyq\/Xg3znVQsMzuF\/UeLaigOubtJHhxhL+m129IxQkTKo8JRIXcKXD+aViztiml8+8BPCXFNPftFpdFCzBRNGHj\/ca1g\/Flck6v5avafB\/hGqbWKY2LEGKb5ktYWGj8JB0mrKGqDZVPyieC0dYVv02iOaOvUhdl7QtgVybR3V6gHlhoG0BxG+GbjUp+NyPClbuMOIwflbVGB5946PyQGQgnGNX2L1MHumOaYC\/D3UnyzQZNMmqj85GwDNPwEeDfLq6wm1BUfx7MwwcEVuO2B0YmUyiPiSfUoGTwm2P1nGNMhlYij3bY9VvyxCqPQnK0s5Tr3ADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwALgABAAAAPAIfADAKAgAAADxdJ7GwXQAjwTN7CHdlYmVybGFiAmRlAMNkyiFqw0LN1nL6pdP6L0S5f+KeVqgdySg9DqllQznkc4qJdbBsIXZuBHa9Nq2W1+B1AxiyMctv3Lz\/wrXrHVsg2juMeE+GJDeZk+eFENsLzX3+aD8MAmUR+jj88geuho5ceQSzFyUDdJ+XlfOoxjx0giMIxIhGiGanPdqN3WDxDmc+G+u6JOLetuSRoW68C7okFrNLG+mUFMZGwuLAP+R5PUfRyHsFVzWhnrGaSrLry8iwPrcWPWvU+u3umasIdMK4SCw7vwP10JC5YIuQlDEZRVcmPkIjce\/vEUWCm7ZZ0rsSIQEfmsemGNvyEk8V6nVyCDOB1I7uCvg8vXpRAniloVYSi+VJJIo3oKpXQqXNjlQqmgLhs5xEyKK6ORyAtFwnMM2NNw\/n3r316JEFhydJQ27s1H8BA6wt7WBwYExhUjby5cAGKMUkk9RhAUVEopBhjLtTxq6B+h0kKU0z7k+MOs3tVRqjJb8K1sWKAtlqN79JssWSh32hOS6Gd60vt\/ISeUZ\/EqYRnbXyo9ywoMlGtHLKZz5Z1n609xm9BevoBVLtFlKhRNX\/7l1V3aRa64XbDmuycAg5TfDAgQ+GxPCr2eOFv0Gn2M4wfcUVujiys29jimhw6z0uJzU6zzXdu7tXJDPc2u\/\/F884++8b\/+59w8Q7XcWcHt3CD\/KZN567w2MALgABAAAAPAEfADAKAgAAADxdJ7GwXQAjwZBHCHdlYmVybGFiAmRlAKU8TJxFacYrnzjzribJyhzI\/PZTM81o7M0N53bVhGij+9zhJRM="}
-01055{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869910534637,"flow_src_last_pkt_time":1560869910534637,"flow_dst_last_pkt_time":1560869910547607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":1472,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":1472,"midstream":0,"thread_ts_usec":1560869910547607,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}}
+01055{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869910534637,"flow_src_last_pkt_time":1560869910534637,"flow_dst_last_pkt_time":1560869910547607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":1472,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":1472,"midstream":0,"thread_ts_usec":1560869910547607,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":46,"rsp_addr":"0.0.0.0"}}}
 00313{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1560869910547645,"packet_id":42,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":258,"global_ts_usec":1560869910547645}
 00659{"packet_event_id":1,"packet_event_name":"packet","packet_id":42,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":292,"pkt_l4_len":0,"thread_ts_usec":1560869910547607,"pkt":"AAwpfKTLCFsOoYNeCABFAAEW3KUAuUARL3TBGOPuwvcFBl6hQbZluEkBQwQEC7uB5qnEntTXP5SqGQVKLxC7qNE6cyKHnHOaLFc6M7ZGIdPx4zNAweqKWt57GZ3P7usfiMKCCkCDZh6dEzOm+Gt\/T44RZQ2HCrp01hWU1aDVh\/WjEJGxnpeKral6aV7go6SChtYQKB0QtoychkpQnRa2kBkm4JsAg+9qTdiAdw09HhJvHWUpFM9bpDGMWwcnlf8HqY0xW2ob3vDNo7+6BXAfzVC3YuWmPlZvzvcC0xt3s5BgvCEnt+HEn3E0mfpKVVGnoL7U\/ZbK7\/tTSaA\/6wAAKRAAAACAAAAcAAoAGB3EBNxYDpZslD4VVl0I\/BakNFp6chM\/YQ=="}
 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869913732416,"flow_src_last_pkt_time":1560869913732416,"flow_dst_last_pkt_time":1560869913732416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869913732416,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -125,7 +125,7 @@
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1560869913753808,"flow_dst_last_pkt_time":1560869913753590,"flow_idle_time":3285032704,"pkt_caplen":140,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":140,"pkt_l4_len":86,"thread_ts_usec":1560869913753808,"pkt":"AAwpYjEqAAwpfKTLht1gD07UAFYGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFglcB\/CpgBgAv46BAAABAQgKhEXfOxJ809IANIDkASAAAQAAAAAAAQh3ZWJlcmxhYgJkZQAAMAABAAApEAAAAIAAAAwACgAIG5r2Iqssl0A="}
 01078{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1560869913753259,"flow_src_last_pkt_time":1560869913753808,"flow_dst_last_pkt_time":1560869913753590,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869913753808,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1560869913753808,"flow_dst_last_pkt_time":1560869913753993,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1560869913753993,"pkt":"AAwpfKTLAAwpYjEqht1gBqwSACAGQCABBHAfCxawAAAAAAomAFMgAQRwHwsWsAIMKf\/+fKTLADXfAVwH8KkhzRY\/gBAAvToXAAABAQgKEnzT0oRF3zs="}
-01093{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":50,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1560869913753259,"flow_src_last_pkt_time":1560869913753808,"flow_dst_last_pkt_time":1560869913754562,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":1732,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":1732,"midstream":0,"thread_ts_usec":1560869913754562,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}}
+01093{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":50,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1560869913753259,"flow_src_last_pkt_time":1560869913753808,"flow_dst_last_pkt_time":1560869913754562,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":1732,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":1732,"midstream":0,"thread_ts_usec":1560869913754562,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":46,"rsp_addr":"0.0.0.0"}}}
 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869916459087,"flow_src_last_pkt_time":1560869916459087,"flow_dst_last_pkt_time":1560869916459087,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869916459087,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1560869916459087,"flow_dst_last_pkt_time":1560869916459087,"flow_idle_time":200000000,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_usec":1560869916459087,"pkt":"CFsOoYNeAAwpfKTLht1gAxE1ADQRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABER1T4ANQA07tzo3wEAAAEAAAAAAAEDbnMyCHdlYmVyZG5zAmRlAAABAAEAACkCAAAAAAAAAA=="}
 01075{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869916459087,"flow_src_last_pkt_time":1560869916459087,"flow_dst_last_pkt_time":1560869916459087,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869916459087,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ns2.weberdns.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -138,7 +138,7 @@
 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1560869916475413,"flow_dst_last_pkt_time":1560869916475150,"flow_idle_time":3285032704,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":120,"pkt_l4_len":86,"thread_ts_usec":1560869916475413,"pkt":"AAwpYjEqAAwpfKTLCABFAABqzqVAAEAG2+XC9wUGwvcFDphdADXWgnc6366rdIAYAOWQXwAAAQEICjHx81KVd0imADQG2gEgAAEAAAAAAAEId2ViZXJsYWICZGUAADAAAQAAKRAAAACAAAAMAAoACMarGn+jZfIj"}
 01038{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1560869916474839,"flow_src_last_pkt_time":1560869916475413,"flow_dst_last_pkt_time":1560869916475150,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869916475413,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1560869916475413,"flow_dst_last_pkt_time":1560869916475531,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1560869916475531,"pkt":"AAwpfKTLAAwpYjEqCABFAAA0gWxAAEAGKVXC9wUOwvcFBgA1mF3frqt01oJ3cIAQAONwywAAAQEICpV3SKcx8fNS"}
-01053{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1560869916474839,"flow_src_last_pkt_time":1560869916475413,"flow_dst_last_pkt_time":1560869916475993,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":1732,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":1732,"midstream":0,"thread_ts_usec":1560869916475993,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}}
+01053{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1560869916474839,"flow_src_last_pkt_time":1560869916475413,"flow_dst_last_pkt_time":1560869916475993,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":1732,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":1732,"midstream":0,"thread_ts_usec":1560869916475993,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":46,"rsp_addr":"0.0.0.0"}}}
 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869913732416,"flow_src_last_pkt_time":1560869913732416,"flow_dst_last_pkt_time":1560869913751307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":72,"midstream":0,"thread_ts_usec":1560869916477286,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00951{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1560869916474839,"flow_src_last_pkt_time":1560869916477286,"flow_dst_last_pkt_time":1560869916477262,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":1732,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":1732,"midstream":0,"thread_ts_usec":1560869916477286,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1560869900222469,"flow_src_last_pkt_time":1560869905222619,"flow_dst_last_pkt_time":1560869905232984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":1424,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":1424,"midstream":0,"thread_ts_usec":1560869916477286,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -158,9 +158,9 @@
 ~~ total active/idle flows...: 21/21
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6449677 bytes
-~~ total memory freed........: 6449677 bytes
-~~ total allocations/frees...: 122725/122725
+~~ total memory allocated....: 6454742 bytes
+~~ total memory freed........: 6454742 bytes
+~~ total allocations/frees...: 122735/122735
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 317 chars
 ~~ json string max len.......: 2484 chars
diff --git a/test/results/dns_invert_query.pcapng.out b/test/results/dns_invert_query.pcapng.out
index caeb8da6f..9b6b4b455 100644
--- a/test/results/dns_invert_query.pcapng.out
+++ b/test/results/dns_invert_query.pcapng.out
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411776 bytes
-~~ total memory freed........: 6411776 bytes
-~~ total allocations/frees...: 122437/122437
+~~ total memory allocated....: 6416681 bytes
+~~ total memory freed........: 6416681 bytes
+~~ total allocations/frees...: 122447/122447
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 503 chars
 ~~ json string max len.......: 1049 chars
diff --git a/test/results/dns_long_domainname.pcap.out b/test/results/dns_long_domainname.pcap.out
index fbfc31efe..c65dfa1c5 100644
--- a/test/results/dns_long_domainname.pcap.out
+++ b/test/results/dns_long_domainname.pcap.out
@@ -15,9 +15,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411828 bytes
-~~ total memory freed........: 6411828 bytes
-~~ total allocations/frees...: 122439/122439
+~~ total memory allocated....: 6416733 bytes
+~~ total memory freed........: 6416733 bytes
+~~ total allocations/frees...: 122449/122449
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 504 chars
 ~~ json string max len.......: 1087 chars
diff --git a/test/results/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/dnscrypt-v1-and-resolver-pings.pcap.out
index 5be188173..6d9df43e3 100644
--- a/test/results/dnscrypt-v1-and-resolver-pings.pcap.out
+++ b/test/results/dnscrypt-v1-and-resolver-pings.pcap.out
@@ -1545,9 +1545,9 @@
 ~~ total active/idle flows...: 245/245
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6865098 bytes
-~~ total memory freed........: 6865098 bytes
-~~ total allocations/frees...: 125608/125608
+~~ total memory allocated....: 6871955 bytes
+~~ total memory freed........: 6871955 bytes
+~~ total allocations/frees...: 125618/125618
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 330 chars
 ~~ json string max len.......: 2470 chars
diff --git a/test/results/dnscrypt-v2-doh.pcap.out b/test/results/dnscrypt-v2-doh.pcap.out
index bbd2bae55..c33702c4d 100644
--- a/test/results/dnscrypt-v2-doh.pcap.out
+++ b/test/results/dnscrypt-v2-doh.pcap.out
@@ -315,9 +315,9 @@
 ~~ total active/idle flows...: 34/34
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6770234 bytes
-~~ total memory freed........: 6770234 bytes
-~~ total allocations/frees...: 123572/123572
+~~ total memory allocated....: 6775403 bytes
+~~ total memory freed........: 6775403 bytes
+~~ total allocations/frees...: 123582/123582
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 500 chars
 ~~ json string max len.......: 4750 chars
diff --git a/test/results/dnscrypt-v2.pcap.out b/test/results/dnscrypt-v2.pcap.out
index 208686329..81b588b94 100644
--- a/test/results/dnscrypt-v2.pcap.out
+++ b/test/results/dnscrypt-v2.pcap.out
@@ -24,9 +24,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6415520 bytes
-~~ total memory freed........: 6415520 bytes
-~~ total allocations/frees...: 122464/122464
+~~ total memory allocated....: 6420441 bytes
+~~ total memory freed........: 6420441 bytes
+~~ total allocations/frees...: 122474/122474
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 496 chars
 ~~ json string max len.......: 1961 chars
diff --git a/test/results/dnscrypt_skype_false_positive.pcapng.out b/test/results/dnscrypt_skype_false_positive.pcapng.out
index 66d983566..085a4808e 100644
--- a/test/results/dnscrypt_skype_false_positive.pcapng.out
+++ b/test/results/dnscrypt_skype_false_positive.pcapng.out
@@ -19,9 +19,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411920 bytes
-~~ total memory freed........: 6411920 bytes
-~~ total allocations/frees...: 122442/122442
+~~ total memory allocated....: 6416825 bytes
+~~ total memory freed........: 6416825 bytes
+~~ total allocations/frees...: 122452/122452
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 516 chars
 ~~ json string max len.......: 1197 chars
diff --git a/test/results/doq.pcapng.out b/test/results/doq.pcapng.out
index 30698cfbb..9291c2cb1 100644
--- a/test/results/doq.pcapng.out
+++ b/test/results/doq.pcapng.out
@@ -25,9 +25,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6424260 bytes
-~~ total memory freed........: 6424260 bytes
-~~ total allocations/frees...: 122488/122488
+~~ total memory allocated....: 6429173 bytes
+~~ total memory freed........: 6429173 bytes
+~~ total allocations/frees...: 122498/122498
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 2182 chars
diff --git a/test/results/doq_adguard.pcapng.out b/test/results/doq_adguard.pcapng.out
index ef19b4cf5..e94c6d2eb 100644
--- a/test/results/doq_adguard.pcapng.out
+++ b/test/results/doq_adguard.pcapng.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6430400 bytes
-~~ total memory freed........: 6430400 bytes
-~~ total allocations/frees...: 122753/122753
+~~ total memory allocated....: 6435305 bytes
+~~ total memory freed........: 6435305 bytes
+~~ total allocations/frees...: 122763/122763
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 498 chars
 ~~ json string max len.......: 2187 chars
diff --git a/test/results/dos_win98_smb_netbeui.pcap.out b/test/results/dos_win98_smb_netbeui.pcap.out
index c4a074bad..e97baaa89 100644
--- a/test/results/dos_win98_smb_netbeui.pcap.out
+++ b/test/results/dos_win98_smb_netbeui.pcap.out
@@ -116,9 +116,9 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6418860 bytes
-~~ total memory freed........: 6418860 bytes
-~~ total allocations/frees...: 122528/122528
+~~ total memory allocated....: 6423789 bytes
+~~ total memory freed........: 6423789 bytes
+~~ total allocations/frees...: 122538/122538
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 303 chars
 ~~ json string max len.......: 2179 chars
diff --git a/test/results/drda_db2.pcap.out b/test/results/drda_db2.pcap.out
index 56cc76739..b18ca2a1d 100644
--- a/test/results/drda_db2.pcap.out
+++ b/test/results/drda_db2.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414896 bytes
-~~ total memory freed........: 6414896 bytes
-~~ total allocations/frees...: 122475/122475
+~~ total memory allocated....: 6419801 bytes
+~~ total memory freed........: 6419801 bytes
+~~ total allocations/frees...: 122485/122485
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 493 chars
 ~~ json string max len.......: 2192 chars
diff --git a/test/results/dropbox.pcap.out b/test/results/dropbox.pcap.out
index 815f9d36c..4eded2b14 100644
--- a/test/results/dropbox.pcap.out
+++ b/test/results/dropbox.pcap.out
@@ -133,9 +133,9 @@
 ~~ total active/idle flows...: 15/15
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6461370 bytes
-~~ total memory freed........: 6461370 bytes
-~~ total allocations/frees...: 123432/123432
+~~ total memory allocated....: 6466387 bytes
+~~ total memory freed........: 6466387 bytes
+~~ total allocations/frees...: 123442/123442
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 2210 chars
diff --git a/test/results/dtls.pcap.out b/test/results/dtls.pcap.out
index 3fb21fc96..5ec146f22 100644
--- a/test/results/dtls.pcap.out
+++ b/test/results/dtls.pcap.out
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411812 bytes
-~~ total memory freed........: 6411812 bytes
-~~ total allocations/frees...: 122439/122439
+~~ total memory allocated....: 6416717 bytes
+~~ total memory freed........: 6416717 bytes
+~~ total allocations/frees...: 122449/122449
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 1282 chars
diff --git a/test/results/dtls2.pcap.out b/test/results/dtls2.pcap.out
index 913d5ff50..dab771fab 100644
--- a/test/results/dtls2.pcap.out
+++ b/test/results/dtls2.pcap.out
@@ -23,9 +23,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412704 bytes
-~~ total memory freed........: 6412704 bytes
-~~ total allocations/frees...: 122470/122470
+~~ total memory allocated....: 6417609 bytes
+~~ total memory freed........: 6417609 bytes
+~~ total allocations/frees...: 122480/122480
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 1595 chars
diff --git a/test/results/dtls_certificate.pcapng.out b/test/results/dtls_certificate.pcapng.out
index 2fe73dfeb..010e9503e 100644
--- a/test/results/dtls_certificate.pcapng.out
+++ b/test/results/dtls_certificate.pcapng.out
@@ -2,7 +2,7 @@
 00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1645461580895085}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645461580895085,"flow_src_last_pkt_time":1645461580895085,"flow_dst_last_pkt_time":1645461580895085,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1444,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1444,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645461580895085,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645461580895085,"flow_dst_last_pkt_time":1645461580895085,"flow_idle_time":200000000,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_usec":1645461580895085,"pkt":"AAEC3cZZAAAAw9EGCABFAAXASWxAADQRSEO\/Pjy+o80PtAG7l9wFrJO8Fv79AAAAAAAAAAIARQIAADkAAQAAAAAAOf79\/Kc4HE2ihqeGXU8HJgbvv17oNih5trwpTgkv9KYfrYAAwDAAABH\/AQABAAALAAQDAAECACMAABb+\/QAAAAAAAAADBPILAATmAAIAAAAABOYABOMABOAwggTcMIIDxKADAgECAhMzAAAAHLZ5tboHL3PzAAAAAAAcMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHUmVkbW9uZDEeMBwGA1UECgwVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSwwKgYDVQQDDCNNaWNyb3NvZnQgVXBkYXRlIFNlY3VyZSBTZXJ2ZXIgQ0EgMTAeFw0xNzAyMjcxMjAwMDBaFw0xOTAyMjcwMDAwMDBaMHkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdSZWRtb25kMRIwEAYDVQQKDAlNaWNyb3NvZnQxDDAKBgNVBAsMA0RTUDEhMB8GA1UEAwwYd3d3LnVwZGF0ZS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxchtkZuNapLH78mZf0URm+rRwTx\/ZkyEWQKrdPC7T\/I\/VBlNaCjkhqqLjeWcxNjAXFgHV0DQS4Ohn1NUJhGwRm+C9xnh7uNg5h\/HW\/hZG6rQQT\/YIEe4RMEDoHNucdV0ldNkVXCWmH7VdyXRHfM9s1z8dmKF9BhxFUrUndT8KN51NorrFfTkRDxgaXL\/XiTXb5jjFdTMNDoWEcfCSn+mv6sdX3THlAvFHxknV8wAjqvNtxIjUk2YFzbeaTG2Q+ckuiam9dVPaH56OySqB0JYTcsJNz1EFEanNbn3YoH9U68KtmWqXQruXynN3poT1rVwEUFs6k6P4rp9p9jisxqFTQIDAQABo4IBUTCCAU0wDgYDVR0PAQH\/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBSLiU8Spy0D\/BrMqi4FzdoDPizAuzAfBgNVHSMEGDAWgBQTA4kJqE\/7jzADbipdbCNlgXR+uzBmBgNVHR8EXzBdMFugWaBXhlVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBVcGRhdGUlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBDQSUyMDEuY3JsMHMGCCsGAQUFBwEBBGcwZTBjBggrBgEFBQcwAoZXaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBVcGRhdGUlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBDQSUyMDEuY3J0MAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBAD\/XXW3cyN\/n\/BsXYc461vEQJ\/MooDP0uWOe5wtrpd3XUOKUuYcOvN70FidsM66xtY3sgdh6LUV7Vd3UbwrHsVXRThb+W0JmRxLpORJHovyCUjHJdgWcwAmAecZJ4QHbPt4JGKIezh1zC7zvwpMBEph7\/DE2rRq+Bk7Vj\/NpG5hi7ChZs0a\/4ZlQ63BMdels0iVL7Gl8j2rZV6AKE6rNjGoosoCEoztRWeQE8+sRCm+Ke3bWDxj6rORsUQGgzGimwUgWsdfd3Nhsgd7TmdyKcuJKVjK3IJvBgJOkTc6Wtb9I6keqOhJz+tW6pXPpKnm\/uuS9speSYMehXhdxy6auf74W\/v0AAAAAAAAABABGDAABSQADAAAAAAA6AwAXQQTUxAnF4aD29iFX08UpvzSYHoOfJnjbLUY7FaBYVdRtgMBGO\/4Mp6YBV28sDk7JZ2MLOl9WIA=="}
-01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645461580895085,"flow_src_last_pkt_time":1645461580895085,"flow_dst_last_pkt_time":1645461580895085,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1444,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1444,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645461580895085,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DTLS.WindowsUpdate","proto_id":"30.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate"}}
+01521{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645461580895085,"flow_src_last_pkt_time":1645461580895085,"flow_dst_last_pkt_time":1645461580895085,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1444,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1444,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645461580895085,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DTLS.WindowsUpdate","proto_id":"30.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","tls": {"version":"DTLSv1.2","notafter":"2019-02-27 00:00:00","ja3":"","ja3s":"953c1507994f72697446de4eff6e300b","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Update Secure Server CA 1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft, OU=DSP, CN=www.update.microsoft.com","fingerprint":"D1:88:0F:51:C1:01:91:72:A1:A4:6E:69:F4:33:7F:FE:3E:C4:F0:39"}}}
 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645461580895085,"flow_src_last_pkt_time":1645461580895085,"flow_dst_last_pkt_time":1645461580895085,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1444,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1444,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645461580895085,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DTLS.WindowsUpdate","proto_id":"30.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate"}}
 00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1645461580895085}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -13,9 +13,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411996 bytes
-~~ total memory freed........: 6411996 bytes
-~~ total allocations/frees...: 122440/122440
+~~ total memory allocated....: 6418949 bytes
+~~ total memory freed........: 6418949 bytes
+~~ total allocations/frees...: 122451/122451
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 503 chars
 ~~ json string max len.......: 2443 chars
diff --git a/test/results/dtls_certificate_fragments.pcap.out b/test/results/dtls_certificate_fragments.pcap.out
index fbd7a0d02..a9763af3e 100644
--- a/test/results/dtls_certificate_fragments.pcap.out
+++ b/test/results/dtls_certificate_fragments.pcap.out
@@ -8,20 +8,32 @@
 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1556606275913729,"flow_dst_last_pkt_time":1556606276035205,"flow_idle_time":200000000,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1556606276035205,"pkt":"AAAAp2BiAAAAtzPNCABFIAWg4VdAAD4RJS4j0juGCrrGla2bmbMFjGwmFv7\/AAAAAAAAAAEAQgIAADYAAQAAAAAANv7\/exvJyLXWPruOHL5MK7Y1JsnEAS0AtJ+iPSn4YJ2mNsIAADUAAA7\/AQABAAAjAAAADwABARb+\/wAAAAAAAAACBSgLAAYLAAIAAAAABRwABggABgUwggYBMIID6aADAgECAgIBDjANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMCTk8xDTALBgNVBAgTBE9zbG8xDTALBgNVBAcTBE9zbG8xGzAZBgNVBAoTEk9wZXJhIFNvZnR3YXJlIEFTQTESMBAGA1UECxMJT3BlcmEgTWF4MRUwEwYDVQQDEwxPcGVyYSBNYXggQ0ExFTATBgNVBCkTDE9wZXJhIE1heCBDQTAeFw0xOTA0MjUwOTU4MDZaFw0xOTA1MjUwOTU4MDZaMHcxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIEwRPc2xvMQ0wCwYDVQQHEwRPc2xvMRswGQYDVQQKExJPcGVyYSBTb2Z0d2FyZSBBU0ExEjAQBgNVBAsTCU9wZXJhIE1heDEZMBcGA1UEAxQQKi5vcGVyYS1taW5pLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAORPM+HvV9uX\/YNDU1hkJZQiq9CpOzjLL+wmzk\/mxknC\/lzt7\/2Qg3qbyuKW5iBy3JZxaPO52oDwxIsilmeOkz4Mh8DnHyTx32hID++IiL649AXqYsGsHk8LI47iaUM6ub1Eu8MRDgFfIdgDsB\/iOYBVS6hhS44QgmBZ3WVRQHREe6jWyQtKDKooXtnRMU29d8xdLHTrujs0FtnJ437d+DiadyE+snuairyQNNrpLSNIZ\/pq6ewzal4u0NNe\/WlSiQTKqZBXXAL88GeYHTv+6w0xcxAqMiJvKS7otsvURb+7AhEr9BfD5cpFwVxi+SZQILibozwuzFJXx+cIypgIV2UCAwEAAaOCAYEwggF9MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMCsGCWCGSAGG+EIBDQQeFhxPcGVyYSBNYXggU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBToCRx51cxkoksSq+PH5Da9dPhtITCBvwYDVR0jBIG3MIG0gBSyo8s55dkAqfYHaJNGmRcwX2DgzKGBkKSBjTCBijELMAkGA1UEBhMCTk8xDTALBgNVBAgTBE9zbG8xDTALBgNVBAcTBE9zbG8xGzAZBgNVBAoTEk9wZXJhIFNvZnR3YXJlIEFTQTESMBAGA1UECxMJT3BlcmEgTWF4MRUwEwYDVQQDEwxPcGVyYSBNYXggQ0ExFTATBgNVBCkTDE9wZXJhIE1heCBDQYIJAM0pJwGa9KPrMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAtBgNVHREEJjAkghAqLnNhbXN1bmdtYXguY29tghAqLm9wZXJhLW1pbmkubmV0MA0GCSqGSIb3DQEBCwUAA4ICAQAsxMazt97mPzh89ugKFn+gchqN+8gwc\/qgCr24OgrCxlbcAuboN9GwNVyzEBLp8xf5X2uUbpzhUkNw8Da3gcOG9WRU6jbrD1WcRY6JvO0Mmn7tYOByaat2bf6co4aeqoorQ4XfH4XhjO0fNkhSxSnFd+YB1aTRfYQRZ9pIyqogmNC9mJGTFtFs6cJjs1UFLJ2Xs6n5RJMSgKdDdAS6NIKDCnhLmY29DHpiEqG4lF3or6tz0shqbW58O48+6Ff2qWryOZnPPF65AmJhRVUGil0HqRIZ9cej0+Pf1mpRxVU7o1XhXNWwazwIl8+tAnIOdpr7DJtkDNmXYyRKwOo6aEAWQeceETyNh3LwIE2unnIZhLc="}
 01459{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606275913729,"flow_dst_last_pkt_time":1556606276035205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":332,"flow_dst_max_l4_payload_len":1412,"flow_src_tot_l4_payload_len":644,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1556606276035205,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"d45798bc098cd930de7eb2f5f866e994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}}
 00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1556606275913729,"flow_dst_last_pkt_time":1556606276035205,"flow_idle_time":200000000,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"thread_ts_usec":1556606276035205,"pkt":"AAAAp2BiAAAAtzPNCABFIAE94VhAAD4RKZAj0juGCrrGla2bmbMBKYUyFv7\/AAAAAAAAAAMA+wsABgsAAgAFHAAA7xmWcPJxf+syLm5kr8JFkg5FV4AlWuYVZqKRDkSXNY2wDo4JRyk7bpK3luN\/HZfToj36ViRMUxoGzOIdNQQtdLDZ9I6l5ryvVP5AVvfsfLCm9sZAxjhtLYRgCPa+oX7MDX\/1pOIA9ScqtjYO9k7rU1+EQszS6yuQBUHbzqzJDE5+Sr0FYdV0ChHOUsH5pqFWRmYkMY1kxz3WCDFqLZz3OCXgMI4dlHN4OUfYtjdlKZjojOO\/DI2VYl9JYb1bxVDvI\/jLCpX0S20qleMt33f6vetcgUgWnM2jDSMPp6PARk5VmmjgwVuZ3AbB3Md620\/oFv7\/AAAAAAAAAAQADA4AAAAAAwAAAAAAAA=="}
-01322{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606278645792,"flow_dst_last_pkt_time":1556606276558755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":125,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":374,"flow_dst_max_l4_payload_len":1412,"flow_src_tot_l4_payload_len":2162,"flow_dst_tot_l4_payload_len":2976,"midstream":0,"thread_ts_usec":1556606278645792,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00578{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":5138,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1556606278645792}
+01843{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606275913729,"flow_dst_last_pkt_time":1556606276035205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":332,"flow_dst_max_l4_payload_len":1412,"flow_src_tot_l4_payload_len":644,"flow_dst_tot_l4_payload_len":1749,"midstream":0,"thread_ts_usec":1556606276035205,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","server_names":"*.samsungmax.com,*.opera-mini.net","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"d45798bc098cd930de7eb2f5f866e994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=Opera Max CA","subjectDN":"C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=*.opera-mini.net, C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=Opera Max CA","fingerprint":"2F:5F:33:93:DE:4E:8B:EA:87:19:43:1A:7A:28:C2:33:FB:10:B3:A0"}}}
+00576{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":5138,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1591661831005800}
+00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591661831005800,"flow_src_last_pkt_time":1591661831005800,"flow_dst_last_pkt_time":1591661831005800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591661831005800,"l3_proto":"ip4","src_ip":"192.168.1.26","dst_ip":"104.153.87.149","src_port":43594,"dst_port":50001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1591661831005800,"flow_dst_last_pkt_time":1591661831005800,"flow_idle_time":200000000,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_usec":1591661831005800,"pkt":"KICiDkMyVIygpBIpCABFAAC3TLlAAEARa4zAqAEaaJlXlapKw1EAo42PFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79L2+PkbrvwtAd0lRXHnV+fU0MoPLilZ8yrbMm6GEmh9kAAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQAAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQA="}
+01300{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591661831005800,"flow_src_last_pkt_time":1591661831005800,"flow_dst_last_pkt_time":1591661831005800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591661831005800,"l3_proto":"ip4","src_ip":"192.168.1.26","dst_ip":"104.153.87.149","src_port":43594,"dst_port":50001,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"681eb4fb79ccb6d60d35fa502c279d42","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1591661831064972,"flow_dst_last_pkt_time":1591661831005800,"flow_idle_time":200000000,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_usec":1591661831064972,"pkt":"KICiDkMyVIygpBIpCABFAAC3TL1AAEARa4jAqAEaaJlXlapKw1EAo4yPFv7\/AAAAAAAAAAEAjgEAAIIAAAAAAAAAgv79L2+PkbrvwtAd0lRXHnV+fU0MoPLilZ8yrbMm6GEmh9kAAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQAAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQA="}
+02220{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1591661831064972,"flow_dst_last_pkt_time":1591661831093520,"flow_idle_time":200000000,"pkt_caplen":1322,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1322,"pkt_l4_len":1288,"thread_ts_usec":1591661831093520,"pkt":"VIygpBIpKICiDkMyCABFAAUcfqFAADQRQT9omVeVwKgBGsNRqkoFCLIJFv79AAAAAAAAAAAATgIAAEIAAAAAAAAAQv79KEo6Os88E+V+ibSm8PDWfFXbIaOs00k\/ShIhA5ukiXMAwC8AABr\/AQABAAALAAQDAAECACMAAAAOAAUAAgABABb+\/QAAAAAAAAABAJgLAAawAAEAAAAAAIwABq0ABqowggamMIIFjqADAgECAhBM4VepsIXhu6DlNg3oFQysMA0GCSqGSIb3DQEBCwUAMIGPMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZRb+\/QAAAAAAAAACAPMLAAawAAEAAIwAAOdkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMB4XDTIwMDMyNjAwMDAwMFoXDTIyMDYyODAwMDAwMFowFzEVMBMGA1UEAwwMKi5kaXNjb3JkLmdnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLDiaoesd4c+J\/Bksim5Rb8WUNj0DF9Ken7wt4eZTFDCWRcncn+2RQRV8Dwyuak7t\/Zoi26rXfSKyfy1qvOwlrOLi45ubC1DPctmamJX2dxVjgYW\/v0AAAAAAAAAAwDzCwAGsAABAAFzAADnLTEdqfcdsRU88wXAqYTv\/u6WKiHPnClEj+8Yi\/CArz7pbkNg8I6lzKVFCfwZJyYSRlpbfbGZqsaz0wMqKnIY8RzEm4L\/SKKDdnsgrKfAAbvatG6dkK9jfA0fk3nPALkfoo3o8kMpopjYxMNyHI6YovRhvwiO2mfthp\/ylICeB29Z1d6Ija02npoQWJkozfXFa1+w9Ipl4zU8Sy7unjOqcUksckLyFiwU6d9184UCAwEAAaOCA3MwggNvMB8GA1UdIwQYMBaAFI2MXsRUrYrhd+mb+ZsF4bgBjWHhMB0GA1UdDgQWBBQLFv79AAAAAAAAAAQA8wsABrAAAQACWgAA57mlDgRff53Jn4Q6SGrsSjGIzk0wDgYDVR0PAQH\/BAQDAgWgMAwGA1UdEwEB\/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAgcwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMIGEBggrBgEFBQcBAQR4MHYwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1JTQURvbWFpblZhbGlkYRb+\/QAAAAAAAAAFAPMLAAawAAEAA0EAAOd0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTAjBgNVHREEHDAaggwqLmRpc2NvcmQuZ2eCCmRpc2NvcmQuZ2cwggH3BgorBgEEAdZ5AgQCBIIB5wSCAeMB4QB2AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw\/m1HAAABcRkQbNAAAAQDAEcwRQIgercUsgx1qkATwvfrd3Quq3eaYQaqQ6gZS\/5W3YqZIZICIQDF31\/9HYjjWFtKP2pDhVvABn9lSeA="}
+01360{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1591661831005800,"flow_src_last_pkt_time":1591661831064972,"flow_dst_last_pkt_time":1591661831093520,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":310,"flow_dst_tot_l4_payload_len":1280,"midstream":0,"thread_ts_usec":1591661831093520,"l3_proto":"ip4","src_ip":"192.168.1.26","dst_ip":"104.153.87.149","src_port":43594,"dst_port":50001,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"681eb4fb79ccb6d60d35fa502c279d42","ja3s":"201fdaa63db9a086f36651aa4cfd0819","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}}
+02136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1591661831064972,"flow_dst_last_pkt_time":1591661831093656,"flow_idle_time":200000000,"pkt_caplen":1257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1257,"pkt_l4_len":1223,"thread_ts_usec":1591661831093656,"pkt":"VIygpBIpKICiDkMyCABFAATbfqJAADQRQX9omVeVwKgBGsNRqkoExy4IFv79AAAAAAAAAAYA8wsABrAAAQAEKAAA58h9uzNZbntMYktZAHYA36Veq2iCTx9sre64X04+WurNohKkal6OOxLAIERcKnMAAAFxGRBsmwAABAMARzBFAiApWTBZxdLT79S6Ig+uB892YqmmtBmV7ZOnMeoealK6IAIhAPUQVbJDdFaeI9lV0tAczBoraqHK\/BN8x6q+AGulqXqYAHYAQcjKsd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAFxGRBs6wAABAMARzBFAiAqTzH2Y+XFIb61QZLjCkTUxrQH7bjlHVCt1FMeFj2UOgIhANyKvnrM7ePwxrOAfBb+\/QAAAAAAAAAHAPMLAAawAAEABQ8AAOdAVrKBtkEYdXvvFGsCIes8eUPzOwB3AG9Tdqwx8DEZ2JkApFEV\/3cVHBHZAsEAKQaNsgiaN9kTAAABcRkQbHMAAAQDAEgwRgIhALMuylmf9X4NNnd3tnj0UTiiOK77ome\/tJWiO6J\/xw7bAiEA9bJDisGifcUTSdKScOBVqbaMAha\/FtR5PLI4mPJIbD0wDQYJKoZIhvcNAQELBQADggEBADaqoR+PnHxIbvP7Yq0nzl+bPpsfH\/m7NT6gclOCdjAf1haV7LC5oec\/mRflUwtx0ZjvXG6fcIOPNYfGB1sw9MHD3Wpbz5cW\/v0AAAAAAAAACADGCwAGsAABAAX2AAC6QTKk+edRhm6U7KIBeiyhIbVWLWhM0hil89+m8fOs8O2MzzZMqm2cyqmYYjG05ge5\/tzwIcR6NJo35dqIpK9FkcmIEZEpiSS9\/sCQItmRbLhjcRwoh55uO86kHB2ocBjcqFKF1aQ4NvBkRA8auPxHrEkgtWt8EGgUQ8pka16C7gZ\/zQYED7aP+YBL7EZ7UJgYNX3Nif3A4NM+E6d5G2e3ulyH\/eOIBsfkTPejvFBHYb0sqgqee7+qrBskFv79AAAAAAAAAAkAIAwAAUkAAgAAAAAAFAMAF0EEAAbNSbm\/C1RtcfhJE4FHFv79AAAAAAAAAAoA8wwAAUkAAgAAFAAA59o8IIbxEQCQOWPi1PZJF8Ekdjl8ShZo3qUHj84iN9GGDd+REE7oULkv91A5+YkfxwIEAQEAZBfczqFmnATcvEeZHjHma4NmgkFs\/ep1DiawUrAIovjw7bm5V9i1zZeeUDiJpIrArx93QAsW6kvfdkC75m+soOhuBjCtlNUyQT5+ZeL6z+x4Lk59wAOqsRqs915lKyvTQqd2P8nll30L8yeKMJOka+95GhoTkWeyaSmn1HPjVVIRaWrRa2Oe6+63FOT12Pd6ojoCwAf4Vo6QsRc8T81WxIZt2TCUa5MOo4UrKI5GKI8p2hb+\/QAAAAAAAAALAFoMAAFJAAIAAPsAAE6kTiJ6\/PYGa0FWf7cll8FaD7KrL9rUeAVrmWus9FF9b\/oJPWe1xvj1l2pEM6RpniiG\/Ak4p1K3saH2n+St0lphIbqigXdk2gm3uk9kf64W\/v0AAAAAAAAADAAyDQAAJgADAAAAAAAmAwECQAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAAAW\/v0AAAAAAAAADQAMDgAAAAAEAAAAAAAA"}
+01650{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1591661831005800,"flow_src_last_pkt_time":1591661831064972,"flow_dst_last_pkt_time":1591661831093656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":310,"flow_dst_tot_l4_payload_len":2495,"midstream":0,"thread_ts_usec":1591661831093656,"l3_proto":"ip4","src_ip":"192.168.1.26","dst_ip":"104.153.87.149","src_port":43594,"dst_port":50001,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS.Discord","proto_id":"30.58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","tls": {"version":"DTLSv1.2","server_names":"*.discord.gg,discord.gg","ja3":"681eb4fb79ccb6d60d35fa502c279d42","ja3s":"201fdaa63db9a086f36651aa4cfd0819","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA","subjectDN":"CN=*.discord.gg","fingerprint":"0C:A2:45:E6:4A:06:B0:31:C6:BF:B6:C5:1B:AE:A0:A3:8E:41:B2:3C"}}}
+01271{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1591661831094429,"flow_dst_last_pkt_time":1591661831093656,"flow_idle_time":200000000,"pkt_caplen":621,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":621,"pkt_l4_len":587,"thread_ts_usec":1591661831094429,"pkt":"KICiDkMyVIygpBIpCABFAAJfTMFAAEARadzAqAEaaJlXlapKw1ECSz2PFv79AAAAAAAAAAIBLAsAASAAAQAAAAABIAABHQABGjCCARYwgb2gAwIBAgIJANEC+9dk9FU0MAoGCCqGSM49BAMCMBExDzANBgNVBAMMBldlYlJUQzAeFw0yMDA2MDgwMDE3MTBaFw0yMDA3MDkwMDE3MTBaMBExDzANBgNVBAMMBldlYlJUQzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMN4B8BcSIB8vft5RRQLAR85m\/tKuX7g5T1IYw7Hm7qhkyBdZX4OnwIFwDEfSDt3hvNzM2wWRdpiSZ6iGF90YtUwCgYIKoZIzj0EAwIDSAAwRQIgYiBJQW7KDUuAi3M9L3zwhEDpAL9q4DirUrayN1dURyMCIQD5bYw+Zs558BwlQadzNvlnhksxNHUTMmtsQ591HUXbABb+\/QAAAAAAAAADAE4QAABCAAIAAAAAAEJBBMZcbp+gpTP\/98W2Gp\/agbTEoqgz1y6bqmJbklIBPupi+fq8SYEjO9Y9JmSaRonmMNJqXH7zBblXPkmNr6nWxPMW\/v0AAAAAAAAABABXDwAASwADAAAAAABLBAMARzBFAiEAi1u+G3KaGQXoX1KGtvuQeozvmzHFR9Ra5exkC1MSZpoCIFTAFKcDyN3bpdNt1LWIF31bDpEkYEvrDTEBZbETusOEFP79AAAAAAAAAAUAAQEW\/v0AAQAAAAAAAAAwAAEAAAAAAACBA9i\/5ZXnRtf9Ph0HrY+iWRLDuMWOD5PqKOYsPS6F0szsv0blWRNP"}
+01322{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606278645792,"flow_dst_last_pkt_time":1556606276558755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":125,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":374,"flow_dst_max_l4_payload_len":1412,"flow_src_tot_l4_payload_len":2162,"flow_dst_tot_l4_payload_len":2976,"midstream":0,"thread_ts_usec":1591661831138018,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+01232{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1591661831005800,"flow_src_last_pkt_time":1591661831094429,"flow_dst_last_pkt_time":1591661831138018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":579,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":889,"flow_dst_tot_l4_payload_len":3074,"midstream":0,"thread_ts_usec":1591661831138018,"l3_proto":"ip4","src_ip":"192.168.1.26","dst_ip":"104.153.87.149","src_port":43594,"dst_port":50001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS.Discord","proto_id":"30.58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}}
+00578{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","packets-captured":26,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":9101,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1591661831138018}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
-~~ packets captured/processed: 20/20
+~~ packets captured/processed: 26/26
 ~~ skipped flows.............: 0
-~~ total layer4 data length..: 5138 bytes
-~~ total detected protocols..: 1
-~~ total active/idle flows...: 1/1
+~~ total layer4 data length..: 9101 bytes
+~~ total detected protocols..: 2
+~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412370 bytes
-~~ total memory freed........: 6412370 bytes
-~~ total allocations/frees...: 122458/122458
+~~ total memory allocated....: 6425896 bytes
+~~ total memory freed........: 6425896 bytes
+~~ total allocations/frees...: 122498/122498
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 511 chars
 ~~ json string max len.......: 2395 chars
-~~ json string avg len.......: 1434 chars
+~~ json string avg len.......: 1452 chars
diff --git a/test/results/dtls_mid_sessions.pcapng.out b/test/results/dtls_mid_sessions.pcapng.out
index 90e15448d..375607b4b 100644
--- a/test/results/dtls_mid_sessions.pcapng.out
+++ b/test/results/dtls_mid_sessions.pcapng.out
@@ -37,9 +37,9 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6419785 bytes
-~~ total memory freed........: 6419785 bytes
-~~ total allocations/frees...: 122560/122560
+~~ total memory allocated....: 6424714 bytes
+~~ total memory freed........: 6424714 bytes
+~~ total allocations/frees...: 122570/122570
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 504 chars
 ~~ json string max len.......: 2466 chars
diff --git a/test/results/dtls_old_version.pcapng.out b/test/results/dtls_old_version.pcapng.out
index e6d0883c8..e900c5802 100644
--- a/test/results/dtls_old_version.pcapng.out
+++ b/test/results/dtls_old_version.pcapng.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411996 bytes
-~~ total memory freed........: 6411996 bytes
-~~ total allocations/frees...: 122445/122445
+~~ total memory allocated....: 6416901 bytes
+~~ total memory freed........: 6416901 bytes
+~~ total allocations/frees...: 122455/122455
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 503 chars
 ~~ json string max len.......: 1185 chars
diff --git a/test/results/dtls_session_id_and_coockie_both.pcap.out b/test/results/dtls_session_id_and_coockie_both.pcap.out
index 4ef9d1bcc..f36e05bb0 100644
--- a/test/results/dtls_session_id_and_coockie_both.pcap.out
+++ b/test/results/dtls_session_id_and_coockie_both.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411870 bytes
-~~ total memory freed........: 6411870 bytes
-~~ total allocations/frees...: 122441/122441
+~~ total memory allocated....: 6416775 bytes
+~~ total memory freed........: 6416775 bytes
+~~ total allocations/frees...: 122451/122451
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 517 chars
 ~~ json string max len.......: 1372 chars
diff --git a/test/results/elasticsearch.pcap.out b/test/results/elasticsearch.pcap.out
index 0078c4f6a..c5332e7d5 100644
--- a/test/results/elasticsearch.pcap.out
+++ b/test/results/elasticsearch.pcap.out
@@ -50,9 +50,9 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6438245 bytes
-~~ total memory freed........: 6438245 bytes
-~~ total allocations/frees...: 122556/122556
+~~ total memory allocated....: 6443198 bytes
+~~ total memory freed........: 6443198 bytes
+~~ total allocations/frees...: 122566/122566
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 498 chars
 ~~ json string max len.......: 2865 chars
diff --git a/test/results/emotet.pcap.out b/test/results/emotet.pcap.out
index a0c476d70..7b46a408c 100644
--- a/test/results/emotet.pcap.out
+++ b/test/results/emotet.pcap.out
@@ -70,9 +70,9 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6513207 bytes
-~~ total memory freed........: 6513207 bytes
-~~ total allocations/frees...: 124897/124897
+~~ total memory allocated....: 6518169 bytes
+~~ total memory freed........: 6518169 bytes
+~~ total allocations/frees...: 124909/124909
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 2401 chars
diff --git a/test/results/encrypted_sni.pcap.out b/test/results/encrypted_sni.pcap.out
index 4aabc36e9..3848f4261 100644
--- a/test/results/encrypted_sni.pcap.out
+++ b/test/results/encrypted_sni.pcap.out
@@ -21,9 +21,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6423458 bytes
-~~ total memory freed........: 6423458 bytes
-~~ total allocations/frees...: 122473/122473
+~~ total memory allocated....: 6428379 bytes
+~~ total memory freed........: 6428379 bytes
+~~ total allocations/frees...: 122483/122483
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 498 chars
 ~~ json string max len.......: 1469 chars
diff --git a/test/results/esp.pcapng.out b/test/results/esp.pcapng.out
index 70641a6f4..dcdc990ce 100644
--- a/test/results/esp.pcapng.out
+++ b/test/results/esp.pcapng.out
@@ -21,9 +21,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6413720 bytes
-~~ total memory freed........: 6413720 bytes
-~~ total allocations/frees...: 122453/122453
+~~ total memory allocated....: 6418633 bytes
+~~ total memory freed........: 6418633 bytes
+~~ total allocations/frees...: 122463/122463
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 961 chars
diff --git a/test/results/ethereum.pcap.out b/test/results/ethereum.pcap.out
index ece75d3b7..965cec845 100644
--- a/test/results/ethereum.pcap.out
+++ b/test/results/ethereum.pcap.out
@@ -579,9 +579,9 @@
 ~~ total active/idle flows...: 74/74
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6601202 bytes
-~~ total memory freed........: 6601202 bytes
-~~ total allocations/frees...: 125241/125241
+~~ total memory allocated....: 6606691 bytes
+~~ total memory freed........: 6606691 bytes
+~~ total allocations/frees...: 125251/125251
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 493 chars
 ~~ json string max len.......: 2238 chars
diff --git a/test/results/ethernetIP.pcap.out b/test/results/ethernetIP.pcap.out
index 65ffe9654..7c94aa30b 100644
--- a/test/results/ethernetIP.pcap.out
+++ b/test/results/ethernetIP.pcap.out
@@ -41,9 +41,9 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6420046 bytes
-~~ total memory freed........: 6420046 bytes
-~~ total allocations/frees...: 122569/122569
+~~ total memory allocated....: 6424975 bytes
+~~ total memory freed........: 6424975 bytes
+~~ total allocations/frees...: 122579/122579
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 495 chars
 ~~ json string max len.......: 2113 chars
diff --git a/test/results/exe_download.pcap.out b/test/results/exe_download.pcap.out
index edc05cd8b..d5e822d70 100644
--- a/test/results/exe_download.pcap.out
+++ b/test/results/exe_download.pcap.out
@@ -19,9 +19,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6432329 bytes
-~~ total memory freed........: 6432329 bytes
-~~ total allocations/frees...: 123146/123146
+~~ total memory allocated....: 6437247 bytes
+~~ total memory freed........: 6437247 bytes
+~~ total allocations/frees...: 123157/123157
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 496 chars
 ~~ json string max len.......: 2514 chars
diff --git a/test/results/exe_download_as_png.pcap.out b/test/results/exe_download_as_png.pcap.out
index f130ca5a6..00c1ecea7 100644
--- a/test/results/exe_download_as_png.pcap.out
+++ b/test/results/exe_download_as_png.pcap.out
@@ -19,9 +19,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6427359 bytes
-~~ total memory freed........: 6427359 bytes
-~~ total allocations/frees...: 122976/122976
+~~ total memory allocated....: 6432277 bytes
+~~ total memory freed........: 6432277 bytes
+~~ total allocations/frees...: 122987/122987
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 503 chars
 ~~ json string max len.......: 2408 chars
diff --git a/test/results/facebook.pcap.out b/test/results/facebook.pcap.out
index a8e4eb5e5..380fd3637 100644
--- a/test/results/facebook.pcap.out
+++ b/test/results/facebook.pcap.out
@@ -29,9 +29,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6430709 bytes
-~~ total memory freed........: 6430709 bytes
-~~ total allocations/frees...: 122532/122532
+~~ total memory allocated....: 6435622 bytes
+~~ total memory freed........: 6435622 bytes
+~~ total allocations/frees...: 122542/122542
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 493 chars
 ~~ json string max len.......: 2179 chars
diff --git a/test/results/fastcgi.pcap.out b/test/results/fastcgi.pcap.out
index c36dd4283..93234c642 100644
--- a/test/results/fastcgi.pcap.out
+++ b/test/results/fastcgi.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6416791 bytes
-~~ total memory freed........: 6416791 bytes
-~~ total allocations/frees...: 122541/122541
+~~ total memory allocated....: 6421696 bytes
+~~ total memory freed........: 6421696 bytes
+~~ total allocations/frees...: 122551/122551
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 2106 chars
diff --git a/test/results/firefox.pcap.out b/test/results/firefox.pcap.out
index 99849bc06..9d8348c79 100644
--- a/test/results/firefox.pcap.out
+++ b/test/results/firefox.pcap.out
@@ -73,9 +73,9 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6924593 bytes
-~~ total memory freed........: 6924593 bytes
-~~ total allocations/frees...: 127997/127997
+~~ total memory allocated....: 6929538 bytes
+~~ total memory freed........: 6929538 bytes
+~~ total allocations/frees...: 128007/128007
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 2149 chars
diff --git a/test/results/fix.pcap.out b/test/results/fix.pcap.out
index 444df7026..e6f4b26f4 100644
--- a/test/results/fix.pcap.out
+++ b/test/results/fix.pcap.out
@@ -110,9 +110,9 @@
 ~~ total active/idle flows...: 12/12
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6492691 bytes
-~~ total memory freed........: 6492691 bytes
-~~ total allocations/frees...: 123830/123830
+~~ total memory allocated....: 6497684 bytes
+~~ total memory freed........: 6497684 bytes
+~~ total allocations/frees...: 123840/123840
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 488 chars
 ~~ json string max len.......: 2193 chars
diff --git a/test/results/fix2.pcap.out b/test/results/fix2.pcap.out
index 9e527615c..a8010a2e0 100644
--- a/test/results/fix2.pcap.out
+++ b/test/results/fix2.pcap.out
@@ -27,9 +27,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6505976 bytes
-~~ total memory freed........: 6505976 bytes
-~~ total allocations/frees...: 125495/125495
+~~ total memory allocated....: 6510889 bytes
+~~ total memory freed........: 6510889 bytes
+~~ total allocations/frees...: 125505/125505
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 2043 chars
diff --git a/test/results/flow-analyse/1kxun.pcap.out b/test/results/flow-analyse/1kxun.pcap.out
index 04ab354d4..4981fc333 100644
--- a/test/results/flow-analyse/1kxun.pcap.out
+++ b/test/results/flow-analyse/1kxun.pcap.out
@@ -4,9 +4,9 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_
 1,ip4,192.168.115.8,106.187.35.246,tcp,49599,80,finished,12,20,1470104379117273,1470104379305366,1470104379309692,0,0,361,1260,722,21739,0,23,12274.6,66840,23326.2,544113344.0,2.9,"36,53209,53269,23,4558,53,61521,40,293,57,57277,26,5093,104,312,45,266,88,5943,34,1372,65090,55,53,50,66840,34,3844,90,757,80",40,743.2,1300,600.2,360235.6,4.4,"52,52,52,40,40,401,401,46,359,1300,1300,40,40,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300","10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,1,1,0,0,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1","4.540471077,4.540471077,4.955154419,4.834183693,4.834183693,5.784319878,5.784319878,4.303872585,5.637725830,7.471795559,7.791592598,4.734183788,4.734183788,7.804637909,7.807570934,7.830432415,7.825576305,7.818768978,7.845777035,4.734183788,4.734183788,7.838691235,7.833523750,7.842283726,7.806497097,7.842946529,4.784183979,4.784183979,7.828577518,7.834991455,7.820946693,7.813043594",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,""
 1,ip4,192.168.115.8,106.187.35.246,tcp,49604,80,finished,10,22,1470104379119336,1470104379328801,1470104379305020,0,0,369,1260,1458,23877,0,26,12746.7,96474,26329.7,693255296.0,2.7,"37,50730,50813,26,5716,35,60276,105,70,53,49,73,718,44,49,52,342,56283,26,72323,56,48,50,164,52,68,54,259,49,96474,55",40,833.0,1300,555.0,308021.3,4.6,"52,52,52,40,40,400,400,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,1300,1300,1300,918,409,409","6,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0","4.502009392,4.502009392,4.955154896,4.884183884,4.884183884,5.823695183,5.823695183,4.434307098,5.651605129,7.494920254,7.816417217,7.819696903,7.824419022,7.827455044,7.838195324,7.842068195,7.840069771,7.839951038,4.834183693,4.834183693,7.833738804,7.824559212,7.804037571,7.837569714,7.815773964,7.860733032,7.833745480,7.858436108,7.849576473,7.725791931,5.812777519,5.812777519",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,""
 1,ip4,192.168.115.8,106.187.35.246,tcp,49600,80,finished,10,22,1470104379117772,1470104379360886,1470104379361184,0,0,362,1260,724,24259,0,23,15694.4,142000,32346.1,1046270720.0,2.8,"54,51945,52076,32,5225,53,60454,877,31,40,63,40,400,73,48,50,170,85115,142000,23,40785,2483,129,70,65,43573,78,404,66,55,49",40,822.0,1300,585.2,342449.5,4.5,"52,52,52,40,40,402,402,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300","8,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1","4.540471077,4.540471077,4.993616104,4.784183979,4.784183979,5.806403637,5.806403637,4.330940247,5.620885849,6.705548286,7.731300354,7.779007435,7.737928867,7.737201214,7.704045296,7.681565285,7.569606781,4.071334362,6.314223289,4.784183979,4.784183979,7.705962181,7.781871796,7.735430241,7.740441799,7.698603153,4.834183693,4.834183693,7.712049484,7.719846249,5.648873806,3.023065329",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,""
-1,ip4,192.168.115.8,106.185.35.110,tcp,49606,80,finished,14,18,1470104379916887,1470104380141237,1470104380142241,0,0,357,1260,714,20160,0,26,14506.6,146838,33179.1,1100853504.0,2.6,"56,37783,37994,70,1795,58,38952,109751,153,146838,45,329,66,113,56,463,29,236,62,115,388,44,244,36267,36544,26,410,130,482,92,113",40,693.6,1300,612.0,374554.6,4.3,"52,52,52,40,40,397,397,46,1300,1300,40,40,1300,1300,1300,1300,40,40,1300,1300,1300,40,40,1300,1300,40,40,1300,1300,1300,1300,1300","12,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,0,1,1,1,1,1","4.540471077,4.540471077,4.955154896,4.784183979,4.784183979,5.758289814,5.758289814,4.303872585,5.568258762,4.972586632,4.784183979,4.784183979,4.816908836,5.305360317,5.245053291,5.141684532,4.684184074,4.684184074,5.953328609,5.139973164,5.197480202,4.784183979,4.784183979,5.838756561,5.133826733,4.734184265,4.734184265,4.452571869,4.709616661,4.691545486,5.564413548,5.160192013",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,""
+1,ip4,192.168.115.8,106.185.35.110,tcp,49606,80,finished,14,18,1470104379916887,1470104380141237,1470104380142241,0,0,357,1260,714,20160,0,26,14506.6,146838,33179.1,1100853504.0,2.6,"56,37783,37994,70,1795,58,38952,109751,153,146838,45,329,66,113,56,463,29,236,62,115,388,44,244,36267,36544,26,410,130,482,92,113",40,693.6,1300,612.0,374554.6,4.3,"52,52,52,40,40,397,397,46,1300,1300,40,40,1300,1300,1300,1300,40,40,1300,1300,1300,40,40,1300,1300,40,40,1300,1300,1300,1300,1300","12,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,0,1,1,1,1,1","4.540471077,4.540471077,4.955154896,4.784183979,4.784183979,5.758289814,5.758289814,4.303872585,5.568258762,4.972586632,4.784183979,4.784183979,4.816908836,5.305360317,5.245053291,5.141684532,4.684184074,4.684184074,5.953328609,5.139973164,5.197480202,4.784183979,4.784183979,5.838756561,5.133826733,4.734184265,4.734184265,4.452571869,4.709616661,4.691545486,5.564413548,5.160192013",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"11"
 1,ip4,192.168.115.8,42.120.51.152,tcp,49609,8080,finished,19,13,1470104380890420,1470104382084858,1470104381881083,0,0,445,1260,3612,6271,0,25,70487.1,398999,104302.2,10878943232.0,3.6,"50,76520,76599,25,1136,41,62341,85,61755,47,298859,73,398999,66467,177,166123,34,60273,507,89,60822,34,117112,46,178142,469,61984,45,102335,44259,349653",40,350.6,1300,410.3,168364.1,4.1,"52,52,48,40,40,292,292,46,65,485,485,485,485,46,1300,1300,40,40,1300,1300,528,40,40,267,267,46,65,477,477,46,733,40","9,0,0,0,0,0,0,4,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,1,0","4.633441925,4.633441925,4.967222691,4.981687069,4.981687069,5.768459320,5.768459320,4.652828693,5.358993053,6.064707279,6.064707279,6.054220200,6.054220200,4.609350204,5.268521309,4.718248367,4.931687355,4.931687355,4.699154854,5.227048397,4.912804604,4.931686878,4.931686878,5.830219269,5.830219269,4.609350204,5.397304058,6.051352978,6.051352978,4.696306705,5.685911179,4.912815094",HTTP,7,0,Acceptable,Web,6,DPI,"5,12"
-1,ip4,192.168.115.8,183.131.48.144,tcp,49613,80,finished,20,12,1470104382053678,1470104384990940,1470104384790982,0,0,503,1024,1006,9497,0,26,183050.5,862765,252834.9,63925489664.0,3.6,"31,69271,69368,26,1928,34,67940,1399,6083,291,73959,37,665858,862765,47,408647,411020,37,251400,251827,47,336785,335976,58,329935,190,130781,55,599505,799208,58",40,369.3,1064,452.5,204736.5,3.9,"52,52,46,40,40,543,543,46,321,1064,1064,40,40,1064,40,40,1064,40,40,1064,40,40,1064,40,40,1064,1064,40,40,1064,40,40","18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,1,0,0,1,0,0","4.463547707,4.463547707,4.611080170,4.784183979,4.784183979,5.504161358,5.504161358,4.457919598,5.616157532,3.396698952,2.285910130,4.834183693,4.834183693,2.224251509,4.834183693,4.834183693,2.277304173,4.834183693,4.834183693,2.234616041,4.834183693,4.834183693,2.318356037,4.834183693,4.834183693,2.277927399,2.247195482,4.834183693,4.834183693,2.248827934,4.834183693,4.834183693",HTTP,7,0,Acceptable,Media,6,DPI,"12"
+1,ip4,192.168.115.8,183.131.48.144,tcp,49613,80,finished,20,12,1470104382053678,1470104384990940,1470104384790982,0,0,503,1024,1006,9497,0,26,183050.5,862765,252834.9,63925489664.0,3.6,"31,69271,69368,26,1928,34,67940,1399,6083,291,73959,37,665858,862765,47,408647,411020,37,251400,251827,47,336785,335976,58,329935,190,130781,55,599505,799208,58",40,369.3,1064,452.5,204736.5,3.9,"52,52,46,40,40,543,543,46,321,1064,1064,40,40,1064,40,40,1064,40,40,1064,40,40,1064,40,40,1064,1064,40,40,1064,40,40","18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,1,0,0,1,0,0","4.463547707,4.463547707,4.611080170,4.784183979,4.784183979,5.504161358,5.504161358,4.457919598,5.616157532,3.396698952,2.285910130,4.834183693,4.834183693,2.224251509,4.834183693,4.834183693,2.277304173,4.834183693,4.834183693,2.234616041,4.834183693,4.834183693,2.318356037,4.834183693,4.834183693,2.277927399,2.247195482,4.834183693,4.834183693,2.248827934,4.834183693,4.834183693",HTTP,7,0,Acceptable,Media,6,DPI,"11,12"
 1,ip4,192.168.115.8,106.187.35.246,tcp,49603,80,finished,11,21,1470104379118972,1470104424311883,1470104379310452,0,0,361,1260,723,22966,0,19,1464012.6,45001141,7948794.0,63183326806016.0,0.1,"34,54477,54551,26,4891,45,65495,70,68,364,89,71,208,46,29,27,25,61484,19,69006,62,56,48,731,52,51,51,454,70696,24,45001141",40,781.6,1300,593.2,351838.7,4.4,"52,52,52,40,40,401,401,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,1300,1300,1267,40,40,41","9,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,17,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0","4.578932762,4.578932762,5.032077789,4.884183884,4.884183884,5.794129372,5.794129372,4.434307098,5.652597904,7.484868050,7.818575859,7.782110691,7.797027111,7.823266506,7.845933437,7.821538448,7.845500469,7.838393688,4.834183693,4.834183693,7.836544514,7.832671165,7.837013721,7.831301689,7.829290867,7.832065582,7.849477768,7.838781357,7.842006683,4.884183884,4.884183884,4.829466343",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,""
 1,ip4,192.168.2.126,172.105.121.82,tcp,46170,80,finished,2,30,1654385136207603,1654385137102946,1654385137455380,208,0,212,21600,420,143010,1,0,69132.9,895343,184366.4,33990969344.0,2.2,"356191,54,308075,59,2442,3212,112,200163,0,56,36,29,26,27,25,1594,86,63,42,33,23,24,35,23,895343,371980,1,1344,81,1941,0",260,4534.2,21652,5608.1,31450232.0,4.2,"264,373,13012,14452,2932,2932,1492,7252,2932,1492,2932,2932,1492,1492,1492,1492,1492,4372,6324,2932,2932,1492,1492,1492,788,260,373,17332,21652,1492,4372,17332","0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,16","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1","5.893450737,5.720896244,7.959624290,7.965476036,7.917325974,7.914794445,7.850610256,7.954618454,7.905844212,7.834187031,7.916584969,7.918063164,7.852417469,7.840590954,7.847774029,7.850798130,7.845216751,7.939498901,7.947888374,7.909615040,7.916443348,7.857475281,7.837258339,7.835073948,7.714247704,5.815073967,5.763088703,7.974996090,7.979550838,7.864511967,7.949629784,7.970819473",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,""
 1,ip4,192.168.2.126,172.105.121.82,tcp,60148,80,finished,5,27,1654385131029337,1654385137110902,1654385137463937,202,0,212,21600,1039,156844,1,0,403747.2,4660887,1126862.6,1269819375616.0,2.4,"306055,4848,325793,248766,0,4660887,4604216,364,552,841,1047,367664,0,134,94,2523,0,311381,0,119,1695,102,878348,204467,0,1564,1050,216537,375544,43,1531",254,4985.8,21652,6236.2,38890032.0,4.1,"254,370,6284,254,370,5668,264,372,1492,1492,7252,2932,5812,2932,10132,2932,1492,5812,2932,1492,8692,1492,5754,263,372,20212,21652,15349,264,373,2932,21652","0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,2,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,17","0,1,1,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,0,1,1,1","5.855428219,5.722984791,7.936409950,5.839015007,5.749445915,7.913037300,5.895416737,5.774818897,7.526371002,7.860151768,7.955783844,7.904475212,7.946855068,7.922424793,7.958326817,7.918138504,7.851068020,7.947721004,7.924707413,7.854940414,7.955513000,7.859978199,7.947089672,5.929639816,5.726084709,7.965382099,7.968444347,7.959605694,5.904361725,5.721296787,7.762065887,7.963563442",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,""
diff --git a/test/results/flow-analyse/aimini-http.pcap.out b/test/results/flow-analyse/aimini-http.pcap.out
deleted file mode 100644
index 3a1089152..000000000
--- a/test/results/flow-analyse/aimini-http.pcap.out
+++ /dev/null
@@ -1,2 +0,0 @@
-flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks
-1,ip4,10.101.0.2,10.102.0.2,tcp,28501,80,finished,14,18,1614860229383219,1614860229387313,1614860229385946,0,0,1460,1460,4110,20912,0,1,220.0,1148,358.7,128687.4,3.4,"532,1116,414,1004,27,697,105,894,3,1,2,1,1,2,2,191,11,276,4,1,4,2,1,3,3,78,197,1,99,1148,1",46,824.4,1500,690.0,476082.3,4.4,"48,48,48,48,46,635,46,635,1500,1500,1500,1500,1500,1500,1500,276,1500,1500,46,1500,1500,46,1500,1500,46,1500,276,46,46,46,1500,1500","10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0","0,0,1,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,0,1,1,0,1,1,0,1,1,0,0,0,0,0","3.876627445,4.083755016,4.256327152,4.460499287,3.752108097,6.013849258,4.032184601,6.031517506,7.687114239,7.864995956,7.665461540,7.860690594,7.831142426,7.843841553,7.850586891,7.036180973,7.689830303,7.865575314,3.752107620,7.667116165,7.864095211,3.752107859,7.832858562,7.845948219,3.752108335,7.852002144,7.046712399,3.988705873,4.032184124,3.988706112,5.843052864,4.502032280",HTTP.Aimini,7.99,0,Fun,Download,6,DPI,""
diff --git a/test/results/flow-analyse/alexa-app.pcapng.out b/test/results/flow-analyse/alexa-app.pcapng.out
index 46e0ee1d5..1371472ba 100644
--- a/test/results/flow-analyse/alexa-app.pcapng.out
+++ b/test/results/flow-analyse/alexa-app.pcapng.out
@@ -19,7 +19,6 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_
 1,ip4,172.16.42.216,52.85.209.197,tcp,55242,443,info,15,17,1490976029248822,1490976030758212,1490976150757970,0,0,1448,1448,5474,6814,0,33,3968339.8,120002762,21185284.0,448816230694912.0,0.3,"77142,79508,13198,60889,401,551,135,48584,1797,3570,177758,227426,44512,20026,267154,445550,122636,142,45,33,282451,8709,270484,1626,407007,145,164075,140,290013,120002762,69",52,436.5,1500,570.0,324877.8,3.9,"60,60,52,273,52,1500,1500,626,52,52,52,178,294,52,1416,1416,52,1500,300,96,86,52,52,1500,1003,52,52,1315,86,52,83,52","9,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0","7,3,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,1,0,0,0,0,1,0,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,0,1,1","4.739262104,5.306893826,5.017560959,5.448555946,5.115703583,6.960030556,7.238288403,7.584036827,5.017560959,5.094483852,5.041505337,6.602245331,7.164677143,5.041505337,7.862887383,7.863117218,5.115703106,7.885983467,7.259884357,6.084556580,5.826154709,5.094483852,5.132945538,7.862029552,7.810581207,5.115703106,5.077241421,7.851958752,5.873827457,5.132945538,5.636672497,5.115703106",,,,,,,,""
 1,ip4,172.16.42.216,54.239.28.178,tcp,50799,443,info,18,14,1490976177276176,1490976187574979,1490976187571653,0,0,1460,1460,8229,4012,0,112,664331.6,8001087,1905246.8,3629965115392.0,2.5,"133822,140403,3233,141605,1309,112,137230,287,136,2714,82197,163,95708,410,359058,405413,633638,688626,100774,373131,50752,202632,7767064,1576,8001087,353783,410110,314766,108314,179,84048",40,424.7,1500,584.7,341856.6,3.8,"60,48,40,247,1500,1500,385,40,40,40,366,46,99,1500,190,46,1500,99,40,1500,46,669,40,1500,286,46,40,46,1500,46,46,40","9,0,0,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0","8,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,0,1,0,0,1,1,0,0,0,1,0,1,0,1,1,0","4.739262104,5.176427841,4.831687450,5.587803364,6.784171104,7.276063442,7.379589558,4.681686878,4.831686974,4.881687164,7.374952793,4.565872192,6.002931595,7.862873554,6.853326321,4.609350204,7.863068104,6.002931595,4.831687450,7.863775730,4.652828693,7.736141205,4.831687450,7.863870144,7.273199081,4.501398087,4.781687260,4.544876099,7.864799976,4.565871716,4.609350204,4.881687164",,,,,,,,""
 1,ip4,172.16.42.216,52.85.209.143,tcp,41828,443,info,15,17,1490976195529965,1490976195874449,1490976195873685,0,0,1448,1448,4065,11044,0,49,22200.1,105973,31062.3,964868608.0,3.6,"42665,43661,659,44970,3982,526,602,251,50626,787,253,1113,7308,12716,306,65597,42616,4166,48889,363,25248,76421,105973,250,551,581,305,49,101959,2918,1893",52,525.8,1500,600.4,360465.6,4.1,"60,60,52,254,52,1500,1500,1500,819,52,52,52,52,178,1500,767,64,178,1500,64,306,52,52,1500,1500,1500,683,594,129,52,149,52","9,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","5,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,1,1,1,0,1,1,1,1,1,1,0,1,0","4.672595501,5.194312096,4.986606121,5.562634945,5.014835358,6.943727970,7.231536865,7.504313469,7.550236702,5.056022167,4.926120281,5.003043652,4.940637589,6.271958828,7.856376171,7.737624168,5.206705093,6.298671246,7.856991291,5.133970261,7.098200321,5.000318050,4.979098797,7.871394634,7.857693672,7.882867336,7.672193050,7.592197895,6.342199802,4.986606121,6.480828762,4.846472263",,,,,,,,""
-1,ip4,172.16.42.216,52.84.62.115,tcp,41913,443,info,16,16,1490976195984177,1490976196473740,1490976196515206,0,0,1277,1448,5359,12694,0,54,32922.3,261773,58822.9,3460134400.0,3.5,"16682,17944,1581,27330,5292,477,511,279,32463,293,12932,291,133,38969,52766,61918,541,272,54,35117,659,5109,216850,261773,199,39363,7450,74173,66612,42132,427",52,617.0,1500,624.9,390532.6,4.2,"60,60,52,271,52,1500,1500,1500,750,52,52,52,52,178,310,1329,1500,1500,756,86,52,52,1294,1294,848,86,52,1305,86,64,1500,1500","10,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0","2,3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,1,1,1,0,0,0,0,1,1,0,0,1,0,1,1","4.672595501,5.227645397,4.979098797,5.733110428,5.038779736,7.056696892,7.289340973,7.487235546,7.581061363,5.056022644,5.056022644,5.056022167,5.017560482,6.267822742,7.174037933,7.836223602,7.860962391,7.884104729,7.725840569,5.789581299,4.948144436,4.933627605,7.835659504,7.836359024,7.744181633,5.795281410,4.926120281,7.845304489,5.818537712,4.911738873,7.873147964,7.870454311",,,,,,,,""
 1,ip4,172.16.42.216,52.85.209.143,tcp,38483,443,finished,10,22,1490976196223999,1490976196651032,1490976196769763,0,0,666,1448,1652,16510,0,67,31380.5,241435,57224.6,3274655232.0,3.4,"33996,35089,2227,37919,5059,483,236,42863,280,131,30800,68825,38426,227149,241435,50068,58385,55537,3754,2000,4418,1636,659,7796,67,79,9049,341,3084,756,10250",52,620.4,1500,578.4,334504.2,4.3,"60,60,52,246,52,1500,1500,618,52,52,52,178,103,718,718,103,64,52,1096,427,256,815,905,441,1500,177,557,1500,1500,1500,1500,1500","6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,2,0,1,0,0,1,0,0,0,0,1,1,0,0,1,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0","0,1,0,0,1,1,1,1,0,0,0,0,1,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","4.672595501,5.240227222,5.056022644,5.370272160,5.154164791,6.988568306,7.250431538,7.681571960,5.014835835,5.094483852,5.094484329,6.573484898,6.064765453,7.685264111,7.690067768,6.064765930,5.061889172,5.154164791,7.838786125,7.447540760,7.087004662,7.738961697,7.760296345,7.499400616,7.878207684,6.822522163,7.598652363,7.869508743,7.877407074,7.877415180,7.877339363,7.877696514",TLS.Amazon,91.178,1,Acceptable,Web,6,DPI,"15,24"
 1,ip4,172.16.42.216,52.84.62.115,tcp,41914,443,info,18,14,1490976195985305,1490976196879161,1490976196866304,0,0,1285,1448,5470,9856,0,50,57253.4,264056,85984.0,7393244160.0,3.6,"22841,23998,943,22793,6583,564,615,276,39690,124,146,157,6771,37572,46160,226745,213104,3861,222252,264056,50,55344,103406,128,10396,183950,242536,953,71,38628,142",52,532.2,1500,595.2,354289.1,4.1,"60,60,52,271,52,1500,1500,1500,750,52,52,52,52,178,310,1337,310,64,1337,1337,930,86,86,52,52,64,1322,1500,1500,508,52,52","12,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,0,0,0,0,0,0","2,2,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,0,0,0,1,1,1,0,0,0,0,1,1,1,0,0","4.705928802,5.306893826,5.094483852,5.740943432,5.077241898,7.061615944,7.289163589,7.495290279,7.599352837,5.094483852,5.017560482,5.094483852,5.017560482,6.445491791,7.218114853,7.854625702,7.211663246,5.042434692,7.851956367,7.855620384,7.792708397,5.812836647,5.812836647,5.056022167,5.132945538,5.093139648,7.841275692,7.859713554,7.867431164,7.510861874,5.094483852,5.094483852",,,,,,,,""
 1,ip4,172.16.42.216,54.239.23.94,tcp,44912,443,info,18,14,1490976186884448,1490976195471370,1490976197346218,0,0,1460,1460,10437,5046,0,32,614473.9,7470598,1477715.5,2183643136000.0,2.8,"168457,171158,1511,108893,4406,1671,697,112679,290,4146,167,6217,127,10389,13091,1079,255,290409,42,32,60,299358,743,529311,1065924,2114234,3665356,7470598,595200,595070,1817122",40,526.2,1500,637.5,406420.1,3.9,"60,48,40,267,46,46,1500,1500,40,40,1500,655,40,40,166,1500,1424,360,46,46,91,46,40,1424,1424,1424,1424,40,46,1424,46,46","8,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,1,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,1,1","4.626680374,5.134761333,4.831686974,5.716956139,4.609350204,4.505982876,7.141723156,7.316176414,4.831687450,4.812815189,7.392494678,7.608505726,4.881687164,4.831687450,6.348018646,7.864303589,7.858262062,7.260771751,4.390829086,4.347350597,5.864610672,4.390829086,4.684184074,7.859017372,7.859235764,7.859332085,7.859507561,4.784183979,4.347350597,7.859881401,4.457920074,4.501398087",,,,,,,,""
diff --git a/test/results/flow-analyse/lru_ipv6_caches.pcapng.out b/test/results/flow-analyse/lru_ipv6_caches.pcapng.out
new file mode 100644
index 000000000..bab73746f
--- /dev/null
+++ b/test/results/flow-analyse/lru_ipv6_caches.pcapng.out
@@ -0,0 +1 @@
+flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks
diff --git a/test/results/flow-analyse/netflix.pcap.out b/test/results/flow-analyse/netflix.pcap.out
index cdcc3b882..c32b6f49c 100644
--- a/test/results/flow-analyse/netflix.pcap.out
+++ b/test/results/flow-analyse/netflix.pcap.out
@@ -2,7 +2,6 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_
 1,ip4,192.168.1.7,54.69.204.241,tcp,53105,443,finished,18,14,1484319032888907,1484319033506287,1484319033504279,0,0,356,1448,1665,5139,0,72,39766.2,363670,81851.3,6699630080.0,3.2,"46025,48575,597,54003,1611,989,54938,11050,13463,9437,301,377,58747,4648,50832,1878,237,59545,562,62143,8477,4734,310931,590,363670,5842,131,72,58058,152,137",52,265.2,1500,396.8,157454.8,3.9,"64,60,52,260,52,1500,1500,52,215,52,127,58,97,52,103,52,408,362,52,992,52,112,52,408,361,52,992,107,86,52,52,52","11,1,1,0,0,0,1,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,0,1,0,0,0,1,1,1,1,0,0,0","4.566831589,5.323234081,5.131024837,5.723237514,5.246409416,7.251158237,7.324303627,5.131024837,6.880544662,5.169486523,6.374709129,5.113821983,6.051860332,5.246409416,5.890006065,5.169486523,7.472100735,7.415780067,5.176993370,7.832669258,5.131024837,6.117320061,5.131024361,7.427300930,7.397639751,5.246409416,7.802502632,6.080207348,5.833016396,5.207947731,5.207947731,5.131024361",TLS.NetFlix,91.133,1,Fun,Video,6,DPI,""
 1,ip4,192.168.1.7,52.32.196.36,tcp,53116,443,info,17,15,1484319032986624,1484319033498318,1484319033554363,0,0,1448,1448,4381,7721,0,191,34820.4,199917,47580.3,2263883008.0,3.8,"45497,51828,277,66352,510,13769,75518,25611,26489,15622,271,195,60990,421,44123,5113,191,57731,67780,234,2712,130987,13830,8367,10032,8058,2353,2270,141147,1238,199917",52,430.8,1500,557.4,310647.7,4.0,"64,60,52,284,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,728,52,1500,415,1500,52,1116,52,261,52,101,52,1436,567,52","10,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0","5,2,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,1,0,1,0,1,0,1,0,0,0,1","4.598081589,5.335815907,5.169486523,5.856084347,5.169486523,7.248301983,7.321610928,5.246409893,7.068851471,5.132945538,6.268332958,5.113822460,5.960739613,5.092563629,6.027123928,5.207948208,7.879599094,7.736606598,5.169486523,7.866442680,7.495402336,7.875605583,5.207948208,7.821874619,5.092563152,7.123493671,5.131024837,6.085196495,5.169486523,7.864480019,7.601682663,5.169486523",,,,,,,,""
 1,ip4,192.168.1.7,52.89.39.139,tcp,53133,443,info,16,16,1484319035080111,1484319035720714,1484319035719060,0,0,1448,1448,2402,12882,0,143,41275.9,350146,77246.2,5966969856.0,3.5,"50833,52103,3892,68860,549,14675,80527,16948,16635,16128,355,222,66675,773,50716,3176,284,61420,291182,143,350146,11846,12750,24110,12460,12309,13854,13662,2679,13302,16338",52,530.2,1500,630.5,397553.6,4.0,"64,60,52,260,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,672,52,1500,1500,52,1500,1402,52,1500,52,237,52,1500,1019,52","11,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","4,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,7,0,0","0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0","4.598081589,5.235815525,5.131024837,6.023412704,5.154969215,7.255973339,7.303249359,5.092563152,7.001137733,5.056022167,6.255658627,5.007929802,6.001976490,5.169486523,5.942530632,5.054101467,7.891292572,7.683557510,5.169486523,7.859122753,7.883965492,5.131024837,7.876591682,7.866814137,5.092563152,7.900776386,4.979098797,7.052536488,5.054101467,7.870380402,7.793371201,5.131024361",,,,,,,,""
-1,ip4,192.168.1.7,104.86.97.179,tcp,53141,443,finished,21,11,1484319036854344,1484319036983563,1484319036982334,0,0,227,1448,1128,5359,0,142,8297.1,40245,10476.7,109761248.0,3.9,"11378,14427,1674,21129,2857,316,24018,10358,7406,16914,385,833,30795,4734,18083,26013,249,318,147,231,142,435,4518,193,40245,7107,5353,4161,461,364,1965",52,255.3,1500,414.2,171525.6,3.9,"64,60,52,279,52,1500,1500,52,570,52,127,58,97,52,103,52,105,102,94,200,141,141,141,141,140,120,52,90,90,392,1500,52","8,5,6,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,2,1,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0","4.555036545,5.323234081,5.207947731,5.708015442,5.315825462,7.096366405,7.275357246,5.207947731,7.575589180,5.169486046,6.308334827,5.148305416,5.977168083,5.315825462,5.945915222,5.169486046,6.131762028,6.032381535,6.018351078,6.868569851,6.437176704,6.436284542,6.462777138,6.552643299,6.572731972,6.440443993,5.193430901,5.968302250,5.976224422,7.489761353,7.869163990,5.284871101",TLS.NetFlix,91.133,1,Fun,Video,6,DPI,""
 1,ip4,192.168.1.7,52.89.39.139,tcp,53132,443,info,17,15,1484319035079531,1484319042786338,1484319042922798,0,0,1448,1448,4576,5220,0,147,501615.3,7507819,1826252.6,3335198867456.0,1.4,"49499,50871,4368,54319,2439,996,53513,42973,42827,12725,273,205,57417,5098,49336,4198,388,49955,75766,32147,2030,911,5107,4712,147,7402221,150,7507819,929,35745,990",52,358.8,1500,520.7,271128.8,3.8,"64,60,52,260,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,661,52,52,184,96,86,52,52,52,1500,789,52,52,1500,474","10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","6,3,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,0,1,1,1,0,0,0,0,0,1,1,1,1","4.566831589,5.335815907,5.094483852,6.025682926,5.169486523,7.256491661,7.325493813,5.092563152,7.129077435,5.092563152,6.393805504,5.100806713,6.014647961,5.169486523,5.965332508,5.169486523,7.872792244,7.651345730,5.207947731,5.207948208,6.796521664,6.094137192,5.926040173,5.169486523,5.207948208,5.169486046,7.868273258,7.747731686,5.169486046,5.169486523,7.861037254,7.536938190",,,,,,,,""
 1,ip4,192.168.1.7,184.25.204.25,tcp,53149,80,finished,7,25,1484319043013015,1484319044532732,1484319044504314,0,0,245,1448,245,33304,0,6882,97129.5,1300093,229777.6,52797755392.0,3.4,"22705,29125,36813,70338,13255,32378,25989,101810,6882,28009,25233,44994,56409,27146,27165,53793,54320,26078,52109,80662,53766,398536,54325,39942,109640,40469,26128,51507,108074,13323,1300093",52,1101.9,1500,637.7,406609.6,4.6,"64,60,52,297,52,1500,1500,1500,52,52,1500,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,80","6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0","0,1,0,0,1,1,1,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0","4.538909912,5.312702179,5.079966545,5.942044735,5.308815479,7.330718994,7.743900776,7.712044239,5.233813286,5.000318527,7.842275620,7.821234226,5.156889915,7.816409111,7.847937107,7.841120243,7.664994240,7.793088913,7.822535038,7.766201496,7.754564285,7.803048134,7.810695171,7.784301758,7.848053455,7.850491524,7.814136028,7.845249176,7.833446503,7.828612804,7.832110882,5.393421650",HTTP.NetFlix,7.133,0,Fun,Video,6,DPI,""
 1,ip4,192.168.1.7,54.201.191.132,tcp,53151,80,finished,12,20,1484319048780859,1484319049236027,1484319049229808,0,0,1448,1448,2612,21687,0,193,29165.1,187154,42322.7,1791214592.0,4.0,"44122,45598,3902,10660,193,60003,5736,990,135055,302,187154,5655,5706,13881,14022,13277,14383,27821,13324,13128,9212,13280,22521,13399,39251,13309,13303,13855,13324,13288,124463",52,812.3,1500,674.9,455511.9,4.4,"64,60,52,365,1500,903,52,52,52,714,1500,52,1500,52,1500,52,1500,1500,52,1012,52,1500,1293,52,1500,1500,1500,1500,1500,1500,1500,64","9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,13,0,0","0,1,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,0","4.538909912,5.279368401,5.156889915,5.705281258,5.964499474,6.056532860,5.272274971,5.272274494,5.310736179,6.005652428,5.696421623,5.094483852,6.091891766,5.233812809,5.866946220,5.038780212,5.796521664,5.782927513,5.195351601,5.831374168,5.233812809,5.802160263,5.817751884,5.195351124,5.813166142,5.771504402,5.781269550,5.780963898,5.817500591,5.785477638,5.779314995,5.163660049",HTTP.NetFlix,7.133,0,Fun,Video,6,DPI,""
@@ -10,7 +9,6 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_
 1,ip4,192.168.1.7,23.246.11.145,tcp,53163,80,finished,11,21,1484319050652467,1484319051912595,1484319051940613,0,0,356,1448,356,28027,0,3794,82202.4,651024,153564.6,23582076928.0,3.6,"24769,26290,3794,42485,4828,43771,27157,40474,69366,43854,44827,78254,38808,79815,102619,28781,14718,354324,85041,14066,12423,12747,651024,22850,582496,8619,27490,16417,16392,14698,15077",52,940.8,1500,683.5,467159.1,4.5,"64,60,52,408,567,1500,52,1500,1500,52,1500,52,1500,1500,1500,1500,1500,1500,80,1500,1500,1500,1500,64,52,1500,1500,52,1500,52,1500,1500","10,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0","0,1,0,0,1,1,0,1,1,0,1,0,1,1,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,0,1,1","4.550704956,5.312702179,5.103910923,6.388577938,5.862974167,3.576230049,5.195351124,2.528419971,2.540967226,5.077241421,2.547356844,5.115703106,2.543488026,2.552008152,2.558917999,3.816826105,3.805565357,3.816280365,5.256690979,3.890866995,3.462315798,3.461706400,3.458227158,5.071470261,5.154164314,3.470844507,3.517976761,5.154164314,3.546975851,4.955154419,3.560742617,3.579237461",HTTP,7,0,Acceptable,Web,6,DPI,"12"
 1,ip4,192.168.1.7,23.246.10.139,tcp,53164,80,finished,13,19,1484319052216458,1484319053577715,1484319053589492,0,0,356,1448,356,25132,0,1043,88202.9,638852,151898.7,23073200128.0,3.7,"18792,21375,5144,35741,1043,5439,35508,13242,13983,20324,20435,13235,116191,170244,28107,56564,51631,31663,27571,12760,327583,131379,638852,579987,19881,15021,30035,13582,42286,118688,118005",52,851.9,1500,697.4,486427.5,4.4,"64,60,52,408,568,1500,1500,52,1500,52,1500,52,1500,52,1500,1500,1500,1500,1500,1500,1500,80,1500,80,1500,72,1500,64,52,1500,52,1500","12,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0","0,1,0,0,1,1,1,0,1,0,1,0,1,0,1,1,1,1,1,1,1,0,1,0,1,0,1,0,0,1,0,1","4.451259136,5.200120449,5.003043175,6.363925457,5.826877117,3.573564768,2.540809155,5.079966545,2.553215742,4.950064659,2.546205282,4.961856842,2.557531357,4.985801220,2.554388523,2.558952808,3.302551985,3.777240515,3.820478201,3.802512646,3.817392588,5.302858829,3.877096891,5.277858257,3.521096945,5.267232895,3.547756672,5.124750137,4.947339535,3.545200109,4.894361019,3.575657606",HTTP,7,0,Acceptable,Web,6,DPI,"12"
 1,ip4,192.168.1.7,23.246.3.140,tcp,53171,80,finished,10,22,1484319054101585,1484319054294236,1484319054480080,0,0,354,1448,354,29479,0,2187,18424.1,44333,10032.7,100655136.0,4.7,"30791,32492,5528,44333,2187,41107,2921,12763,15575,14938,14982,12802,12713,26425,12767,11943,13284,17180,31033,13321,13566,25571,14329,13905,26660,13805,13288,27210,13255,13305,27167",52,984.9,1500,672.7,452466.1,4.5,"64,60,52,406,571,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500","9,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0","0,1,0,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,1,1,1,1,1,1,1,1","4.527114868,5.266787052,5.118428230,6.362258911,5.831311226,3.571949720,5.233812809,2.540643215,2.558721066,5.195351124,2.550262213,5.038779736,2.557194710,2.582848072,5.195351124,2.547422886,5.038780212,2.553757429,2.570932388,5.195351124,2.541049719,5.115703106,3.780845165,3.769821644,3.779848337,3.819229603,3.784283876,3.803048134,3.786687374,3.790169001,3.883657932,3.464622736",HTTP,7,0,Acceptable,Web,6,DPI,"12"
-1,ip4,192.168.1.7,184.25.204.24,tcp,53153,80,finished,18,14,1484319049672494,1484319054604684,1484319054632485,0,0,216,1448,216,17376,0,2986,319102.6,4093620,811857.0,659111739392.0,2.8,"24907,27714,2986,28468,27857,27840,80258,56838,56993,49295,90365,82473,40903,66540,53920,192092,80506,134732,711253,22984,31289,47833,1645394,40376,54849,160828,1864439,25699,40451,28479,4093620",52,611.1,1500,689.4,475329.8,4.0,"64,60,52,268,52,1500,1500,52,1500,52,1500,64,1500,1500,1500,1500,1500,1500,1500,80,80,80,80,80,80,80,80,72,64,64,52,1500","17,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0","0,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1","4.570159912,5.312702179,5.132945538,5.890671253,5.308815479,5.345861435,5.004974365,5.272274494,6.923064709,5.053297043,7.872980118,5.163660049,7.695485115,7.810632706,7.851381779,7.826048851,7.839385986,7.837315559,7.867424488,5.267898560,5.317898273,5.317898273,5.283462048,5.393421650,5.418421745,5.418421268,5.387294292,5.247972012,5.216578960,5.247828960,5.156889915,7.848117828",HTTP.NetFlix,7.133,0,Fun,Video,6,DPI,"25"
 1,ip4,192.168.1.7,23.246.11.141,tcp,53180,80,finished,21,11,1484319056241489,1484319059351882,1484319059371795,0,0,360,1448,360,13550,0,394,201312.9,2097549,403399.4,162731114496.0,3.6,"61813,72267,473,134860,394,125851,1162295,73601,899,212949,11519,409208,101075,1892,70852,2097549,79500,52131,129820,120649,42895,59919,67076,69354,174355,284029,29385,65003,252681,150502,125903",52,493.7,1500,638.1,407212.3,3.9,"64,60,52,412,570,1500,52,80,80,80,80,80,80,64,64,52,1500,52,1500,52,1500,1500,52,1500,52,1500,64,52,52,1500,52,1500","20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,1,0,1,0,0,0,1,0,1","4.601409912,5.346035957,5.041505337,6.346901894,5.793770790,4.440931797,5.065449238,5.202858448,5.202857018,5.262294292,5.341651440,5.366651535,5.317899227,5.165874004,5.228374004,5.195351601,4.782721043,5.156889915,4.790072441,5.101186275,4.825405598,4.817777157,5.233812809,4.752513409,5.024262905,4.806689262,5.165874004,5.195351124,5.195351124,4.632717133,5.024262905,4.635102272",HTTP,7,0,Acceptable,Web,6,DPI,"12"
 1,ip4,192.168.1.7,23.246.11.141,tcp,53177,80,finished,20,12,1484319056233255,1484319060551613,1484319060618267,0,0,360,1448,360,13563,0,135,280753.9,1046959,300914.6,90549583872.0,4.2,"43730,45845,23628,124789,4917,111637,635898,176069,176,135,41643,37401,940199,857,45449,434520,483806,1046959,74656,202356,418896,472205,955340,169880,525271,694311,167240,252312,98045,326303,148897",52,490.1,1500,638.9,408170.9,3.9,"64,60,52,412,571,1500,52,72,72,64,64,64,52,88,1476,52,52,52,1500,1500,52,52,52,1500,52,52,1500,52,1500,1500,52,1500","19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,8,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,0,1,1,0,1","4.527114868,5.312702179,5.003043652,6.355251789,5.803568363,4.440690517,5.118427753,5.277718067,5.249940395,5.146419048,5.208919048,5.134624004,5.056021690,4.908463001,4.253908634,5.156889915,5.156889439,5.118427753,4.918218613,4.902011871,5.000318050,5.118427753,5.118427753,4.876659870,4.985801220,5.017560482,4.758782864,4.961856365,4.610503674,4.658255100,5.118427753,4.789437294",HTTP,7,0,Acceptable,Web,6,DPI,"12"
 1,ip4,192.168.1.7,23.246.11.141,tcp,53175,80,finished,20,12,1484319056221799,1484319060594060,1484319060664663,0,0,357,1448,357,14998,0,569,284358.9,1636184,362564.9,131453321216.0,4.0,"16087,19422,23622,88585,4002,82236,1105315,26930,21843,19608,569,13093,381586,1636184,66410,119030,421421,408128,882662,90167,143374,490378,519431,92259,120978,487097,597701,217631,227512,270000,221864",52,536.6,1500,657.9,432827.8,3.9,"64,60,52,409,570,1500,52,72,72,72,64,64,64,64,1500,1500,52,64,52,1500,1500,52,52,1500,1500,52,52,1500,52,1500,64,1500","19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1","4.538909912,5.333454132,5.142372608,6.390935421,5.823237419,4.453172207,5.118427753,5.333272934,5.385473251,5.387441158,5.216578960,5.208919048,5.216578960,5.228374004,3.805912256,4.418298721,5.156889915,5.072124004,5.233813286,4.401393414,4.419836998,5.233812809,5.195351124,4.383244514,4.387027740,5.233812809,5.209868431,4.311857224,5.000318527,4.386717796,5.240169048,4.585660934",HTTP,7,0,Acceptable,Web,6,DPI,"12"
@@ -29,8 +27,6 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_
 1,ip4,192.168.1.7,52.37.36.252,tcp,53203,443,info,22,10,1484319064711690,1484319065635020,1484319065630720,0,0,1448,1448,19082,3110,0,105,59431.0,332646,83335.9,6944879104.0,3.8,"69450,70962,2650,55568,49103,64385,167918,331939,332646,26549,653,732,87677,534,60709,8817,7117,449,81078,62803,767,160,105,68135,67101,803,163,105,111161,109572,2549",52,746.1,1500,703.8,495333.0,4.2,"64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1403,1500,1500,52,1500,1500,1500,1500,52,1500,1500,1500,1500,52,1500,1500","6,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,12,0,0","6,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0","4.578626633,5.323234081,5.169486046,5.810972691,5.131024837,7.231025219,7.326107502,5.154969215,6.940334797,5.169486523,6.230382919,5.079339504,6.149899960,5.207948208,5.992234230,5.193430901,7.859437466,7.874912739,7.853219032,5.207947731,7.901949883,7.848706245,7.875315189,7.851129055,5.207947731,7.874441147,7.863263607,7.860793114,7.870314598,5.207947731,7.870880127,7.866354465",,,,,,,,""
 1,ip4,192.168.1.7,23.246.11.141,tcp,53184,80,finished,16,16,1484319064593980,1484319066015206,1484319066064571,0,0,515,1448,1024,19133,0,2593,93284.4,471964,119313.2,14235634688.0,4.1,"26070,27491,2593,46530,5363,49411,29634,29502,8466,38422,5397,39840,38400,39693,140326,138333,356578,206910,471964,29274,417442,40849,81521,44012,43364,83015,187750,28619,25160,184386,25502",52,684.8,1500,659.1,434476.8,4.2,"64,60,52,561,621,1500,52,663,52,567,629,1500,52,1500,52,1500,1500,80,1500,64,52,1500,1500,52,1500,52,1500,72,64,52,1500,1500","14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0","0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1,1,0,1,0,1,0,0,0,1,1","4.570159912,5.266787052,5.065449715,6.275901794,5.797811985,4.453124046,5.118428230,4.223619461,5.089393616,6.289565086,5.782683849,3.849286318,5.103911400,6.893377781,5.000318050,7.605064869,7.871351719,5.248013020,7.860187054,5.187250137,5.077241421,7.867404461,7.859804153,5.065449238,7.885848045,5.000318527,7.863960743,5.267232895,5.115169048,5.079966545,7.857268333,7.882204533",HTTP,7,0,Acceptable,Web,6,DPI,"12"
 1,ip4,192.168.1.7,23.246.3.140,tcp,53183,80,finished,17,15,1484319064590230,1484319066598421,1484319065741809,0,0,512,1448,1017,17969,0,5292,101928.1,730898,155663.8,24231225344.0,4.0,"30477,31515,13216,64005,5292,56409,6142,68156,5406,71534,109518,202677,164827,560321,47319,78954,279545,27696,94465,26601,26144,15824,70512,85885,39451,39774,41592,84438,730898,41457,39720",52,648.3,1500,653.4,426995.3,4.2,"64,60,52,557,618,951,52,564,628,1500,52,1500,1500,1500,72,64,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,64,72,64,52","15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0","0,1,0,0,1,1,0,0,1,1,0,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,0,1,0,0,0,0","4.476409912,5.212701797,5.156889915,6.230133057,5.778679371,3.867035151,5.079966545,6.195135117,5.745929718,3.167200804,5.094483852,7.856627464,7.824065208,7.816611290,5.331886292,5.165874004,5.118428230,7.781126976,7.831735134,5.118428230,7.778219700,4.961856365,5.882567406,7.827349663,5.103910923,7.794489861,4.961856365,7.814080238,4.958919048,5.244518280,5.083919048,5.079966545",HTTP,7,0,Acceptable,Web,6,DPI,"12"
-1,ip4,192.168.1.7,23.246.11.133,tcp,53210,80,finished,14,18,1484319070636683,1484319072360005,1484319072357645,0,0,515,1448,1024,21986,0,3710,111105.9,530041,160200.4,25664157696.0,3.9,"18406,19875,3710,28859,18073,45753,41559,39617,18474,45294,5405,31729,29350,29485,41132,41119,82225,87690,42083,64319,51529,299907,159779,515651,435957,526591,530041,39964,69880,40403,40425",52,772.9,1500,666.8,444580.8,4.3,"64,60,52,561,620,1500,52,621,52,567,629,1500,52,1500,52,1500,1500,52,1500,1500,1500,1500,80,1500,64,1500,52,1500,1500,52,1500,52","12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0","0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,1,1,1,0,1,0,1,0,1,1,0,1,0","4.488204956,5.300120354,5.156889915,6.256848335,5.804110050,4.454978466,5.233812809,4.247903824,5.156889915,6.243398190,5.778408527,3.438887596,5.156889915,7.007576466,5.077241421,6.349354744,3.910008192,5.103911400,7.877290249,7.845316887,7.839955807,7.878695488,5.416651249,7.863180637,5.208919048,7.866981983,5.156889915,7.868912697,7.868783951,5.233812809,7.847263813,5.077241421",HTTP,7,0,Acceptable,Web,6,DPI,"12"
-1,ip4,192.168.1.7,23.246.11.141,tcp,53217,80,finished,13,19,1484319091296070,1484319091784359,1484319091750098,0,0,518,1448,1027,23476,0,186,30397.3,286066,49910.1,2491019008.0,4.0,"13013,14780,4042,30273,839,3652,30261,186,16542,35559,2040,21479,3192,3317,13322,13300,26482,13309,13526,13848,42739,56409,14727,15199,71007,25498,25497,25504,51553,55156,286066",52,819.0,1500,665.8,443241.7,4.4,"64,60,52,561,620,1500,663,52,52,570,629,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,1500,1500,1500,1500,72","11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0","0,1,0,0,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,1,1,1,1,0","4.538909912,5.333454132,5.156889439,6.262038231,5.768496513,4.449262142,4.226318359,5.012470722,5.065449238,6.248849392,5.763326645,4.335525513,5.142372608,7.149711609,4.961856842,7.863347054,7.873285294,5.156889915,7.863232136,5.000318050,7.860691547,7.874946594,5.195351124,7.870134830,5.038779736,7.881839275,7.859775066,7.865787983,7.856745243,7.858184338,7.871532917,5.415219307",HTTP,7,0,Acceptable,Web,6,DPI,"12"
 1,ip4,192.168.1.7,52.41.30.5,tcp,53249,443,finished,16,16,1484319117826887,1484319118140455,1484319118145946,0,0,1448,1448,2205,9578,0,140,20407.3,141407,28956.2,838464256.0,3.9,"52701,54230,4655,50068,892,45987,1145,402,2281,621,48897,36085,58570,140,1031,141407,13303,12185,4698,8739,8491,4498,3692,4536,12375,12816,15153,13884,6123,6182,6840",52,420.8,1500,506.4,256458.0,4.1,"64,60,52,260,52,197,52,58,97,1500,550,52,52,1500,213,1500,52,545,52,991,52,425,52,1292,52,1392,52,646,52,794,52,707","12,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","4,0,0,0,1,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,2,0,0","0,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.494096756,5.269149303,5.100070000,6.003353119,5.215455055,6.547097206,5.138531685,5.182787418,6.044509888,7.866807461,7.609665394,5.140452385,5.215455055,7.873748302,6.994494438,7.847311020,5.138531685,7.632858276,5.138531685,7.760740280,5.176993370,7.540992260,5.061608315,7.843688965,5.176993370,7.880697250,5.138531685,7.689140797,5.100070000,7.779115677,5.138531685,7.737319469",TLS.NetFlix,91.133,1,Fun,Video,6,DPI,"15"
 1,ip4,192.168.1.7,52.41.30.5,tcp,53239,443,info,17,15,1484319117605859,1484319118414034,1484319118767393,0,0,1448,1448,4896,7589,0,95,63539.0,500942,121518.7,14766798848.0,3.3,"58292,61223,1798,70566,2939,1016,71265,11570,12325,13054,147,95,65707,781,52265,3649,191,91649,51753,301,140150,3732,3446,3903,5462,6438,5030,437212,863,500942,291945",52,442.8,1500,552.3,305076.8,4.0,"64,60,52,569,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,789,52,1500,476,52,448,52,751,52,86,52,1500,672,52,1500","10,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","5,2,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,0,1,0,1,0,1,0,0,0,1,1","4.586286545,5.335815430,5.169486523,4.098951340,5.025067329,7.251211166,7.301212311,5.207947731,7.012731075,5.246409416,6.273766041,5.113821983,5.990005016,5.132945538,5.992234230,5.246409893,7.870625973,7.755266190,5.171407223,7.853860855,7.522392750,5.169486046,7.574260712,5.131024361,7.742949009,5.207947731,5.956426620,5.207947731,7.856410503,7.668289185,5.038780212,7.883280277",,,,,,,,""
 1,ip4,192.168.1.7,184.25.204.10,tcp,53252,80,finished,6,26,1484319118658049,1484319118854817,1484319119584735,0,0,245,1448,245,34752,0,508,36240.5,99830,21554.2,464585632.0,4.7,"16679,17740,11985,38478,508,12702,40101,27115,27112,58536,99830,81106,33879,23672,53768,53762,65076,48010,65429,13865,30914,13324,28733,40448,54528,28786,29443,29431,27518,25487,25489",52,1146.7,1500,613.3,376142.5,4.7,"64,60,52,297,52,1500,1500,52,1500,52,1500,64,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500","5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0","0,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","4.495864868,5.233453751,5.156889915,5.883365631,5.270353794,7.005603790,7.481070995,5.118428230,7.677317619,5.077241421,7.654481411,5.151865005,7.832942486,7.813632965,7.788673401,7.782803535,7.834435940,7.821334362,7.827250957,7.843655586,7.828696728,7.842951298,7.865435123,7.847778320,7.855163097,7.835734844,7.856423378,7.842322826,7.854029179,7.863353252,7.834544182,7.849704266",HTTP.NetFlix,7.133,0,Fun,Video,6,DPI,""
diff --git a/test/results/flow-analyse/pinterest.pcap.out b/test/results/flow-analyse/pinterest.pcap.out
index 8f6678392..dd7cab743 100644
--- a/test/results/flow-analyse/pinterest.pcap.out
+++ b/test/results/flow-analyse/pinterest.pcap.out
@@ -5,7 +5,6 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_
 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2600:1901::7a0b::,tcp,47032,443,finished,18,14,1605289714558209,1605289714795031,1605289714793606,0,0,517,1208,1778,5802,0,0,15232.9,132689,29577.9,874849472.0,3.1,"23500,23520,222,32278,1902,1,0,33966,35,25,324,0,242,8,1731,75,102,35078,5741,3731,0,1,42641,14,135,39228,93613,132689,1225,118,74",72,309.4,1280,401.1,160869.7,4.1,"80,80,72,589,72,1280,1280,1280,72,72,72,1280,173,72,72,136,164,451,72,72,652,103,72,72,72,103,72,330,72,111,229,571","11,1,2,0,1,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0","4.656593323,5.123788357,5.017778397,4.494572163,4.850525856,7.806178570,7.820445061,7.825618267,4.990000248,4.985159874,5.017777920,7.793226242,6.582598209,5.045556068,5.045556068,6.051473618,6.341272354,7.424715996,4.850525856,4.812263489,7.613498688,5.540113449,4.850525856,5.073333740,5.073333740,5.737332821,4.822747707,7.185048103,5.017778397,5.884420395,6.843392372,7.591670513",TLS,91,1,Safe,Web,6,DPI,""
 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:7854,tcp,33280,443,info,16,16,1605289714658043,1605289714873020,1605289714873010,0,0,517,1048,1043,6264,0,0,13869.2,89623,22425.8,502918720.0,3.3,"39835,39893,388,39880,1850,1,41296,35,60,0,18,4,565,0,563,29,2922,2605,564,39805,119,1086,1924,0,36819,15,203,49740,40102,0,89623",72,300.8,1120,374.8,140490.0,4.1,"80,80,72,589,72,1120,1120,72,72,1120,1120,72,72,1120,154,72,72,165,171,368,72,72,72,330,138,72,72,110,72,516,246,72","11,1,1,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,2,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0","4.759509563,5.142373085,5.117740154,4.564804554,4.953123093,6.789499283,4.442035198,5.175263882,5.103079796,6.610801220,7.126421452,5.203041553,5.203041553,7.603042603,6.151700974,5.175263882,5.175263882,6.101224422,6.300935745,7.262635231,4.980900764,5.036456108,4.980900764,7.043718815,6.196548939,5.175263882,5.175263882,5.631328106,5.036456108,7.479037762,6.852047443,5.230819225",,,,,,,,""
 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a04:4e42:1d::720,tcp,57050,443,info,16,16,1605289714782619,1605289714902517,1605289714903070,0,0,517,1388,1077,12561,0,0,7753.2,50337,15382.7,236626480.0,2.9,"50290,50337,220,31719,3102,0,34561,13,675,659,1179,1,1182,11,2643,116,155,32346,0,0,0,1,29460,6,548,1,0,514,15,6,589",72,498.7,1460,595.9,355070.7,4.0,"80,80,72,589,72,1460,1460,72,72,1460,72,1460,1205,72,72,165,171,440,72,72,72,330,138,72,72,1460,1460,1460,72,72,72,1460","12,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,8,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,1,1,1,0,0,0,1","4.703702927,5.136080265,5.124309540,4.545345783,5.017591953,6.717867374,4.853471756,5.096531868,5.124309540,7.395221710,5.124309540,7.321218014,7.643990993,5.124309540,5.152087212,5.949683189,6.333797455,7.364598274,5.017591953,5.017591953,4.989814281,7.067564487,6.163845539,5.152087212,5.124309540,7.852941513,7.865815639,7.871354580,5.096531868,5.124309540,5.053668499,7.834792614",,,,,,,,""
-1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:816::2003,tcp,51582,443,finished,16,16,1605289715133578,1605289715335705,1605289715335669,0,0,517,1208,987,9735,0,0,13039.3,76867,25126.2,631323968.0,2.8,"76818,76867,1845,47286,29961,0,0,75361,6,2,2110,577,1618,47934,0,0,88,0,1,0,1,1,1,0,43713,12,4,2,3,3,4",72,407.6,1280,486.0,236213.0,4.1,"80,80,72,589,72,1280,1280,342,72,72,72,136,164,386,72,72,72,652,103,470,1280,1280,1280,1280,1280,72,72,72,72,72,72,72","12,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0","4.791396141,5.261173248,5.175122738,4.488063812,5.118321419,7.805737019,7.818699837,7.306349754,5.164638519,5.175123215,5.175123215,6.012620926,6.475091934,7.352373600,5.107836723,5.135614395,5.163392067,7.573746204,5.684781551,7.517905235,7.836332798,7.835289955,7.831481934,7.851193428,7.838675499,5.164638519,5.126376152,5.230678558,5.185607433,5.230678558,5.175123215,5.230678558",TLS.Google,91.126,1,Acceptable,Web,6,DPI,""
 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:806::200e,tcp,54416,443,finished,16,16,1605289715221747,1605289715430506,1605289715430565,0,0,517,1208,965,10223,0,0,13470.2,79486,22212.4,493390560.0,3.3,"51607,51735,639,27991,20462,0,1,47699,14,8,3349,184,136,69956,1,28,13172,79486,329,8681,8388,16746,3,2,2,16717,40,14,21,164,2",72,422.1,1280,496.1,246097.6,4.1,"80,80,72,589,72,1280,1280,312,72,72,72,136,164,333,72,72,72,652,72,103,103,72,988,1280,1280,1280,72,72,72,72,1280,1280","12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,1,1,1,0,0,0,0,1,1","4.905388832,5.201737404,5.194384098,4.447809696,5.069574356,7.796703339,7.816472054,7.245393753,5.222161770,5.194384098,5.194384098,6.221469402,6.666475773,7.225831985,5.059089661,5.086867332,5.097352028,7.629415512,5.222161770,5.833802700,5.730946064,5.211677074,7.792719841,7.812408924,7.862325191,7.810635090,5.211677074,5.249939442,5.222161770,5.222161770,7.816607952,7.836236000",TLS.Google,91.126,1,Acceptable,Web,6,DPI,""
 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a03:2880:f030:13:face:b00c::3,tcp,51292,443,finished,18,14,1605289715274358,1605289715471680,1605289715427326,0,0,517,1380,1347,5004,0,0,11299.7,93180,21751.5,473125984.0,3.0,"26987,27077,236,32338,1,0,32042,17,3873,399,116,64739,93180,2,1,290,2,3,2,24343,46,12,9,157,3,2,82,23,41,4388,39879",72,271.0,1452,368.4,135732.3,4.1,"80,80,72,589,72,1452,979,72,72,136,164,330,330,72,72,72,251,152,116,653,72,72,72,72,483,1452,114,72,72,72,103,199","12,0,2,1,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0","0,1,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,1,1,0,0,0,0,0","5.086080074,5.358260632,5.421088219,4.582517624,5.325077534,7.824724197,7.800261974,5.487128258,5.459350586,6.217577457,6.494597435,7.339631081,7.344889641,5.269522190,5.231259823,5.286815166,7.021345615,6.361854553,5.947217464,7.648275852,5.393310547,5.421088219,5.393310547,5.448865891,7.531715393,7.878327370,6.086453915,5.448865891,5.421088219,5.365532398,5.884278774,6.731818199",TLS.Facebook,91.119,1,Fun,SocialNetwork,6,DPI,""
 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:805::2003,tcp,43562,443,finished,9,23,1605289716168715,1605289716199465,1605289716199511,0,0,158,1208,281,21058,1,0,1985.4,28590,6415.7,41161208.0,1.8,"202,23469,160,5107,2,28590,251,1,1,2,214,4,31,0,19,391,1,0,1,397,8,1304,0,0,1,0,1316,72,1,1,0",72,738.8,1280,578.2,334348.7,4.5,"230,195,72,72,263,1280,72,1280,1280,1280,1280,72,72,1280,1280,72,1280,1280,1280,1280,72,72,1280,1280,237,111,199,72,1280,1280,1280,1280","7,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0","0,0,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,1,1,1,0,0,1,1,1,1,1,0,1,1,1,1","6.948834896,6.675073147,5.125129700,5.125129700,6.977108479,7.855700493,5.182512760,7.824506283,7.846910477,7.827116013,7.838431835,5.116472721,5.137442112,7.839233875,7.849976540,5.154735088,7.852743149,7.835449219,7.826992035,7.859686375,5.182512760,5.182512760,7.806921482,7.824195862,6.883517742,5.810838699,6.706934929,5.109664440,7.833899021,7.836830139,7.838667870,7.830160618",TLS,91,1,Safe,Web,6,DPI,""
diff --git a/test/results/flow-analyse/quic-33.pcapng.out b/test/results/flow-analyse/quic-33.pcapng.out
index 622152ccd..bab73746f 100644
--- a/test/results/flow-analyse/quic-33.pcapng.out
+++ b/test/results/flow-analyse/quic-33.pcapng.out
@@ -1,2 +1 @@
 flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks
-1,ip6,::1,::1,udp,51430,4443,finished,9,23,1607938456563491,1607938456569390,1607938456569730,53,0,1440,1440,3531,26643,0,15,391.5,3446,792.0,627294.4,3.2,"2813,127,21,3446,599,267,22,367,71,407,38,1140,1379,530,25,290,50,285,35,19,16,16,16,16,15,17,16,46,17,16,16",101,990.9,1488,605.0,366070.2,4.6,"1280,1280,791,1488,101,103,195,103,1280,1280,359,1488,487,231,103,103,103,103,1488,1488,1488,1488,1488,1488,1488,1488,1488,1488,1488,1488,1488,1488","0,4,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0","0,3,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,15,0,0","0,1,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1","7.803868771,7.809453964,7.636795044,7.827753067,4.482279301,4.907669544,6.029671192,4.876163006,7.831148624,7.774451256,7.038985729,7.835481644,7.443472862,6.574716568,4.842088223,4.868834019,4.744999409,4.934416294,7.840272427,7.834603786,7.829602718,7.819114208,7.856932640,7.836608410,7.829055309,7.839015007,7.837625027,7.848807812,7.847033501,7.843163967,7.839411736,7.808558464",QUIC,188,1,Acceptable,Web,6,DPI,"5,24"
diff --git a/test/results/flow-analyse/quic-v2-01.pcapng.out b/test/results/flow-analyse/quic-v2-01.pcapng.out
index e9ced2aba..bab73746f 100644
--- a/test/results/flow-analyse/quic-v2-01.pcapng.out
+++ b/test/results/flow-analyse/quic-v2-01.pcapng.out
@@ -1,2 +1 @@
 flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks
-1,ip4,192.168.56.1,192.168.56.198,udp,34229,4443,finished,9,23,1643108746209343,1643108746213653,1643108746213782,55,0,1440,1440,3681,28445,0,3,282.2,2611,585.9,343297.1,3.2,"2220,34,85,2611,15,161,480,75,75,407,511,344,364,20,7,7,7,5,8,6,304,236,17,5,4,4,3,7,5,393,329",83,1031.9,1468,592.8,351417.0,4.7,"1280,1280,752,1468,431,1468,211,83,83,467,83,83,211,1468,1468,1468,1468,1468,1468,1468,1468,83,1468,1468,1468,1468,1468,1468,1468,1468,83,1468","0,4,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0","0,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,18,0,0","0,1,1,1,0,0,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,0,1","7.859164715,7.830483913,7.691216469,7.861833572,7.535028458,7.857851028,7.014661312,5.904921532,5.971303463,7.551024437,6.091784954,5.908110142,7.010611057,7.856127262,7.862607956,7.865868568,7.851809502,7.870316029,7.876718044,7.846899033,7.842083454,5.832632065,7.868857384,7.869379997,7.866369724,7.853280067,7.852721214,7.849537849,7.868902206,7.856405258,5.923110962,7.879580021",QUIC,188,1,Acceptable,Web,6,DPI,"5,24"
diff --git a/test/results/flow-analyse/quic_t51.pcap.out b/test/results/flow-analyse/quic_t51.pcap.out
index 2803d602d..bab73746f 100644
--- a/test/results/flow-analyse/quic_t51.pcap.out
+++ b/test/results/flow-analyse/quic_t51.pcap.out
@@ -1,2 +1 @@
 flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks
-1,ip4,187.227.136.152,211.247.147.90,udp,55356,443,finished,14,18,1598620434413428,1598620467988515,1598620467941031,33,0,1350,1350,4666,8428,0,7,2164602.8,19582580,5209676.0,27140724621312.0,2.5,"5872,69285,110768,19,33,113561,2317,5835,79981,27,46402,10090862,10162287,246207,1361,7,331600,26165,19472426,19582580,120230,670,167,185037,26475,2999498,3090044,125889,1350,111,205624",53,437.2,1378,500.3,250315.8,4.1,"1378,1378,1378,1378,1378,1240,69,69,101,54,644,61,989,53,668,54,299,61,61,497,53,720,54,137,61,61,211,53,456,54,259,61","0,8,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0","7,0,0,1,0,0,0,1,1,0,0,0,0,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0","0,1,0,1,1,1,0,0,0,1,1,0,0,1,1,1,1,0,0,0,1,1,1,1,0,0,0,1,1,1,1,0","7.869323730,7.856849670,7.844151974,7.845833778,7.865318298,7.844552517,5.639471054,5.726426601,6.218957901,5.208410263,7.701806545,5.635654926,7.814414501,5.246605873,7.688014030,5.353935242,7.329473972,5.701228619,5.602868080,7.546798706,5.284341812,7.731115818,5.282484531,6.512764931,5.557705879,5.570081234,6.968918324,5.284341812,7.518057823,5.231468201,7.265197754,5.557705879",QUIC.Google,188.126,1,Acceptable,Web,6,DPI,""
diff --git a/test/results/flow-analyse/reddit.pcap.out b/test/results/flow-analyse/reddit.pcap.out
index 170d9aded..38a643d5b 100644
--- a/test/results/flow-analyse/reddit.pcap.out
+++ b/test/results/flow-analyse/reddit.pcap.out
@@ -1,9 +1,7 @@
 flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks
 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:80a::200a,tcp,40028,443,finished,16,16,1605291684451133,1605291684654464,1605291684654375,0,0,824,1208,2166,4508,0,0,13115.3,75646,23104.5,533820192.0,3.2,"24940,24984,493,75646,0,1,1,75219,11,11,8777,4975,582,741,37567,3490,25948,1187,485,1611,1121,59921,1,0,1,1,0,1,58810,38,10",72,281.1,1280,342.1,117045.1,4.2,"80,80,72,589,72,1280,1280,572,72,72,72,136,164,896,710,72,652,72,72,103,72,103,72,72,384,422,285,111,139,72,72,72","11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,1,1,0,0,0,1,0,0,1,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,1,1,0,0,1,1,1,1,1,1,1,0,0,0","4.711516857,5.217300892,5.071401596,4.609335899,4.946592331,7.806063652,7.848966122,7.544353485,5.166606426,5.045011044,5.138829231,6.070029259,6.486535549,7.761092186,7.700193405,5.014019012,7.592603683,5.138829231,5.097352028,5.692110538,5.138829231,5.768221378,5.097352028,5.041796684,7.336868286,7.405985832,7.111319542,5.950567245,6.190017700,5.111051083,5.111051559,5.081305504",TLS.GoogleServices,91.239,1,Acceptable,Web,6,DPI,""
 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:798c,tcp,56558,443,info,14,18,1605291684452132,1605291685883411,1605291685884221,0,0,517,1048,1120,9354,0,0,92366.7,1287577,306947.3,94216675328.0,1.8,"33174,33242,863,66592,1,1,1,1,65678,11,9,6,13203,712,517,42062,2,0,27621,483,471,1369,59921,136,1228856,1287577,855,2,1,1,0",72,399.8,1120,437.6,191482.0,4.2,"80,80,72,589,72,1120,1120,1120,587,72,72,72,72,165,171,445,72,330,72,72,138,72,110,72,72,1120,72,1120,1120,1120,203,1120","9,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,0,1,0,0,1,1,1,0,1,1,1,1,1","4.907011032,5.304951668,5.190349579,4.499736786,5.055853844,6.898099899,7.358309269,7.317547321,7.583971977,5.273682594,5.245904922,5.273682594,5.273682594,6.093073368,6.340588570,7.416254044,5.083631516,7.073973179,5.083631516,5.218127251,6.225534439,5.218127251,5.702238560,5.055853844,5.111409664,7.793631554,5.218127251,7.806817532,7.807598114,7.795763016,6.697732925,7.803894997",,,,,,,,""
-1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:798c,tcp,56564,443,finished,22,10,1605291686035769,1605291686160496,1605291686157690,0,0,1388,1048,3806,3988,0,0,7956.4,41517,14223.9,202320352.0,3.1,"29904,29917,129,38003,2302,1,40177,45,72,0,17,3,2699,111,630,30,181,4,41517,1269,39145,1579,42,7307,1546,7292,2107,217,138,38,226",72,316.1,1460,366.7,134435.4,4.3,"80,80,72,589,72,1120,1120,72,72,1120,592,72,72,165,171,361,391,1460,269,72,330,72,195,227,72,138,72,217,110,182,183,294","8,1,1,4,2,0,2,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0","4,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,0,0,0,0","4.882011414,5.304953098,5.179864883,4.549963951,5.111409664,6.918439388,7.329545975,5.245904922,5.188381195,7.346970558,7.538538456,5.218127251,5.245904922,5.939581871,6.414350033,7.179112434,7.152504921,7.613826752,6.820423126,5.139187336,7.056142330,5.190349579,6.550985336,6.538044453,5.083631992,6.217070103,5.162571907,6.655886650,5.512269497,6.450225830,6.518562317,6.906108856",TLS.Reddit,91.205,1,Fun,SocialNetwork,6,DPI,""
 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:798c,tcp,56578,443,info,15,17,1605291686060652,1605291686199280,1605291686201936,0,0,517,1048,1550,9238,0,0,9029.4,48292,15572.2,242494768.0,3.2,"38700,38720,198,38531,1,38345,41,14,329,0,334,4,2216,2804,187,210,6465,48292,2910,39329,6844,2704,1,9551,251,801,2129,0,0,1,0",72,409.6,1120,435.5,189657.0,4.2,"80,80,72,589,72,1120,72,1120,72,1120,602,72,72,165,171,436,468,115,72,330,72,72,72,138,72,110,72,1120,1120,1120,1120,1120","8,2,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1,1,1,1,1","4.734510422,5.203058243,5.273682594,4.560284615,5.139187336,6.919415474,5.273682594,7.320698738,5.273682594,7.355862617,7.598192215,5.301460266,5.301460266,6.043826580,6.386544228,7.400215149,7.219000340,5.771939278,5.139187336,7.067717552,5.190349579,5.055854321,5.055854321,6.171116352,5.245904922,5.665874481,5.111409664,7.825948715,7.822474480,7.825513840,7.821124554,7.834854126",,,,,,,,""
-1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:798c,tcp,56582,443,info,17,15,1605291686064532,1605291686204966,1605291686203988,0,0,517,1048,1563,5635,0,0,9028.7,60278,18333.8,336128832.0,2.7,"36077,36109,144,41300,1,41154,44,17,686,0,689,5,2344,1105,220,36,172,60278,1038,0,57438,31,0,0,0,1,0,25,34,2,940",72,297.4,1120,353.7,125114.1,4.2,"80,80,72,589,72,1120,72,1120,72,1120,576,72,72,165,171,446,359,227,72,330,72,72,138,72,72,72,1120,687,72,72,72,110","10,1,1,1,1,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,1,1,1,1,0,0,0,0","4.791447639,5.270516872,5.273682594,4.464357376,5.111409664,6.904564381,5.273682594,7.359911442,5.273682594,7.337382793,7.522022247,5.273682594,5.273682594,6.074471474,6.455021381,7.426345348,7.089967251,6.816715717,5.083631992,7.110243320,5.083631992,5.218127251,6.187361240,5.008678436,5.036456108,5.064233780,7.784244537,7.688348293,5.230819225,5.245904922,5.235420227,5.565464973",,,,,,,,""
 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:798c,tcp,56592,443,info,16,16,1605291686084954,1605291686233012,1605291686233017,0,0,517,1048,1107,8188,0,0,9552.3,52464,18854.0,355471904.0,2.8,"44627,44653,347,50980,1843,1,0,0,52464,10,3,2,2413,668,102,121,49031,1,45760,75,169,1186,0,1,1,1443,16,7,133,49,15",72,363.0,1120,422.8,178733.3,4.1,"80,80,72,589,72,1120,1120,1120,602,72,72,72,72,165,171,389,153,72,330,72,72,72,138,72,1120,1118,72,72,72,1120,72,1120","11,0,2,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,0,1,1,1,1,1,1,0,0,0,1,0,1","4.907011986,5.354953289,5.301460266,4.552157402,5.139187336,6.938700199,7.322981834,7.354511738,7.534717083,5.245904922,5.218127251,5.245904922,5.273682594,6.089848042,6.412801743,7.335155964,6.124976635,5.139187336,7.085140228,5.273682594,5.111409664,5.028076649,6.191080093,5.111409664,7.845114708,7.817538738,5.273682594,5.245904922,5.263197899,7.819205284,5.245904922,7.795106411",,,,,,,,""
 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:798c,tcp,56594,443,info,17,15,1605291686301196,1605291686469619,1605291686468646,0,0,517,1048,1078,8227,0,0,10834.6,91996,22155.6,490868928.0,2.8,"25838,25880,395,66367,26055,91996,835,0,0,829,7,4,1579,121,254,42141,1,1,6209,0,2,0,0,1,46395,10,6,2,1,4,940",72,363.3,1120,424.0,179781.3,4.1,"80,80,72,589,72,1120,72,1120,1120,623,72,72,72,165,171,403,72,72,72,346,138,1120,1120,1120,1120,72,72,72,72,72,72,110","12,1,1,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0","4.907011986,5.304953098,5.301460266,4.568593025,5.139187336,6.968538761,5.258596897,7.334045410,7.344312668,7.577483654,5.301460266,5.329237938,5.301460266,6.086132526,6.472829342,7.337939262,5.128702641,5.166965008,5.166965008,7.241396427,6.241778851,7.834823132,7.795830250,7.800470352,7.816886902,5.273682594,5.301460266,5.273682594,5.329237938,5.301460266,5.329237938,5.684057236",,,,,,,,""
 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:805::2002,tcp,50960,443,finished,16,16,1605291686985114,1605291687110047,1605291687110135,0,0,517,1208,965,10234,0,0,8063.0,43636,14163.2,200595904.0,3.1,"31477,31507,233,36835,7050,0,43636,16,599,576,2431,165,135,37718,689,1069,36764,111,89,22,531,8580,9121,90,75,174,0,158,5,98,0",72,422.5,1280,490.0,240053.7,4.1,"80,80,72,589,72,1280,1280,72,72,533,72,136,164,333,72,72,652,72,103,72,103,72,778,72,1280,72,1280,1280,72,72,1280,1280","12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,0,1,0,0,1,1,0,1,0,1,1,0,0,1,1","4.794175148,5.301737785,5.137723446,4.609352589,5.163392067,7.822265148,7.828993320,5.193279266,5.193279266,7.574356556,5.165501595,6.187675953,6.451539040,7.193062782,5.135614395,5.135614395,7.646523952,5.182794571,5.842692375,5.165501595,5.903290272,5.163392067,7.712309837,5.193279266,7.843823910,5.165501595,7.846527100,7.838549614,5.193279266,5.165501118,7.822370052,7.826137066",TLS.GoogleServices,91.239,1,Acceptable,Web,6,DPI,""
@@ -13,7 +11,6 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_
 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:789d,tcp,48240,443,info,17,15,1605291687514756,1605291687641122,1605291687641103,0,0,517,1048,1012,8292,0,0,8152.0,61125,15844.6,251049776.0,2.9,"30377,30415,332,47450,13993,61125,95,1,0,49,10,2,3286,115,139,30628,2061,91,0,29231,1271,1309,181,374,3,2,1,161,6,3,2",72,363.2,1120,425.8,181298.7,4.1,"80,80,72,589,72,1120,72,1120,1120,704,72,72,72,165,171,337,72,72,72,330,72,138,72,110,1120,1120,1120,1120,72,72,72,72","12,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,1,1,1,1,0,1,0,0,1,1,1,1,0,0,0,0","4.882011890,5.254952908,5.245904922,4.537001133,5.045369625,6.921907902,5.119708538,7.178970814,7.321282864,7.568989754,5.190349579,5.162571907,5.096531868,5.980709553,6.354322433,7.210721493,5.083631516,5.139187336,5.111409664,7.047548294,5.218127251,6.254519463,5.162571907,5.573678017,7.803915977,7.831707001,7.839641571,7.817306042,5.245904922,5.245904922,5.245904922,5.245904922",,,,,,,,""
 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:816::2008,tcp,39520,443,finished,16,16,1605291687642048,1605291687769797,1605291687770512,0,0,517,1208,967,10018,0,0,8264.9,43870,14337.0,205550432.0,3.2,"34309,34348,1675,38053,7520,1,0,43870,15,3,2990,179,332,37258,1,401,1,34144,24,176,2332,6921,9068,836,1,863,34,109,28,721,0",72,415.8,1280,486.5,236643.5,4.1,"80,80,72,589,72,1280,1280,550,72,72,72,136,164,335,72,72,652,103,72,72,103,72,545,72,1280,1280,72,72,1280,72,1280,1280","12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,1,1,0,1,1,0,0,1,0,1,1","4.845952988,5.276736736,5.138828754,4.602811337,5.041796684,7.803936958,7.832890034,7.552286625,5.166606426,5.194384098,5.194384098,6.037216187,6.610102654,7.276579857,5.041796684,5.041796684,7.656215668,5.660604000,5.183899403,5.183899403,5.788832664,5.069574356,7.590582848,5.222161770,7.845970631,7.817458153,5.222161770,5.222161770,7.842357159,5.222161770,7.846263409,7.836318970",TLS.GoogleServices,91.239,1,Acceptable,Web,6,DPI,""
 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2620:116:800d:21:f916:5049:f87f:108e,tcp,48648,443,info,16,16,1605291687933355,1605291688258109,1605291688258300,0,0,517,1388,1296,10685,0,0,20958.0,180245,38814.9,1506599424.0,3.3,"41345,41375,239,45639,16078,1,0,61463,16,3,3880,365,125,94049,180245,10480,2,92307,53,428,5467,8019,1891,14882,15513,1,15533,36,263,0,1",72,446.9,1460,554.6,307585.9,4.0,"80,80,72,589,72,1460,1460,660,72,72,72,198,171,330,330,72,346,141,72,72,110,72,72,110,72,1460,1460,72,72,1460,1460,1460","10,1,0,2,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,1,1,0,0,1,1,1","5.270193100,5.621731281,5.459350586,4.656135082,5.421088219,6.918155670,7.356199741,7.583865643,5.431572914,5.431572914,5.348239899,6.523558617,6.440567493,7.245548248,7.233427525,5.403794765,7.155272961,6.347721100,5.459350586,5.459350586,5.820535183,5.393310547,5.355048180,6.026633739,5.409216881,7.855928898,7.870290756,5.487128258,5.459350586,7.867146015,7.870689869,7.867941856",,,,,,,,""
-1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:806::200e,tcp,54862,443,finished,17,15,1605291687931808,1605291688275672,1605291688275738,0,0,517,1208,1514,8800,0,0,22186.9,168765,38280.1,1465366144.0,3.3,"34819,34839,225,53032,4946,57771,466,0,0,435,8,5,3584,2043,379,91732,168765,1823,72847,231,970,1993,2727,14555,61747,2,76315,38,696,685,116",72,394.8,1280,466.2,217386.3,4.1,"80,80,72,589,72,1280,72,1280,1280,272,72,72,72,136,164,477,477,72,652,72,103,72,103,72,72,813,1280,72,72,1280,72,1280","12,0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,0,1,1,0,0,1,1,0,1,1,1,0,0,1,0,1","4.855388641,5.336174011,5.166606426,4.455770016,5.107836723,7.809723854,5.222161770,7.834493160,7.853783131,7.186578274,5.194384098,5.194384098,5.222161770,6.074600697,6.474341869,7.424253941,7.412911415,5.135614395,7.636740208,5.081305027,5.736714840,5.107836723,5.719827175,5.194384098,5.063430309,7.714984417,7.833517075,5.166606426,5.204868793,7.844364166,5.194384098,7.833867073",TLS.YouTube,91.124,1,Fun,Media,6,DPI,""
 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::d83a:d1e6,tcp,51100,443,finished,18,14,1605291688324076,1605291688488430,1605291688495517,0,0,517,1388,1402,4278,0,1,10832.1,42730,14959.8,223794400.0,3.6,"41079,41100,165,31856,11033,42730,469,1,470,25,2812,1299,93,34223,10205,1,40205,536,1458,1,938,16571,1,3,16547,20,17,4417,310,12670,24540",72,250.0,1460,362.6,131502.0,4.0,"80,80,72,589,72,1460,72,1460,172,72,72,136,164,486,72,652,72,72,103,72,103,72,793,103,111,72,72,72,111,107,282,72","11,2,2,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0","0,1,0,0,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,1","4.857011318,5.329952717,5.273682594,4.540163040,5.139187336,7.843326092,5.273682594,7.862450600,6.539532185,5.273682594,5.273682594,6.134756088,6.541216850,7.446951866,5.166965008,7.636521339,5.100924969,5.273682594,5.932955742,5.111409664,5.777672768,5.263197899,7.737014294,5.703792095,5.962306976,5.301460266,5.329237938,5.329237938,6.057867527,5.878192425,7.107053280,5.166965008",TLS.Google,91.126,1,Acceptable,Advertisement,6,DPI,""
 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::68f4:2ac8,tcp,56782,443,info,16,16,1605291687800179,1605291688483940,1605291688560007,0,0,517,1388,1460,4488,0,0,46567.4,216552,67587.7,4568099328.0,3.6,"29231,29299,228,29539,187299,216552,332,0,326,7,1815,188,30,70254,211900,6516,1,182884,58339,20162,41757,64,46,873,11694,10868,9898,6233,112514,128634,76106",72,258.4,1460,353.4,124913.6,4.1,"80,80,72,589,72,1460,72,1460,735,72,72,198,171,362,362,72,72,72,172,72,314,72,116,72,110,110,72,72,72,531,72,338","9,1,0,3,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0","0,1,0,0,1,1,0,1,1,0,0,0,0,0,0,1,1,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1","4.822575092,5.245516300,5.245904922,4.574756145,5.111409664,6.787540913,5.218127251,7.353115559,7.586227894,5.162571907,5.190349579,6.362659931,6.273279667,7.149994850,7.138213634,5.083631992,5.055854321,5.055854321,6.419822216,5.083631992,6.981730461,5.245904922,5.900056362,5.218127251,5.636374950,5.857635021,5.190349579,5.083631992,5.083631992,7.496485710,5.175263882,7.287763596",,,,,,,,""
 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2606:2800:134:1a0d:1429:742:782:b6,tcp,39736,443,finished,16,16,1605291688611238,1605291688786771,1605291688811895,0,0,523,1208,1624,5905,0,0,12135.2,51136,17866.3,319203328.0,3.5,"43010,43065,309,41280,10189,51136,400,38397,3509,41489,471,1,468,4,62,52,2291,169,102,38533,0,1,0,35978,9,3,58,5162,2233,17560,249",72,307.8,1280,396.4,157103.1,4.1,"80,80,72,589,72,171,72,595,72,1280,72,1280,1280,72,72,409,72,146,164,459,72,327,327,168,72,72,72,103,72,72,103,1280","11,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,2,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1","5.156615734,5.498501778,5.447478771,4.680018902,5.305136681,6.159050465,5.343176365,5.095525742,5.322429657,7.814732552,5.475256443,7.833696365,7.860356808,5.419701099,5.436994553,7.369849682,5.475256443,6.433616161,6.626874924,7.528322220,5.360692024,7.254635811,7.262678146,6.541914940,5.447478771,5.475256443,5.447478771,6.000376225,5.388469696,5.360692024,5.934231758,7.832221508",TLS.Twitter,91.120,1,Fun,SocialNetwork,6,DPI,""
diff --git a/test/results/flow-analyse/teams.pcap.out b/test/results/flow-analyse/teams.pcap.out
index 9c918492d..2cfaa518e 100644
--- a/test/results/flow-analyse/teams.pcap.out
+++ b/test/results/flow-analyse/teams.pcap.out
@@ -2,7 +2,6 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_
 1,ip4,192.168.1.6,52.113.194.132,tcp,60533,443,info,15,17,1587041676435900,1587041676535873,1587041676535853,0,0,258,1452,757,10509,0,2,6449.2,29755,8827.8,77930416.0,3.7,"12466,12563,1399,13862,1628,233,14289,254,250,114,2,99,4851,16541,1120,12847,339,301,11408,365,232,23032,26,11077,443,29285,29755,471,122,15,537",40,393.9,1492,548.1,300365.6,3.9,"64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40","10,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,1,1,0","4.365527153,4.946223736,4.521928787,5.447622776,4.609350681,7.356091499,7.445232391,4.680641174,7.544306755,4.571928501,7.621133804,7.081102371,4.630641460,6.624766827,4.609350681,7.169972897,4.680641174,6.030838013,4.630641460,6.150182247,5.105917454,7.025798798,5.428217888,4.565872192,4.680641174,4.565872192,7.556540489,4.680641174,7.827769756,7.840335846,7.703694820,4.680641174",,,,,,,,""
 1,ip4,192.168.1.6,52.114.77.33,tcp,60532,443,info,23,9,1587041676362386,1587041676859269,1587041676859222,0,0,1428,1440,23115,4254,0,1,32055.5,221245,54144.2,2931591680.0,3.4,"43237,43341,94039,139750,215,45878,125,102,1406,46781,45438,177198,6,1,221245,44042,6,2,2,21255,21237,4,23005,23005,5,2,3,1223,1159,4,3",52,907.9,1492,687.5,472618.5,4.4,"64,60,52,226,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480","5,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0","5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0","4.428027153,5.210652828,4.884933472,5.556665897,7.283374786,7.268235207,4.923395157,7.674625397,4.884933472,5.901349068,5.537203789,4.923394680,7.865010738,7.865353107,7.863998413,5.116508007,7.872262955,7.872727394,7.850155830,7.872891426,5.101991177,7.883207798,7.861774921,5.078046322,7.883695126,7.860937595,7.861885548,7.869150639,5.092563629,7.862890244,7.881820202,7.880939960",,,,,,,,""
 1,ip4,192.168.1.6,52.114.77.33,tcp,60535,443,finished,20,12,1587041677042751,1587041677328754,1587041677327352,0,0,1428,1440,15383,4699,0,2,18406.6,49836,21194.3,449200096.0,3.9,"45263,45409,339,49216,21,48838,224,177,1271,46526,45316,1920,4,2,47729,45783,4,2,3,37748,37711,4,8018,8058,5,734,37027,7756,4339,49836,1321",52,680.6,1492,673.1,453031.8,4.2,"64,60,52,258,1492,1375,64,1492,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,825,52,52,52,497,52,83","7,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0","7,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,1,1,1,1,0,0","4.340968132,5.220872402,4.976373672,5.983667850,7.275708199,7.688739777,5.052015305,7.275113583,4.976373672,6.006431580,5.733948708,5.053297043,7.842315674,7.876612663,7.858495712,5.246409416,7.872724533,7.868679523,7.873967648,7.874578953,5.207947731,7.865746021,7.852710724,5.169486046,7.855942726,7.767035484,5.116507530,5.169486046,5.207947731,7.497245789,4.961856842,5.338891983",TLS.Microsoft,91.212,1,Safe,Cloud,6,DPI,"15"
-1,ip4,192.168.1.6,52.113.194.132,tcp,60536,443,info,15,17,1587041677243705,1587041677297348,1587041677349666,0,0,1440,1452,3034,8925,0,3,5148.5,50397,9740.5,94877928.0,3.3,"11421,11522,225,11256,2751,92,13830,124,124,124,3,141,4803,15532,11803,1342,15,233,10,306,235,4,56,10886,31,10351,1699,244,14,50397,30",40,416.0,1492,569.7,324516.5,3.8,"64,52,40,254,46,1492,1492,40,1492,40,1492,257,40,198,46,133,366,109,40,40,78,1480,1047,124,46,78,40,46,46,46,1492,1055","8,1,2,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","7,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,0,0,0,0,1,1,0,1,1,1,1,1","4.396777153,4.893245220,4.571928501,5.470339298,4.549461365,7.348021507,7.445699215,4.680641174,7.531925678,4.571928501,7.607865810,7.056878567,4.680641174,6.474961758,4.505983353,6.083388805,7.209881783,5.879484177,4.680641174,4.630641460,5.102818012,7.881052494,7.824805737,6.119441986,4.457919598,5.412868977,4.630641460,4.565872192,4.565871716,4.522393703,7.843515396,7.832207680",,,,,,,,""
 1,ip4,192.168.1.6,52.114.77.33,tcp,60543,443,info,21,11,1587041682369801,1587041682803345,1587041682803309,0,0,1428,1440,20291,4254,0,2,27969.4,152917,40324.3,1626047232.0,3.6,"50532,50647,291,64604,72036,210,136507,124,96,1421,68048,86231,152917,2268,6,3,46387,44112,4,2,3,23630,23615,4,20861,20866,7,7,3,845,765",52,819.7,1492,699.2,488828.9,4.3,"64,60,52,258,52,1492,1492,52,1375,52,145,52,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480","5,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0","7,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0","0,1,0,0,1,1,1,0,1,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0","4.384982109,5.323234558,4.961856842,5.939832211,5.116507530,7.288343430,7.267649651,5.000318527,7.662917614,4.961856842,5.882802486,5.193430901,5.624773026,4.961856842,7.851280689,7.841383457,7.873037815,5.154969692,7.851320267,7.856824398,7.856104374,7.863511562,5.154969215,7.862011433,7.862949848,5.154969215,7.888728619,7.861488342,7.847744942,7.865393639,5.193430901,7.879679203",,,,,,,,""
 1,ip4,192.168.1.6,52.114.77.58,tcp,60545,443,finished,19,13,1587041682698689,1587041683063920,1587041683109441,0,0,1440,1452,2687,6860,0,7,25031.7,201410,47065.5,2215158784.0,3.2,"45653,45756,213,47886,30,47672,17,83,202,104,167,9896,9950,3499,10390,395,51386,37078,221,190,155,7115,7018,1251,1197,79250,201410,7,34,167536,222",40,340.2,1492,510.3,260451.7,3.8,"64,52,40,259,1492,1492,52,40,40,1492,1492,40,453,40,198,133,503,91,40,109,40,78,78,40,479,40,46,1480,150,206,46,82","11,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","3,3,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,0,1,1","4.396777153,4.984685898,4.571928501,5.447037697,7.103639126,7.377305508,4.748330116,4.680641174,4.521928787,7.565583706,7.619148254,4.680641174,7.502402782,4.680641174,6.615381718,6.130319118,7.576011658,5.374610424,4.630640984,5.982717991,4.530641556,5.189125538,5.402576923,4.680641174,7.496559143,4.680641174,4.505983353,7.866451740,6.633583069,6.711987019,4.522393703,5.435414791",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,""
 1,ip4,192.168.1.6,52.114.88.59,tcp,60547,443,finished,18,14,1587041683186164,1587041683511604,1587041683511700,0,0,1428,1440,2582,7792,0,2,20999.2,115070,31123.6,968681216.0,3.5,"34191,34298,279,36871,33,36580,20,190,171,120,2,98,1011,12039,309,36028,22727,226,163,129,10387,10298,599,557,77127,91684,7,49137,80440,115070,185",52,377.2,1492,521.7,272149.2,3.9,"64,60,52,273,1492,1492,64,52,1492,52,1492,302,52,178,145,533,103,52,121,52,90,90,52,414,52,52,1480,247,52,227,52,1139","11,1,1,1,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","3,2,1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,1,1,0,1","4.278468132,5.100120544,4.678913116,5.492300034,7.395298958,7.335471153,4.813810349,4.784870625,7.534573555,4.736229897,7.601704121,7.355720520,4.823332310,6.256767273,6.195283890,7.525622368,5.556344509,4.861793995,6.029422760,4.861793995,5.382391453,5.548377514,4.823332310,7.376307011,4.861793995,5.063529015,7.847518921,6.993651390,4.986605644,6.825597286,4.731892109,7.799232483",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,""
diff --git a/test/results/flow-analyse/teamspeak3.pcap.out b/test/results/flow-analyse/teamspeak3.pcap.out
index bab73746f..3736facff 100644
--- a/test/results/flow-analyse/teamspeak3.pcap.out
+++ b/test/results/flow-analyse/teamspeak3.pcap.out
@@ -1 +1,2 @@
 flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks
+1,ip4,193.31.25.70,51.68.181.92,udp,2011,2010,finished,16,16,1667856551682719,1667860752082559,1667860752087365,4,0,16,8,160,104,0,4821,132446368.0,600180997,380875840.0,145066403072835584.0,3.8,"4821,5374,5461,599973063,599972971,4971,4991,600080478,600080533,5171,5169,600089707,600089636,5006,5041,599897642,599897696,5229,5139,600180992,600180997,4953,4948,599984779,599984795,5164,5120,600152336,600152365,4975,4963",32,40.0,44,4.7,22.0,5.0,"32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.625000000,4.458523273,4.765583038,4.075578690,4.625000000,4.506142139,4.765583038,4.075578690,4.500000000,4.345311642,4.674674511,4.009986401,4.625000000,4.458523273,4.720128536,4.075578690,4.562500000,4.458523273,4.720128536,3.980340719,4.625000000,4.315666676,4.720128536,3.980340719,4.562500000,4.458523273,4.629220009,4.075578690,4.562500000,4.506142139,4.720128536,4.027959824",TeamSpeak,162,0,Fun,VoIP,6,DPI,""
diff --git a/test/results/flow-analyse/tor.pcap.out b/test/results/flow-analyse/tor.pcap.out
index 662fd47f3..7f15bb9c6 100644
--- a/test/results/flow-analyse/tor.pcap.out
+++ b/test/results/flow-analyse/tor.pcap.out
@@ -3,5 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_
 1,ip4,192.168.1.252,91.143.93.242,tcp,51110,443,finished,14,18,1383821665420161,1383821704889950,1383821704958016,0,0,586,1460,3939,9093,0,120,2548633.8,37995839,9273754.0,86002509021184.0,1.4,"70996,71325,6669,104314,10783,112643,88567,84606,73691,120,73665,754,108431,107711,67797,2260,74630,103567,101811,113368,368689,686539,37720424,37995839,68191,67504,104050,189003,360821,68695,181",40,448.8,1500,476.2,226793.4,4.2,"52,52,46,255,40,788,174,99,114,1500,142,46,626,40,626,40,626,626,626,626,40,626,46,626,40,626,40,626,1500,46,1500,1500","5,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,1,0,0,1,0,1,1,1,0,1,1","4.540081501,4.945419312,4.484987259,5.397112370,4.884183884,7.396267891,6.599942207,5.960015774,6.090528011,7.870100975,6.529747963,4.484987259,7.677678108,4.884183884,7.605023384,4.884183884,7.649974346,7.648893833,7.709483624,7.672764301,4.834183693,7.653419495,4.441509247,7.662259102,4.884183884,7.661063194,4.884183884,7.656208992,7.855939388,4.484987259,7.873313904,7.885534286",TLS,91,1,Safe,Web,6,DPI,"7"
 1,ip4,192.168.1.252,46.59.52.31,tcp,51111,443,finished,15,17,1383821666407384,1383821774388112,1383821702813857,0,0,586,1460,3946,5300,0,90,4657651.5,71328355,14789051.0,218716025389056.0,1.8,"73367,74408,357,74070,3203,80209,86098,83238,77261,90,76164,838,117183,116350,75240,23977,101877,114494,465564,429267,3455,80828,117031,388775,507320,75910,393949,666205,34353103,34399015,71328355",40,330.6,1500,347.1,120444.2,4.2,"52,52,46,262,40,789,174,99,114,1500,142,46,626,40,626,40,626,626,40,626,40,626,626,40,626,626,40,626,46,626,46,46","6,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,0,0","4.540081024,4.892440796,4.398030758,5.485852242,4.734183788,7.345484734,6.684501171,5.938382626,6.188065529,7.865236759,6.545697212,4.398030758,7.637940407,4.784183979,7.634158611,4.784183979,7.710437775,7.659512520,4.784183979,7.657443523,4.834184170,7.637063503,7.660885811,4.834184170,7.674984455,7.682085514,4.765312195,7.644844532,4.544876099,7.636578560,4.347350597,4.457919598",TLS.Tor,91.163,1,Potentially Dangerous,VPN,6,DPI,"7,16,22"
 1,ip4,192.168.1.252,91.143.93.242,tcp,51175,443,finished,14,18,1383822129897135,1383822132138706,1383822132203451,0,0,586,1460,4523,5299,0,146,146706.0,990883,220400.9,48576569344.0,3.9,"64392,65808,9514,82112,4238,79785,91000,88446,79568,146,78186,925,110026,109380,69120,1548,80197,113582,35660,145791,70785,343658,637547,693937,990883,1625,71983,109022,69049,180072,69902",40,348.2,1500,347.1,120448.8,4.3,"52,52,46,253,40,788,174,99,114,1500,142,46,626,40,626,40,626,626,40,626,626,40,626,46,626,40,626,626,40,626,626,40","4,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1","4.477674961,4.945419312,4.398030758,5.406278133,4.834183693,7.371150017,6.711827278,5.947438717,6.057762146,7.837278366,6.586953163,4.398030758,7.662993908,4.834183693,7.681317329,4.734183788,7.663327694,7.608054161,4.734183788,7.639224529,7.648303986,4.734183788,7.669913292,4.441509247,7.652542591,4.834183693,7.641192913,7.661419868,4.784183979,7.663778782,7.666988373,4.734183788",TLS.Tor,91.163,1,Potentially Dangerous,VPN,6,DPI,"7,16,22"
-1,ip4,192.168.1.252,38.229.70.53,tcp,51176,443,finished,14,18,1383822130889737,1383822133768898,1383822133768590,0,0,586,1460,3998,5464,0,215,185742.4,755290,163607.9,26767544320.0,4.5,"143944,144327,714,149478,37247,195972,163599,153986,192261,56166,215,255054,2118,152835,143919,143900,44572,192109,147551,608487,755290,145485,149387,149841,132696,281585,155046,87778,477208,367752,127492",40,337.4,1500,355.4,126324.2,4.2,"52,52,46,250,40,969,238,99,114,40,1500,126,46,626,40,626,40,626,626,40,626,626,40,626,40,626,626,40,626,46,626,52","5,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,0","4.593060017,4.815517426,4.414441109,5.291395664,4.834184170,7.550148964,6.920053005,5.919612408,6.132238388,4.884183884,7.868963718,6.428377628,4.330940247,7.664852619,4.730641365,7.653878212,4.780641079,7.642474174,7.667881489,4.784183979,7.644913673,7.622496128,4.884183884,7.554065228,4.784183979,7.660291672,7.637899399,4.884183884,7.647337437,4.544876099,7.647919655,4.743239880",TLS,91,1,Safe,Web,6,DPI,"7"
 1,ip4,192.168.1.252,212.83.155.250,tcp,51174,443,finished,16,16,1383822129889928,1383822265160118,1383822265159585,0,0,586,1460,2761,5864,0,319,8727092.0,72890007,22568808.0,509351076823040.0,2.1,"59390,61607,13819,72120,2062,62909,63545,60042,79423,319,78805,1749,98338,96626,56518,4501,61844,64873,64036,73717,275721,252847,50798,9733,261423,61538274,61491411,72591366,72890007,3990,98034",40,312.0,1500,345.9,119666.8,4.2,"52,52,46,249,40,783,174,99,114,1500,126,46,626,40,626,40,626,626,626,626,626,46,626,52,626,46,626,46,46,40,40,46","9,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0","4.501619816,4.930902481,4.441508770,5.332808495,4.834183693,7.397306919,6.658778667,6.048449516,6.157279968,7.876633167,6.546604156,4.441508770,7.673907757,4.834183693,7.638509750,4.884183884,7.663495541,7.670399189,7.645442486,7.664111614,7.640780926,4.484987259,7.650365353,4.880648136,7.645416737,4.544876099,7.673004150,4.457919598,4.457919598,4.734183788,4.734183788,4.501397610",TLS,91,1,Safe,Web,6,DPI,"7"
diff --git a/test/results/flow-analyse/tplink_shp.pcap.out b/test/results/flow-analyse/tplink_shp.pcap.out
new file mode 100644
index 000000000..c47162d78
--- /dev/null
+++ b/test/results/flow-analyse/tplink_shp.pcap.out
@@ -0,0 +1,4 @@
+flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks
+1,ip4,192.168.242.41,255.255.255.255,udp,9999,9999,finished,32,0,1671480246580620,1671482107022461,1671480246580620,29,0,29,0,928,0,0,59941020,60014252.0,60058740,28832.0,831283968.0,5.0,"59981502,60026902,60033545,60025983,60019439,60029060,60007918,59960596,60018542,60041575,60007787,60058740,60009897,59988150,60032816,60027954,59999029,60019785,59971862,60037098,60038357,59969686,60047493,60049617,59970507,60028097,60020936,60058290,59941020,60019156,60000502",57,57.0,57,0.0,0.0,5.0,"57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57","32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971",TPLINK_SHP,332,0,Acceptable,IoT-Scada,6,DPI,""
+1,ip4,192.168.242.40,255.255.255.255,udp,9999,9999,finished,32,0,1671480252766159,1671482113211224,1671480252766159,29,0,29,0,928,0,0,58157868,60014356.0,62682126,761550.5,579959128064.0,5.0,"60006889,59992234,59988113,60055878,62042393,58480216,59528957,59979179,60022444,59995841,60040145,60020835,60008844,60011011,60032284,59945925,60060707,59962350,60043922,60010468,60018299,62682126,59182323,58157868,60047220,60012353,60002512,60045750,59979486,60038815,60049678",57,57.0,57,0.0,0.0,5.0,"57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57","32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556",TPLINK_SHP,332,0,Acceptable,IoT-Scada,6,DPI,""
+1,ip4,192.168.242.99,255.255.255.255,udp,9999,9999,finished,32,0,1671480255663786,1671482115665844,1671480255663786,29,0,29,0,928,0,0,59882007,60000068.0,60106251,33292.3,1108378624.0,5.0,"59993154,60020440,59990979,59994518,60003706,60005058,59991379,60018870,59983291,60003671,59994527,59997085,60003675,59991507,60013334,59999380,60003136,59995803,59988169,60000198,60004205,60003135,60004033,59996922,60008027,60106251,59882007,60006816,59993721,60005230,59999831",57,57.0,57,0.0,0.0,5.0,"57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57","32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.159829617,5.194917202,5.194917202,5.194917679,5.159829617,5.194917679,5.194917679,5.194917679,5.194917679,5.091405869,5.159829140,5.159829140,5.194917202,5.194917679,5.194917679,5.194917679,5.146585464,5.124742031,5.159829140,5.159829617,5.159829617,5.146585464,5.194917679,5.194917202,5.194917679,5.159829617,5.194917202,5.194917202,5.124741554,5.159829617,5.194917679,5.194917202",TPLINK_SHP,332,0,Acceptable,IoT-Scada,6,DPI,""
diff --git a/test/results/flow-analyse/tumblr.pcap.out b/test/results/flow-analyse/tumblr.pcap.out
index 13e284786..f0f60fc9d 100644
--- a/test/results/flow-analyse/tumblr.pcap.out
+++ b/test/results/flow-analyse/tumblr.pcap.out
@@ -4,7 +4,6 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_
 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::c000:4d28,tcp,43434,443,info,16,16,1605292105171046,1605292105231565,1605292105231522,0,0,112,1400,362,16800,1,1,3903.1,45055,9416.3,88667112.0,2.8,"365,4822,355,27249,2992,337,2701,17288,45055,519,518,603,1,579,9,7282,1,7292,34,289,2,248,25,174,1,157,27,1036,1,1005,28",72,608.3,1472,669.7,448506.0,4.1,"184,111,183,172,72,72,72,72,1472,72,1472,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72","12,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0","0,0,0,0,1,1,1,1,1,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0","6.587406158,5.914531231,6.603403568,6.519369125,4.980900764,4.980900764,4.894209862,4.980900764,7.851428509,5.118321419,7.864492416,5.118321419,7.853987694,7.848294735,5.062766075,5.080059052,7.860019684,7.828007221,5.118321419,5.118321419,7.856985092,7.866126060,5.118321419,5.080059052,7.856244087,7.840456009,5.146099091,5.080059052,7.871989727,7.857123375,5.118321419,5.118321419",,,,,,,,""
 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2606:2800:135:155a:23ba:b2a:25ff:122d,tcp,58380,443,finished,16,16,1605292105197307,1605292105347875,1605292105347850,0,0,523,1208,1519,5784,0,0,9713.3,47694,16101.6,259260704.0,3.2,"33179,33247,488,47694,0,47160,1225,37725,2106,0,0,38598,23,3,754,718,796,796,2589,248,171,60,26260,592,1,74,1362,0,0,25234,8",72,300.7,1280,381.9,145812.8,4.1,"80,80,72,589,72,171,72,595,72,1280,1280,1280,72,72,72,544,72,1055,72,146,164,329,128,72,72,72,72,327,327,168,72,72","10,1,2,0,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,2,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,1,1,1,0,0,0,1,0,1,0,0,0,0,0,1,1,1,1,1,1,1,0,0","5.295193195,5.637294769,5.563652992,4.598795891,5.459350586,6.223492146,5.497612953,5.044443607,5.487128258,7.814322472,7.863967419,7.842244625,5.591430664,5.503256798,5.563652992,7.612953186,5.591430664,7.763548851,5.563652992,6.558448792,6.685117722,7.291459560,6.278277397,5.487128258,5.487128258,5.431572914,5.487128258,7.317289352,7.268368721,6.510692596,5.591430664,5.563652992",TLS,91,1,Safe,Web,6,DPI,""
 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::c000:4d03,tcp,56794,443,info,14,18,1605292105669051,1605292105720296,1605292105720289,0,0,130,1400,525,11113,1,0,3305.9,36646,8575.8,73544632.0,2.4,"375,92,385,236,26419,36646,2159,0,376,0,10012,21697,203,197,169,221,0,406,8,175,469,1,0,620,51,101,150,197,535,21,562",72,435.7,1472,586.0,343353.7,3.9,"192,111,201,202,143,108,72,72,72,72,72,1472,72,1472,72,1460,84,1472,72,72,1460,84,1327,103,72,72,111,1460,72,84,1460,72","8,2,1,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,7,0,0,0,0","0,0,0,0,0,0,1,1,1,1,1,1,0,1,0,1,1,1,0,0,1,1,1,1,0,0,1,1,0,1,1,0","6.771437645,5.700867176,6.623061657,6.706957817,6.270517826,5.792555332,5.008678436,5.036456108,5.008678436,5.036456108,5.008678436,7.827867985,5.069574833,7.856517315,5.080059528,7.842531681,5.292736530,7.873940468,5.069574833,5.034988403,7.877679825,5.307831764,7.852031708,5.639400959,5.146099567,5.090544224,5.719091892,7.856316566,5.118321896,5.301723003,7.853841305,5.090544224",,,,,,,,""
-1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::c000:4d03,tcp,56842,443,finished,16,16,1605292108895208,1605292109072597,1605292109072571,0,0,517,1400,1335,7988,0,0,11443.6,70171,19863.6,394563968.0,3.1,"22637,22712,440,30662,24781,0,1,1,54941,10,7,4,36,7,1509,240,132,59732,70171,1,0,28567,37136,504,0,1,0,1,500,15,4",72,363.8,1472,486.5,236637.8,4.0,"80,80,72,589,72,1472,1472,1368,1472,72,72,72,72,193,72,136,164,403,403,72,72,72,343,72,343,134,103,1472,408,72,72,72","11,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,1,0,1,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,4,0,0,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,1,0,0,0,0,0,1,1,1,1,0,1,1,1,1,1,0,0,0","4.750073910,5.171930313,5.147485733,4.504647255,5.036456108,7.837605953,7.857367039,7.841114044,7.873028755,5.147486210,5.119708538,5.175263882,5.147486210,6.592915535,5.147486210,5.952137947,6.489402294,7.443186283,7.431387901,5.036456108,4.980900764,5.008678436,7.119190693,5.175263882,7.234163284,6.096735001,5.624744892,7.869890213,7.348752975,5.175263882,5.175263882,5.175263882",TLS.Tumblr,91.90,1,Fun,SocialNetwork,6,DPI,""
 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::4a72:9a16,tcp,43328,443,info,16,16,1605292121486006,1605292121915646,1605292121915718,0,0,517,1400,1174,11033,0,0,27721.0,189403,49540.4,2454247936.0,3.2,"21421,21468,523,29545,160398,189403,235,0,213,14,842,826,3808,144,202,28681,1,1011,77988,2,103570,74,656,29813,79144,108203,110,95,435,441,86",72,454.0,1472,568.3,322990.4,4.0,"80,80,72,589,72,1472,72,1472,1368,72,72,1073,72,157,163,523,72,72,72,338,142,72,72,102,72,1472,72,1472,72,1472,72,1472","12,0,2,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,6,0,0,0,0","0,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,1,0,1,0,1","4.847575665,5.264388561,5.273682594,4.570615292,5.139187336,7.183391094,5.218127251,7.306411743,7.637944698,5.179864883,5.245904922,7.569734573,5.218127251,6.162980080,6.493566990,7.590200424,5.139187336,5.139187336,5.083631992,7.038479328,6.319642544,5.162571907,5.162571907,5.715408325,5.083631992,7.863587856,5.218127251,7.862967491,5.245904922,7.863145828,5.190349579,7.850796700",,,,,,,,""
 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:789d,tcp,48240,443,info,15,17,1605292102602965,1605292122118409,1605292122118430,0,0,86,1048,132,16768,1,0,1259061.5,19513573,4788586.0,22930555666432.0,1.0,"19473275,346,19513573,0,40000,58,0,14,3,47,46,590,601,1080,1,1,0,1,0,0,1081,15,50,4,2,3,4,112,1,0,1",72,600.1,1120,520.1,270533.2,4.4,"72,158,118,72,1120,72,1120,1120,72,72,1120,72,1120,72,1120,1120,1120,1120,1120,1120,1120,72,72,72,72,72,72,72,1120,1120,1120,1120","13,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,1,0,1,1,0,0,1,0,1,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1","5.300073624,6.172540188,5.808043480,5.111409664,7.793330193,5.244518280,7.816789150,7.806469440,5.188962936,5.244518280,7.817547321,5.216740131,7.782293320,5.272295952,7.814203739,7.825418949,7.833592415,7.796096325,7.794456482,7.800365925,7.831590176,5.300073624,5.244518280,5.272295952,5.300073624,5.216740608,5.244518280,5.272295475,7.782464504,7.824431896,7.817936897,7.808838844",,,,,,,,""
 1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:80b::200a,tcp,38608,443,finished,17,15,1605292122095843,1605292122274057,1605292122274042,0,0,517,1208,982,8808,0,0,11497.2,67472,19899.9,396007328.0,3.2,"67445,67472,269,44078,5271,1,49097,3,94,53,18571,10150,718,42370,0,12940,229,14297,2020,1,16083,2556,1,2570,25,64,1,0,22,4,8",72,378.4,1280,464.3,215557.6,4.1,"80,80,72,589,72,1280,1280,72,72,572,72,136,164,350,72,652,72,103,72,103,72,72,521,1280,72,72,1280,1280,1280,72,72,72","13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,0,0,1,1,1,0,1,1,0,0,1,1,1,0,0,0","4.880388737,5.286173344,5.204868793,4.536604404,5.107836723,7.787920475,7.830109596,5.260424137,5.232646465,7.542898178,5.232646465,6.192057133,6.535644054,7.298229218,5.014019012,7.680838585,5.232646465,5.914041996,5.041796684,5.815946102,5.052281380,5.166606426,7.546278477,7.846930027,5.117859364,5.138828754,7.830280781,7.832926273,7.840851784,5.194384098,5.099461079,5.156121731",TLS.GoogleServices,91.239,1,Acceptable,Web,6,DPI,""
diff --git a/test/results/flow-analyse/tuya_lp.pcap.out b/test/results/flow-analyse/tuya_lp.pcap.out
new file mode 100644
index 000000000..bab73746f
--- /dev/null
+++ b/test/results/flow-analyse/tuya_lp.pcap.out
@@ -0,0 +1 @@
+flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks
diff --git a/test/results/flow-analyse/zoom2.pcap.out b/test/results/flow-analyse/zoom2.pcap.out
index 8884144f8..4b1fb533d 100644
--- a/test/results/flow-analyse/zoom2.pcap.out
+++ b/test/results/flow-analyse/zoom2.pcap.out
@@ -1,5 +1,5 @@
 flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks
 1,ip4,192.168.1.178,144.195.73.154,tcp,50076,443,finished,17,15,1642965458402978,1642965459315313,1642965459315763,0,0,1440,1440,3004,9722,0,1,58874.8,198571,83051.8,6897604608.0,3.4,"174660,174776,564,174002,1305,35,10,9,175382,5,1,23625,1263,198571,173076,348,174461,174128,5783,7,187559,672,15,182407,110,83,84,878,803,496,2",52,450.3,1492,547.4,299645.5,4.0,"64,60,52,569,52,1492,1492,1268,814,52,52,52,52,178,103,52,208,127,52,1492,767,52,1492,442,52,200,52,102,1330,52,1330,256","11,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","3,1,1,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,1,0,1,0,0,1,0,1,1","4.254878044,5.233453751,5.053297043,4.421474934,5.063529015,7.154266357,7.350361347,7.483180046,7.590131760,5.022342205,4.983880997,5.022342205,4.983880520,6.548796177,5.785968304,4.855899334,6.773957253,6.347529888,5.014834881,7.875683308,7.723464012,5.132945061,7.879707336,7.463565826,4.976374149,6.741343498,5.014835358,5.970962524,7.852532387,5.014835358,7.852782249,6.910366535",TLS.Zoom,91.189,1,Acceptable,Video,6,DPI,"15"
-1,ip4,192.168.1.178,144.195.73.154,udp,60653,8801,info,5,27,1642965459595620,1642965459884168,1642965460094905,123,0,128,1036,630,21016,0,21,25414.0,166585,40490.2,1639456256.0,3.6,"101379,166585,27,72990,12330,100439,29,101849,72959,11921,4860,10860,10480,10129,246,9160,10351,10320,11352,21,292,9440,8565,5418,4862,82,10799,10006,10476,9401,205",46,704.7,1064,464.6,215864.3,4.6,"151,151,72,46,156,156,72,46,156,88,88,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,88,1064,1064,1064,1064,1064,1064,1064","0,0,0,2,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","5.840515137,5.848702431,4.861306667,4.234366894,5.447824001,5.554306984,4.833528996,4.321323395,5.629264832,4.681292534,4.672410965,0.559972763,0.556576610,0.564253807,0.560080409,0.590531707,0.561960101,0.563839793,0.561959982,0.563839793,0.597341061,0.588497758,0.561959982,0.561959982,4.750781059,0.551231861,0.590992451,0.553111553,0.553111553,0.561959982,0.561959982,0.599220753",,,,,,,,""
-1,ip4,192.168.1.178,144.195.73.154,udp,58117,8801,info,12,20,1642965460219455,1642965460877104,1642965460887928,88,0,161,136,1490,1734,0,12,42778.1,176446,48878.6,2389121792.0,4.1,"98469,176446,124,85491,9538,94754,12,99878,94166,12337,1946,12440,20627,16992,20131,168367,18000,3631,10879,10252,19350,32137,20903,115345,15,17844,18745,20098,20216,21487,85502",46,129.0,189,35.8,1279.8,4.9,"151,151,72,46,156,156,72,46,156,88,88,161,164,154,149,145,116,88,149,92,143,144,134,135,166,189,116,150,148,143,144,116","0,0,1,6,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,5,3,8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,0,0,1,0,0,0,0,1","5.774950981,5.795780182,4.871791363,4.390829086,5.589504242,5.647461891,4.816236019,4.390829086,5.513776779,4.672714233,4.717865467,5.984676361,5.988471985,5.890224934,5.750802994,5.721282959,5.103803158,4.742203236,5.809841633,4.711098671,5.716365814,5.704583168,5.625706196,5.615069389,6.022024632,6.167570114,5.279437542,5.717482567,5.684329510,5.700431347,5.688298225,5.216770172",,,,,,,,""
-1,ip4,192.168.1.178,144.195.73.154,udp,57953,8801,info,15,17,1642965460359314,1642965461085374,1642965461081424,27,0,143,75,1257,755,0,8,46715.2,187597,42950.9,1844783744.0,4.3,"102087,187597,15,105625,59,93505,28,87640,70667,56,105994,30,21517,32815,58979,18,48377,5541,49496,50209,26,8,55223,45719,56325,52361,22,59786,52118,47745,58582",46,91.1,171,44.6,1993.4,4.8,"153,153,72,46,163,163,72,46,163,163,163,103,103,55,55,171,55,55,103,55,103,103,55,55,55,55,103,55,55,55,55,55","7,0,0,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,1,1,0,0,0,1,1,0,1,0,0,1,1,0,1,1,1,0,1,0,1,1,0,1,1,0","5.810314178,5.912507057,4.833528996,4.303872585,5.517835140,5.506913185,4.805751324,4.390829086,5.576398373,5.539088726,5.561493397,4.442456245,4.487634182,3.597789288,3.852133274,5.482311726,3.597789288,3.888496876,4.520360470,3.744285822,4.494622231,4.547106743,3.853325367,3.707922220,3.961224079,3.671558619,4.547106743,3.924860477,3.671558380,3.888496876,3.924860477,3.707922220",,,,,,,,""
+1,ip4,192.168.1.178,144.195.73.154,udp,60653,8801,finished,5,27,1642965459595620,1642965459884168,1642965460094905,123,0,128,1036,630,21016,0,21,25414.0,166585,40490.2,1639456256.0,3.6,"101379,166585,27,72990,12330,100439,29,101849,72959,11921,4860,10860,10480,10129,246,9160,10351,10320,11352,21,292,9440,8565,5418,4862,82,10799,10006,10476,9401,205",46,704.7,1064,464.6,215864.3,4.6,"151,151,72,46,156,156,72,46,156,88,88,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,88,1064,1064,1064,1064,1064,1064,1064","0,0,0,2,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","5.840515137,5.848702431,4.861306667,4.234366894,5.447824001,5.554306984,4.833528996,4.321323395,5.629264832,4.681292534,4.672410965,0.559972763,0.556576610,0.564253807,0.560080409,0.590531707,0.561960101,0.563839793,0.561959982,0.563839793,0.597341061,0.588497758,0.561959982,0.561959982,4.750781059,0.551231861,0.590992451,0.553111553,0.553111553,0.561959982,0.561959982,0.599220753",RTP.Zoom,87.189,0,Acceptable,Video,6,DPI,""
+1,ip4,192.168.1.178,144.195.73.154,udp,58117,8801,finished,12,20,1642965460219455,1642965460877104,1642965460887928,88,0,161,136,1490,1734,0,12,42778.1,176446,48878.6,2389121792.0,4.1,"98469,176446,124,85491,9538,94754,12,99878,94166,12337,1946,12440,20627,16992,20131,168367,18000,3631,10879,10252,19350,32137,20903,115345,15,17844,18745,20098,20216,21487,85502",46,129.0,189,35.8,1279.8,4.9,"151,151,72,46,156,156,72,46,156,88,88,161,164,154,149,145,116,88,149,92,143,144,134,135,166,189,116,150,148,143,144,116","0,0,1,6,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,5,3,8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,0,0,1,0,0,0,0,1","5.774950981,5.795780182,4.871791363,4.390829086,5.589504242,5.647461891,4.816236019,4.390829086,5.513776779,4.672714233,4.717865467,5.984676361,5.988471985,5.890224934,5.750802994,5.721282959,5.103803158,4.742203236,5.809841633,4.711098671,5.716365814,5.704583168,5.625706196,5.615069389,6.022024632,6.167570114,5.279437542,5.717482567,5.684329510,5.700431347,5.688298225,5.216770172",RTP.Zoom,87.189,0,Acceptable,Video,6,DPI,""
+1,ip4,192.168.1.178,144.195.73.154,udp,57953,8801,finished,15,17,1642965460359314,1642965461085374,1642965461081424,27,0,143,75,1257,755,0,8,46715.2,187597,42950.9,1844783744.0,4.3,"102087,187597,15,105625,59,93505,28,87640,70667,56,105994,30,21517,32815,58979,18,48377,5541,49496,50209,26,8,55223,45719,56325,52361,22,59786,52118,47745,58582",46,91.1,171,44.6,1993.4,4.8,"153,153,72,46,163,163,72,46,163,163,163,103,103,55,55,171,55,55,103,55,103,103,55,55,55,55,103,55,55,55,55,55","7,0,0,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,1,1,0,0,0,1,1,0,1,0,0,1,1,0,1,1,1,0,1,0,1,1,0,1,1,0","5.810314178,5.912507057,4.833528996,4.303872585,5.517835140,5.506913185,4.805751324,4.390829086,5.576398373,5.539088726,5.561493397,4.442456245,4.487634182,3.597789288,3.852133274,5.482311726,3.597789288,3.888496876,4.520360470,3.744285822,4.494622231,4.547106743,3.853325367,3.707922220,3.961224079,3.671558619,4.547106743,3.924860477,3.671558380,3.888496876,3.924860477,3.707922220",RTP.Zoom,87.189,0,Acceptable,Video,6,DPI,""
diff --git a/test/results/flow-analyse/zoom_p2p.pcapng.out b/test/results/flow-analyse/zoom_p2p.pcapng.out
new file mode 100644
index 000000000..ca3ebdf5e
--- /dev/null
+++ b/test/results/flow-analyse/zoom_p2p.pcapng.out
@@ -0,0 +1,5 @@
+flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks
+1,ip4,192.168.12.156,192.168.1.226,udp,39065,46757,info,16,16,1666892675237560,1666892675646012,1666892675643750,85,0,1028,1249,10188,10473,0,50,26278.8,88605,20740.6,430173408.0,4.5,"8394,10159,12038,53,14255,4983,17542,37266,28360,52475,28978,88605,223,71337,10758,22416,50,28514,48671,32496,39006,13417,192,30154,24517,22794,31770,53366,31819,40077,9957",113,673.7,1277,485.6,235788.4,4.5,"113,113,113,113,113,113,113,113,113,113,113,1246,1056,1056,1246,800,1245,119,1245,800,800,1245,800,799,118,831,1245,1277,1043,1043,1257,1043","0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,1,0,0,0,0,0,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,1,0,0,0,0,0,0,0,0","0,1,0,1,1,0,1,0,1,1,0,1,0,0,1,0,1,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0","4.879871845,4.806567192,4.780356884,4.859664917,4.859664917,4.837792873,4.824266434,4.879871845,4.824266434,4.806567192,4.815755367,7.809407711,0.496801347,0.516033888,7.832608223,7.657176495,7.832114697,5.751297951,7.815535069,7.718434811,7.700232506,7.835743904,7.666582108,7.693008900,5.751585960,7.688401699,7.843828678,7.832822323,7.774564743,7.788288593,7.829477787,7.789775848",,,,,,,,""
+1,ip4,206.247.10.253,192.168.12.156,icmp,,,finished,32,0,1666892883560468,1666892913745701,1666892883560468,80,0,80,0,2560,0,0,12,973717.2,2030871,1005257.0,1010541658112.0,3.9,"41,2023261,44,2021544,37,2008437,21,2013453,36,1994813,23,2022454,40,1990669,67,2022201,30,2021984,58,1995365,12,2020200,29,2002242,3110,1996909,3099,2014147,17,2030871,19",100,100.0,100,0.0,0.0,5.0,"100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100","0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.350244999,5.278791904,5.243694782,5.287598610,5.377793789,5.326340675,5.377793789,5.318793297,5.397793770,5.262695789,5.298792839,5.370244980,5.291243553,5.322695732,5.318792820,5.350244999,5.318792820,5.377793789,5.278791904,5.330244541,5.317793369,5.286341190,5.271244049,5.322696686,5.377794266,5.326341152,5.318791866,5.357794285,5.377793789,5.326341152,5.397794247,5.346340656",ICMP,81,0,Acceptable,Network,6,DPI,""
+1,ip4,192.168.12.156,10.78.14.178,udp,42208,47312,info,32,0,1666892923321165,1666892923731059,1666892923321165,84,0,84,0,2688,0,0,149,13222.4,52278,15933.9,253890336.0,4.0,"206,27265,11246,7707,6831,1534,149,13289,6864,1707,40450,203,15506,643,33328,247,50821,420,5857,5665,52278,379,7223,2326,22718,234,30994,178,40889,183,22554",112,112.0,112,0.0,0.0,5.0,"112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112","0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.994051456,4.951597214,4.994051933,4.994051456,4.976194382,4.976194382,4.994051456,4.958336830,4.976194382,4.994051456,4.958336830,4.994051456,4.958336830,4.994051456,4.976194382,4.994051456,4.976194382,4.994051456,4.951597214,4.994051456,4.976194382,4.994051456,4.958336830,4.994051456,4.976194382,4.994051456,4.976194382,4.994051456,4.958336830,4.994051456,4.976194382,4.994051456",,,,,,,,""
+1,ip4,192.168.12.156,10.78.14.178,udp,49579,49586,info,32,0,1666892923611662,1666892924448503,1666892923611662,84,0,84,0,2688,0,0,338,26994.9,54779,14468.3,209331424.0,4.7,"23783,338,29801,1565,40495,506,22699,46435,8735,38102,43592,20546,19277,34040,24361,41537,21146,25008,31087,47211,23803,22874,54779,5988,45050,14923,26821,31551,48347,23766,18675",112,112.0,112,0.0,0.0,5.0,"112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112","0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.927000046,4.944857121,4.909142494,4.902402878,4.927000046,4.912628174,4.927000046,4.927000046,4.909142494,4.927000046,4.909142494,4.927000046,4.927000046,4.927000046,4.927000046,4.898025990,4.927000046,4.927000046,4.927000046,4.927000046,4.927000046,4.902402401,4.909142494,4.927000046,4.927000046,4.909142494,4.927000046,4.894771099,4.902402401,4.927000046,4.909142494,4.909142494",,,,,,,,""
diff --git a/test/results/flow-info/1kxun.pcap.out b/test/results/flow-info/1kxun.pcap.out
index c3fdbe611..7ca84c256 100644
--- a/test/results/flow-info/1kxun.pcap.out
+++ b/test/results/flow-info/1kxun.pcap.out
@@ -126,6 +126,10 @@
               new: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] 
          detected: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun][jp.kankan.1kxun.mobi]
          detected: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun][jp.kankan.1kxun.mobi]
+ detection-update: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun][jp.kankan.1kxun.mobi]
+                   RISK: HTTP Suspicious User-Agent
+ detection-update: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun][jp.kankan.1kxun.mobi]
+                   RISK: HTTP Suspicious User-Agent
           analyse: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
                                         min|      max|      avg|   stddev|       variance| entropy
                    [IAT.........:     0.000|    0.147|    0.015|    0.033|       1100.854|   2.600]
@@ -164,6 +168,8 @@
          detected: [....48] [ip4][..udp] [....192.168.5.9][58456] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable]
          detected: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] [HTTP][Unknown][Web][Acceptable][183.131.48.145]
                    RISK: HTTP Numeric IP Address
+ detection-update: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] [HTTP][Unknown][Web][Acceptable][183.131.48.145]
+                   RISK: HTTP Suspicious User-Agent, HTTP Numeric IP Address
               new: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] 
           analyse: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080] [HTTP][Unknown][Web][Acceptable]
                                         min|      max|      avg|   stddev|       variance| entropy
@@ -178,7 +184,7 @@
          detected: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] [HTTP][Unknown][Web][Acceptable][183.131.48.144]
                    RISK: HTTP Numeric IP Address
  detection-update: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] [HTTP][Unknown][Media][Acceptable][183.131.48.144]
-                   RISK: HTTP Numeric IP Address
+                   RISK: HTTP Suspicious User-Agent, HTTP Numeric IP Address
               new: [....50] [ip4][..udp] [.192.168.101.33][55485] -> [239.255.255.250][.1900] 
          detected: [....50] [ip4][..udp] [.192.168.101.33][55485] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
               new: [....51] [ip4][..udp] [....192.168.5.9][55484] -> [239.255.255.250][.1900] 
@@ -395,7 +401,7 @@
            update: [....53] [ip4][..udp] [...192.168.5.49][61548] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable]
            update: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable]
      DAEMON-EVENT: [Processed: 1439 pkts][ZLib][compressions: 0|diff: 0 / 0]
-     DAEMON-EVENT: [Flows][active: 129 / 129|skipped: 0|!detected: 0|guessed: 0|detection-updates: 11|updates: 38]
+     DAEMON-EVENT: [Flows][active: 129 / 129|skipped: 0|!detected: 0|guessed: 0|detection-updates: 14|updates: 38]
               new: [...130] [ip4][..tcp] [..192.168.2.126][60962] -> [..172.104.93.92][.1234] [MIDSTREAM] 
          detected: [...130] [ip4][..tcp] [..192.168.2.126][60962] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi]
                    RISK: Known Proto on Non Std Port
@@ -498,7 +504,9 @@
              idle: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable]
              idle: [....15] [ip4][..tcp] [..192.168.115.8][49597] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
              idle: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
+                   RISK: HTTP Suspicious User-Agent
              idle: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
+                   RISK: HTTP Suspicious User-Agent
              idle: [....25] [ip4][..tcp] [..192.168.115.8][49598] -> [.222.73.254.167][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
           guessed: [....17] [ip4][..tcp] [...192.168.5.16][53622] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe]
               end: [....17] [ip4][..tcp] [...192.168.5.16][53622] -> [.192.168.115.75][..443] 
@@ -545,9 +553,9 @@
           guessed: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] [TLS][Line][Web][Safe]
              idle: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] 
               end: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] [HTTP][Unknown][Web][Acceptable]
-                   RISK: HTTP Numeric IP Address
+                   RISK: HTTP Suspicious User-Agent, HTTP Numeric IP Address
              idle: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] [HTTP][Unknown][Media][Acceptable]
-                   RISK: HTTP Numeric IP Address
+                   RISK: HTTP Suspicious User-Agent, HTTP Numeric IP Address
              idle: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS.1kxun][Unknown][Network][Fun]
      not-detected: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] [Unknown][Unknown][Unrated]
              idle: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] 
diff --git a/test/results/flow-info/aimini-http.pcap.out b/test/results/flow-info/aimini-http.pcap.out
deleted file mode 100644
index 4be46dcb1..000000000
--- a/test/results/flow-info/aimini-http.pcap.out
+++ /dev/null
@@ -1,26 +0,0 @@
-     DAEMON-EVENT: init
-     DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
-     DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
-              new: [.....1] [ip4][..tcp] [.....10.101.0.2][28501] -> [.....10.102.0.2][...80] 
-         detected: [.....1] [ip4][..tcp] [.....10.101.0.2][28501] -> [.....10.102.0.2][...80] [HTTP.Aimini][Unknown][Download][Fun][www.aimini.net]
-              new: [.....2] [ip4][..tcp] [.....10.101.0.2][28502] -> [.....10.102.0.2][...80] 
-         detected: [.....2] [ip4][..tcp] [.....10.101.0.2][28502] -> [.....10.102.0.2][...80] [HTTP.Aimini][Unknown][Download][Fun][www.aimini.com]
-          analyse: [.....1] [ip4][..tcp] [.....10.101.0.2][28501] -> [.....10.102.0.2][...80] [HTTP.Aimini][Unknown][Download][Fun]
-                                        min|      max|      avg|   stddev|       variance| entropy
-                   [IAT.........:     0.000|    0.001|    0.000|    0.000|          0.129|   3.400]
-                   [PKTLEN......:    46.000| 1500.000|  824.400|  690.000|     476082.300|   4.400]
-                   [BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
-                   [BINS(s->c)..: 2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]
-                   [DIRECTIONS..: 0,0,1,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,0,1,1,0,1,1,0,1,1,0,0,0,0,0]
-                   [IATS(ms)....: 0.5,1.1,0.4,1.0,0.0,0.7,0.1,0.9,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.2,0.0,0.3,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.1,0.2,0.0,0.1,1.1,0.0]
-                   [PKTLENS.....: 48,48,48,48,46,635,46,635,1500,1500,1500,1500,1500,1500,1500,276,1500,1500,46,1500,1500,46,1500,1500,46,1500,276,46,46,46,1500,1500]
-                   [ENTROPIES...: 3.9,4.1,4.3,4.5,3.8,6.0,4.0,6.0,7.7,7.9,7.7,7.9,7.8,7.8,7.9,7.0,7.7,7.9,3.8,7.7,7.9,3.8,7.8,7.8,3.8,7.9,7.0,4.0,4.0,4.0,5.8,4.5]
-              new: [.....3] [ip4][..tcp] [.....10.101.0.2][28503] -> [.....10.102.0.2][...80] 
-         detected: [.....3] [ip4][..tcp] [.....10.101.0.2][28503] -> [.....10.102.0.2][...80] [HTTP.Aimini][Unknown][Download][Fun][www.aimini.net]
-              new: [.....4] [ip4][..tcp] [.....10.101.0.2][28504] -> [.....10.102.0.2][...80] 
-         detected: [.....4] [ip4][..tcp] [.....10.101.0.2][28504] -> [.....10.102.0.2][...80] [HTTP.Aimini][Unknown][Download][Fun][www.aimini.com]
-              end: [.....1] [ip4][..tcp] [.....10.101.0.2][28501] -> [.....10.102.0.2][...80] [HTTP.Aimini][Unknown][Download][Fun]
-              end: [.....2] [ip4][..tcp] [.....10.101.0.2][28502] -> [.....10.102.0.2][...80] [HTTP.Aimini][Unknown][Download][Fun]
-              end: [.....3] [ip4][..tcp] [.....10.101.0.2][28503] -> [.....10.102.0.2][...80] [HTTP.Aimini][Unknown][Download][Fun]
-              end: [.....4] [ip4][..tcp] [.....10.101.0.2][28504] -> [.....10.102.0.2][...80] [HTTP.Aimini][Unknown][Download][Fun]
-     DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/alexa-app.pcapng.out b/test/results/flow-info/alexa-app.pcapng.out
index c466f9313..753decbd9 100644
--- a/test/results/flow-info/alexa-app.pcapng.out
+++ b/test/results/flow-info/alexa-app.pcapng.out
@@ -872,17 +872,6 @@
                    RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
  detection-update: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][]
                    RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
-          analyse: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] 
-                                        min|      max|      avg|   stddev|       variance| entropy
-                   [IAT.........:     0.000|    0.262|    0.033|    0.059|       3460.134|   3.500]
-                   [PKTLEN......:    52.000| 1500.000|  617.000|  624.900|     390532.600|   4.200]
-                   [BINS(c->s)..: 10,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0]
-                   [BINS(s->c)..: 2,3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]
-                   [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,1,1,1,0,0,0,0,1,1,0,0,1,0,1,1]
-                   [IATS(ms)....: 16.7,17.9,1.6,27.3,5.3,0.5,0.5,0.3,32.5,0.3,12.9,0.3,0.1,39.0,52.8,61.9,0.5,0.3,0.1,35.1,0.7,5.1,216.8,261.8,0.2,39.4,7.5,74.2,66.6,42.1,0.4]
-                   [PKTLENS.....: 60,60,52,271,52,1500,1500,1500,750,52,52,52,52,178,310,1329,1500,1500,756,86,52,52,1294,1294,848,86,52,1305,86,64,1500,1500]
-                   [ENTROPIES...: 4.7,5.2,5.0,5.7,5.0,7.1,7.3,7.5,7.6,5.1,5.1,5.1,5.0,6.3,7.2,7.8,7.9,7.9,7.7,5.8,4.9,4.9,7.8,7.8,7.7,5.8,4.9,7.8,5.8,4.9,7.9,7.9]
- detection-update: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][images-na.ssl-images-amazon.com]
           analyse: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
                                         min|      max|      avg|   stddev|       variance| entropy
                    [IAT.........:     0.000|    0.241|    0.031|    0.057|       3274.655|   3.400]
@@ -978,7 +967,7 @@
              idle: [.....4] [ip4][..udp] [....172.16.42.1][...67] -> [..172.16.42.216][...68] [DHCP][Unknown][Network][Acceptable]
              idle: [...103] [ip4][..udp] [..172.16.42.216][14476] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable]
              idle: [...153] [ip4][..tcp] [..172.16.42.216][41912] -> [...52.84.62.115][..443] 
-             idle: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
+             idle: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] 
              idle: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
              idle: [...138] [ip4][..udp] [..172.16.42.216][.4312] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable]
              idle: [....12] [ip4][..udp] [..172.16.42.216][10462] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable]
diff --git a/test/results/flow-info/anydesk.pcapng.out b/test/results/flow-info/anydesk.pcapng.out
index 078a6d93f..f50c23da8 100644
--- a/test/results/flow-info/anydesk.pcapng.out
+++ b/test/results/flow-info/anydesk.pcapng.out
@@ -23,7 +23,7 @@
                    [ENTROPIES...: 4.8,4.9,4.8,5.4,4.4,7.5,4.8,7.8,4.8,4.6,4.7,7.6,4.4,5.8,4.8,5.8,4.8,6.7,4.4,6.8,4.8,6.3,4.4,6.4,7.9,7.9,7.8,4.4,4.4,4.4,7.9,7.8]
  detection-update: [.....2] [ip4][..tcp] [192.168.149.129][43535] -> [..51.83.238.219][...80] [TLS.AnyDesk][AnyDesk][RemoteAccess][Acceptable][]
                    RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Desktop/File Sharing
-     DAEMON-EVENT: [Processed: 6963 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Processed: 61 pkts][ZLib][compressions: 0|diff: 0 / 0]
      DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 3|updates: 0]
               new: [.....3] [ip4][..udp] [..192.168.1.187][59511] -> [....192.168.1.1][...53] 
          detected: [.....3] [ip4][..udp] [..192.168.1.187][59511] -> [....192.168.1.1][...53] [DNS.AnyDesk][Unknown][Network][Acceptable][relay-3185a847.net.anydesk.com]
@@ -55,7 +55,7 @@
                    [IATS(ms)....: 0.5,0.5,0.3,0.4,0.3,10.5,0.0,10.9,39.6,40.3,8.7,0.0,9.5,516.9,517.5,1.6,27.8,26.2,2.4,56.3,902.9,957.3,0.0,0.0,1754.2,1753.7,16.4,71.2,2966.8,3021.8,4.0]
                    [PKTLENS.....: 52,52,40,285,46,46,1500,183,40,1326,46,954,80,40,87,46,75,74,46,74,40,3966,46,46,46,79,46,141,40,99,46,116]
                    [ENTROPIES...: 4.5,4.7,4.7,5.4,4.2,4.3,7.7,6.2,4.7,7.7,4.3,7.8,5.6,4.6,5.7,4.2,5.5,5.6,4.3,5.6,4.7,8.0,4.2,4.3,4.2,5.7,4.3,6.5,4.6,6.0,4.3,6.2]
-     DAEMON-EVENT: [Processed: 9484 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Processed: 2582 pkts][ZLib][compressions: 0|diff: 0 / 0]
      DAEMON-EVENT: [Flows][active: 4 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 7|updates: 0]
               new: [.....7] [ip4][..tcp] [..192.168.1.128][48260] -> [195.181.174.176][..443] 
          detected: [.....7] [ip4][..tcp] [..192.168.1.128][48260] -> [195.181.174.176][..443] [TLS.AnyDesk][Unknown][RemoteAccess][Acceptable][]
diff --git a/test/results/flow-info/dtls_certificate_fragments.pcap.out b/test/results/flow-info/dtls_certificate_fragments.pcap.out
index 3a3e515d5..5e931b30f 100644
--- a/test/results/flow-info/dtls_certificate_fragments.pcap.out
+++ b/test/results/flow-info/dtls_certificate_fragments.pcap.out
@@ -6,6 +6,19 @@
                    RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
  detection-update: [.....1] [ip4][..udp] [.10.186.198.149][39347] -> [..35.210.59.134][44443] [DTLS][GoogleCloud][Web][Safe]
                    RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
+ detection-update: [.....1] [ip4][..udp] [.10.186.198.149][39347] -> [..35.210.59.134][44443] [DTLS][GoogleCloud][Web][Safe]
+                   RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
+     DAEMON-EVENT: [Processed: 20 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 0]
+              new: [.....2] [ip4][..udp] [...192.168.1.26][43594] -> [.104.153.87.149][50001] 
+         detected: [.....2] [ip4][..udp] [...192.168.1.26][43594] -> [.104.153.87.149][50001] [DTLS][Discord][Web][Safe]
+                   RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
+ detection-update: [.....2] [ip4][..udp] [...192.168.1.26][43594] -> [.104.153.87.149][50001] [DTLS][Discord][Web][Safe]
+                   RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
+ detection-update: [.....2] [ip4][..udp] [...192.168.1.26][43594] -> [.104.153.87.149][50001] [DTLS.Discord][Discord][Collaborative][Fun]
+                   RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
              idle: [.....1] [ip4][..udp] [.10.186.198.149][39347] -> [..35.210.59.134][44443] [DTLS][GoogleCloud][Web][Safe]
                    RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
+             idle: [.....2] [ip4][..udp] [...192.168.1.26][43594] -> [.104.153.87.149][50001] [DTLS.Discord][Discord][Collaborative][Fun]
+                   RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
      DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/fuzz-2006-09-29-28586.pcap.out b/test/results/flow-info/fuzz-2006-09-29-28586.pcap.out
index 702ef1e70..704a36035 100644
--- a/test/results/flow-info/fuzz-2006-09-29-28586.pcap.out
+++ b/test/results/flow-info/fuzz-2006-09-29-28586.pcap.out
@@ -12,6 +12,7 @@
               new: [.....5] [ip4][..tcp] [....172.20.3.13][53132] -> [.....172.20.3.5][...80] 
               new: [.....6] [ip4][..tcp] [.....172.20.3.1][...80] -> [....172.20.3.13][53132] [MIDSTREAM] 
          detected: [.....6] [ip4][..tcp] [.....172.20.3.1][...80] -> [....172.20.3.13][53132] [HTTP][Unknown][Web][Acceptable][]
+                   RISK: HTTP Suspicious User-Agent
               new: [.....7] [ip4][..tcp] [.....172.20.3.5][...80] -> [....172.57.3.13][53132] [MIDSTREAM] 
               new: [.....8] [ip4][..tcp] [......172.6.3.5][...80] -> [....172.20.3.13][53132] [MIDSTREAM] 
               new: [.....9] [ip4][..tcp] [.....172.20.3.5][.2602] -> [....172.21.3.13][...80] 
@@ -20,6 +21,8 @@
               new: [....11] [ip4][..tcp] [.....172.20.3.5][.2602] -> [....172.20.3.13][...80] [MIDSTREAM] 
          detected: [....11] [ip4][..tcp] [.....172.20.3.5][.2602] -> [....172.20.3.13][...80] [HTTP][Unknown][Web][Acceptable][172.20.3.13]
                    RISK: HTTP Numeric IP Address
+ detection-update: [....11] [ip4][..tcp] [.....172.20.3.5][.2602] -> [....172.20.3.13][...80] [HTTP][Unknown][Web][Acceptable][172.20.3.13]
+                   RISK: HTTP Suspicious User-Agent, HTTP Numeric IP Address
               new: [....12] [ip4][..tcp] [....172.20.3.88][...80] -> [....172.20.3.82][.2601] [MIDSTREAM] 
               new: [....13] [ip4][..tcp] [.....172.20.3.5][.2603] -> [....172.20.3.13][...80] 
               new: [....14] [ip4][..tcp] [.....172.20.3.5][.2603] -> [....172.20.3.77][...80] [MIDSTREAM] 
@@ -38,6 +41,7 @@
               new: [....22] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.76.5][65069] [MIDSTREAM] 
               new: [....23] [ip4][..tcp] [....172.20.3.13][...80] -> [......44.20.3.5][.2605] [MIDSTREAM] 
          detected: [....23] [ip4][..tcp] [....172.20.3.13][...80] -> [......44.20.3.5][.2605] [HTTP][Unknown][Web][Acceptable][]
+                   RISK: HTTP Suspicious User-Agent
       ERROR-EVENT: Unknown L3 protocol [2/16]
               new: [....24] [ip4][..tcp] [170.170.170.170][43690] -> [170.170.170.170][43690] 
               new: [....25] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2639] [MIDSTREAM] 
@@ -48,6 +52,7 @@
       ERROR-EVENT: Unknown L3 protocol [1/16]
               new: [....28] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.72.5][.2606] [MIDSTREAM] 
          detected: [....28] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.72.5][.2606] [HTTP][Unknown][Web][Acceptable][]
+                   RISK: HTTP Suspicious User-Agent
  detection-update: [....27] [ip4][..tcp] [.....172.20.3.5][.2606] -> [....172.20.3.13][...80] [HTTP][Unknown][Web][Acceptable][172.20.3.13]
                    RISK: HTTP Numeric IP Address
               new: [....29] [ip4][..tcp] [.....172.20.3.5][.2607] -> [....172.20.3.13][...80] 
@@ -55,10 +60,11 @@
          detected: [....30] [ip4][..tcp] [.....172.20.3.5][.9587] -> [....172.20.3.13][...80] [HTTP][Unknown][Web][Acceptable][]
               new: [....31] [ip4][..tcp] [....172.20.2.13][...80] -> [.....172.20.3.5][.2607] [MIDSTREAM] 
          detected: [....31] [ip4][..tcp] [....172.20.2.13][...80] -> [.....172.20.3.5][.2607] [HTTP][Unknown][Web][Acceptable][]
+                   RISK: HTTP Suspicious User-Agent
               new: [....32] [ip4][..tcp] [....172.20.3.13][53193] -> [.....172.20.3.5][...80] 
               new: [....33] [ip4][..tcp] [.....172.20.3.5][...80] -> [...172.20.35.13][53136] 
               new: [....34] [ip4][..tcp] [....172.20.3.13][53136] -> [.....172.20.3.5][...80] [MIDSTREAM] 
-         detected: [....34] [ip4][..tcp] [....172.20.3.13][53136] -> [.....172.20.3.5][...80] [HTTP][Unknown][Web][Acceptable][]
+         detected: [....34] [ip4][..tcp] [....172.20.3.13][53136] -> [.....172.20.3.5][...80] [HTTP][Unknown][Web][Acceptable][172.20.3.5]
               new: [....35] [ip4][..tcp] [....172.20.3.13][53136] -> [.....172.70.3.5][...80] [MIDSTREAM] 
               new: [....36] [ip4][..tcp] [...172.20.67.13][53136] -> [.....172.20.3.5][...80] [MIDSTREAM] 
       ERROR-EVENT: Unknown packet type [2/16]
@@ -99,7 +105,7 @@
              idle: [....12] [ip4][..tcp] [....172.20.3.88][...80] -> [....172.20.3.82][.2601] 
               end: [.....2] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2601] 
               end: [....11] [ip4][..tcp] [.....172.20.3.5][.2602] -> [....172.20.3.13][...80] [HTTP][Unknown][Web][Acceptable]
-                   RISK: HTTP Numeric IP Address
+                   RISK: HTTP Suspicious User-Agent, HTTP Numeric IP Address
      not-detected: [.....3] [ip4][..tcp] [....172.20.3.13][...81] -> [.....172.20.3.5][.2601] [Unknown][Unknown][Unrated]
              idle: [.....3] [ip4][..tcp] [....172.20.3.13][...81] -> [.....172.20.3.5][.2601] 
           guessed: [....16] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.82.5][.2603] [HTTP][Unknown][Web][Acceptable][]
diff --git a/test/results/flow-info/http_ipv6.pcap.out b/test/results/flow-info/http_ipv6.pcap.out
index 3754348f1..37877e722 100644
--- a/test/results/flow-info/http_ipv6.pcap.out
+++ b/test/results/flow-info/http_ipv6.pcap.out
@@ -66,7 +66,7 @@
              idle: [.....1] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40526] -> [...............2a00:1450:4006:804::200e][..443] 
           guessed: [....10] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40308] -> [....2a03:2880:1010:3f20:face:b00c::25de][..443] [TLS][Unknown][Web][Safe]
              idle: [....10] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40308] -> [....2a03:2880:1010:3f20:face:b00c::25de][..443] 
-     not-detected: [.....5] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][55145] -> [.................2a00:1450:400b:c02::5f][..443] [Unknown][Unknown][Unrated]
+          guessed: [.....5] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][55145] -> [.................2a00:1450:400b:c02::5f][..443] [QUIC][Unknown][Web][Acceptable]
              idle: [.....5] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][55145] -> [.................2a00:1450:400b:c02::5f][..443] 
           guessed: [....11] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][33062] -> [.................2a00:1450:400b:c02::9a][..443] [TLS][Unknown][Web][Safe]
              idle: [....11] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][33062] -> [.................2a00:1450:400b:c02::9a][..443] 
diff --git a/test/results/flow-info/line.pcap.out b/test/results/flow-info/line.pcap.out
index ff88b77b6..7cf312f03 100644
--- a/test/results/flow-info/line.pcap.out
+++ b/test/results/flow-info/line.pcap.out
@@ -60,7 +60,6 @@
               new: [.....5] [ip4][..udp] [...10.200.3.125][51170] -> [..147.92.169.90][29070] 
          detected: [.....5] [ip4][..udp] [...10.200.3.125][51170] -> [..147.92.169.90][29070] [LineCall][Line][VoIP][Acceptable]
            update: [.....4] [ip4][..udp] [...10.200.3.125][51161] -> [..147.92.169.90][29070] [LineCall][Line][VoIP][Acceptable]
-           update: [.....5] [ip4][..udp] [...10.200.3.125][51170] -> [..147.92.169.90][29070] [LineCall][Line][VoIP][Acceptable]
              idle: [.....2] [ip4][..tcp] [...10.200.3.125][57841] -> [.147.92.165.194][..443] [TLS][Line][Web][Safe]
               end: [.....3] [ip4][..tcp] [...10.200.3.125][58160] -> [.147.92.242.232][..443] [TLS.Line][Line][Chat][Acceptable]
                    RISK: TLS (probably) Not Carrying HTTPS
diff --git a/test/results/flow-info/lru_ipv6_caches.pcapng.out b/test/results/flow-info/lru_ipv6_caches.pcapng.out
new file mode 100644
index 000000000..03109709f
--- /dev/null
+++ b/test/results/flow-info/lru_ipv6_caches.pcapng.out
@@ -0,0 +1,44 @@
+     DAEMON-EVENT: init
+     DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+              new: [.....1] [ip6][..udp] [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] -> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080][45658] 
+         detected: [.....1] [ip6][..udp] [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] -> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080][45658] [STUN][Unknown][Network][Acceptable][]
+              new: [.....2] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27][60506] 
+              new: [.....3] [ip6][..udp] [.2a2f:8509:1cb2:466d:ecbf:69d6:109c:608][62229] -> [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] 
+              new: [.....4] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c][.6881] 
+         detected: [.....4] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c][.6881] [BitTorrent][Unknown][Download][Acceptable]
+                   RISK: Known Proto on Non Std Port
+              new: [.....5] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83][....1] 
+              new: [.....6] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [.38b2:46b7:27a4:94c3:c134:948:e069:d71f][....1] 
+              new: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] 
+         detected: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+              new: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] 
+         detected: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] [TLS][Unknown][Web][Safe][]
+ detection-update: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] [TLS.Cloudflare][Unknown][Web][Acceptable][]
+              new: [.....9] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44150] 
+         detected: [.....9] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44150] [TLS.Cloudflare][Unknown][Web][Acceptable][]
+ detection-update: [.....9] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44150] [TLS.Cloudflare][Unknown][Web][Acceptable][]
+              new: [....10] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44192] 
+         detected: [....10] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44192] [TLS.Cloudflare][Unknown][Web][Acceptable][]
+ detection-update: [....10] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44192] [TLS.Cloudflare][Unknown][Web][Acceptable][]
+              new: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] 
+         detected: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+              new: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] 
+         detected: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+             idle: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] 
+             idle: [.....9] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44150] 
+             idle: [....10] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44192] 
+     not-detected: [.....5] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83][....1] [Unknown][Unknown][Unrated]
+             idle: [.....5] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83][....1] 
+     not-detected: [.....2] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27][60506] [Unknown][Unknown][Unrated]
+             idle: [.....2] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27][60506] 
+             idle: [.....4] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c][.6881] 
+     not-detected: [.....6] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [.38b2:46b7:27a4:94c3:c134:948:e069:d71f][....1] [Unknown][Unknown][Unrated]
+             idle: [.....6] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [.38b2:46b7:27a4:94c3:c134:948:e069:d71f][....1] 
+             idle: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+             idle: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+             idle: [.....1] [ip6][..udp] [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] -> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080][45658] [STUN][Unknown][Network][Acceptable]
+             idle: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+     not-detected: [.....3] [ip6][..udp] [.2a2f:8509:1cb2:466d:ecbf:69d6:109c:608][62229] -> [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] [Unknown][Unknown][Unrated]
+             idle: [.....3] [ip6][..udp] [.2a2f:8509:1cb2:466d:ecbf:69d6:109c:608][62229] -> [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] 
+     DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/mpeg-dash.pcap.out b/test/results/flow-info/mpeg-dash.pcap.out
index d4ec6dc1e..e08564235 100644
--- a/test/results/flow-info/mpeg-dash.pcap.out
+++ b/test/results/flow-info/mpeg-dash.pcap.out
@@ -10,7 +10,9 @@
          detected: [.....2] [ip4][..tcp] [..192.168.2.105][59142] -> [..54.161.101.85][...80] [HTTP.MpegDash][AmazonAWS][Media][Fun][livesim.dashif.org]
               new: [.....3] [ip4][..tcp] [..54.161.101.85][...80] -> [..192.168.2.105][59144] [MIDSTREAM] 
          detected: [.....3] [ip4][..tcp] [..54.161.101.85][...80] -> [..192.168.2.105][59144] [HTTP.MpegDash][AmazonAWS][Media][Fun][]
+                   RISK: HTTP Suspicious User-Agent
  detection-update: [.....3] [ip4][..tcp] [..54.161.101.85][...80] -> [..192.168.2.105][59144] [HTTP.MpegDash][AmazonAWS][Media][Fun][]
+                   RISK: HTTP Suspicious User-Agent
               new: [.....4] [ip4][..tcp] [..192.168.2.105][59146] -> [..54.161.101.85][...80] [MIDSTREAM] 
          detected: [.....4] [ip4][..tcp] [..192.168.2.105][59146] -> [..54.161.101.85][...80] [HTTP.MpegDash][AmazonAWS][Media][Fun][livesim.dashif.org]
              idle: [.....2] [ip4][..tcp] [..192.168.2.105][59142] -> [..54.161.101.85][...80] 
diff --git a/test/results/flow-info/netflix.pcap.out b/test/results/flow-info/netflix.pcap.out
index 5fd4463ba..f4e81f69a 100644
--- a/test/results/flow-info/netflix.pcap.out
+++ b/test/results/flow-info/netflix.pcap.out
@@ -107,16 +107,6 @@
          detected: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Unknown][Video][Fun][art-s.nflximg.net]
  detection-update: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Unknown][Video][Fun][art-s.nflximg.net]
  detection-update: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Unknown][Video][Fun][art-s.nflximg.net]
-          analyse: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Unknown][Video][Fun]
-                                        min|      max|      avg|   stddev|       variance| entropy
-                   [IAT.........:     0.000|    0.040|    0.008|    0.010|        109.761|   3.900]
-                   [PKTLEN......:    52.000| 1500.000|  255.300|  414.200|     171525.600|   3.900]
-                   [BINS(c->s)..: 8,5,6,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-                   [BINS(s->c)..: 3,2,1,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
-                   [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0]
-                   [IATS(ms)....: 11.4,14.4,1.7,21.1,2.9,0.3,24.0,10.4,7.4,16.9,0.4,0.8,30.8,4.7,18.1,26.0,0.2,0.3,0.1,0.2,0.1,0.4,4.5,0.2,40.2,7.1,5.4,4.2,0.5,0.4,2.0]
-                   [PKTLENS.....: 64,60,52,279,52,1500,1500,52,570,52,127,58,97,52,103,52,105,102,94,200,141,141,141,141,140,120,52,90,90,392,1500,52]
-                   [ENTROPIES...: 4.6,5.3,5.2,5.7,5.3,7.1,7.3,5.2,7.6,5.2,6.3,5.1,6.0,5.3,5.9,5.2,6.1,6.0,6.0,6.9,6.4,6.4,6.5,6.6,6.6,6.4,5.2,6.0,6.0,7.5,7.9,5.3]
           analyse: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] 
                                         min|      max|      avg|   stddev|       variance| entropy
                    [IAT.........:     0.000|    7.508|    0.502|    1.826|    3335198.867|   1.400]
@@ -232,16 +222,6 @@
                    [IATS(ms)....: 30.8,32.5,5.5,44.3,2.2,41.1,2.9,12.8,15.6,14.9,15.0,12.8,12.7,26.4,12.8,11.9,13.3,17.2,31.0,13.3,13.6,25.6,14.3,13.9,26.7,13.8,13.3,27.2,13.3,13.3,27.2]
                    [PKTLENS.....: 64,60,52,406,571,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500]
                    [ENTROPIES...: 4.5,5.3,5.1,6.4,5.8,3.6,5.2,2.5,2.6,5.2,2.6,5.0,2.6,2.6,5.2,2.5,5.0,2.6,2.6,5.2,2.5,5.1,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.9,3.5]
-          analyse: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] [HTTP.NetFlix][Unknown][Video][Fun]
-                                        min|      max|      avg|   stddev|       variance| entropy
-                   [IAT.........:     0.003|    4.094|    0.319|    0.812|     659111.739|   2.800]
-                   [PKTLEN......:    52.000| 1500.000|  611.100|  689.400|     475329.800|   4.000]
-                   [BINS(c->s)..: 17,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-                   [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0]
-                   [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1]
-                   [IATS(ms)....: 24.9,27.7,3.0,28.5,27.9,27.8,80.3,56.8,57.0,49.3,90.4,82.5,40.9,66.5,53.9,192.1,80.5,134.7,711.3,23.0,31.3,47.8,1645.4,40.4,54.8,160.8,1864.4,25.7,40.5,28.5,4093.6]
-                   [PKTLENS.....: 64,60,52,268,52,1500,1500,52,1500,52,1500,64,1500,1500,1500,1500,1500,1500,1500,80,80,80,80,80,80,80,80,72,64,64,52,1500]
-                   [ENTROPIES...: 4.6,5.3,5.1,5.9,5.3,5.3,5.0,5.3,6.9,5.1,7.9,5.2,7.7,7.8,7.9,7.8,7.8,7.8,7.9,5.3,5.3,5.3,5.3,5.4,5.4,5.4,5.4,5.2,5.2,5.2,5.2,7.8]
               new: [....33] [ip4][..tcp] [....192.168.1.7][53172] -> [..23.246.11.133][...80] 
               new: [....34] [ip4][..tcp] [....192.168.1.7][53173] -> [..23.246.11.133][...80] 
               new: [....35] [ip4][..tcp] [....192.168.1.7][53174] -> [..23.246.11.141][...80] 
@@ -492,39 +472,18 @@
               new: [....50] [ip4][..tcp] [....192.168.1.7][53210] -> [..23.246.11.133][...80] 
          detected: [....50] [ip4][..tcp] [....192.168.1.7][53210] -> [..23.246.11.133][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.133]
                    RISK: HTTP Numeric IP Address
-          analyse: [....50] [ip4][..tcp] [....192.168.1.7][53210] -> [..23.246.11.133][...80] [HTTP][NetFlix][Web][Acceptable]
-                                        min|      max|      avg|   stddev|       variance| entropy
-                   [IAT.........:     0.004|    0.530|    0.111|    0.160|      25664.158|   3.900]
-                   [PKTLEN......:    52.000| 1500.000|  772.900|  666.800|     444580.800|   4.300]
-                   [BINS(c->s)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-                   [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]
-                   [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,1,1,1,0,1,0,1,0,1,1,0,1,0]
-                   [IATS(ms)....: 18.4,19.9,3.7,28.9,18.1,45.8,41.6,39.6,18.5,45.3,5.4,31.7,29.4,29.5,41.1,41.1,82.2,87.7,42.1,64.3,51.5,299.9,159.8,515.7,436.0,526.6,530.0,40.0,69.9,40.4,40.4]
-                   [PKTLENS.....: 64,60,52,561,620,1500,52,621,52,567,629,1500,52,1500,52,1500,1500,52,1500,1500,1500,1500,80,1500,64,1500,52,1500,1500,52,1500,52]
-                   [ENTROPIES...: 4.5,5.3,5.2,6.3,5.8,4.5,5.2,4.2,5.2,6.2,5.8,3.4,5.2,7.0,5.1,6.3,3.9,5.1,7.9,7.8,7.8,7.9,5.4,7.9,5.2,7.9,5.2,7.9,7.9,5.2,7.8,5.1]
            update: [....10] [ip4][..udp] [....192.168.1.7][53776] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable]
            update: [.....2] [ip4][..udp] [....192.168.1.7][51543] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun]
+           update: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun]
            update: [....13] [ip4][..udp] [....192.168.1.7][51949] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun]
            update: [.....3] [ip4][..udp] [....192.168.1.7][52116] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun]
-           update: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun]
-           update: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun]
               new: [....51] [ip4][..tcp] [....192.168.1.7][53217] -> [..23.246.11.141][...80] 
          detected: [....51] [ip4][..tcp] [....192.168.1.7][53217] -> [..23.246.11.141][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.141]
                    RISK: HTTP Numeric IP Address
-          analyse: [....51] [ip4][..tcp] [....192.168.1.7][53217] -> [..23.246.11.141][...80] [HTTP][NetFlix][Web][Acceptable]
-                                        min|      max|      avg|   stddev|       variance| entropy
-                   [IAT.........:     0.000|    0.286|    0.030|    0.050|       2491.019|   4.000]
-                   [PKTLEN......:    52.000| 1500.000|  819.000|  665.800|     443241.700|   4.400]
-                   [BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-                   [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0]
-                   [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,1,1,1,1,0]
-                   [IATS(ms)....: 13.0,14.8,4.0,30.3,0.8,3.7,30.3,0.2,16.5,35.6,2.0,21.5,3.2,3.3,13.3,13.3,26.5,13.3,13.5,13.8,42.7,56.4,14.7,15.2,71.0,25.5,25.5,25.5,51.6,55.2,286.1]
-                   [PKTLENS.....: 64,60,52,561,620,1500,663,52,52,570,629,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,1500,1500,1500,1500,72]
-                   [ENTROPIES...: 4.5,5.3,5.2,6.3,5.8,4.4,4.2,5.0,5.1,6.2,5.8,4.3,5.1,7.1,5.0,7.9,7.9,5.2,7.9,5.0,7.9,7.9,5.2,7.9,5.0,7.9,7.9,7.9,7.9,7.9,7.9,5.4]
+           update: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun]
            update: [....26] [ip4][..udp] [....192.168.1.7][51728] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
            update: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun]
            update: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun]
-           update: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun]
               new: [....52] [ip4][..udp] [....192.168.1.7][51622] -> [....192.168.1.1][...53] 
          detected: [....52] [ip4][..udp] [....192.168.1.7][51622] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ios.nccp.netflix.com]
  detection-update: [....52] [ip4][..udp] [....192.168.1.7][51622] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ios.nccp.netflix.com]
@@ -608,7 +567,7 @@
                    [IATS(ms)....: 15.4,16.8,2.1,27.2,1.0,1.1,27.3,38.1,39.4,39.9,44.7,83.4,40.7,236.7,277.7,1389.8,1416.3,0.3,12.8,48.7,0.2,12.8,12.8,15.9,13.8,16.3,12.8,12.7,23.2,13.3,13.2]
                    [PKTLENS.....: 64,60,52,297,52,1500,1500,52,1500,52,1500,1500,52,1500,719,52,297,1500,1500,1500,52,52,1500,1500,52,1500,52,1500,1500,52,1500,52]
                    [ENTROPIES...: 4.5,5.2,5.1,5.9,5.3,7.3,7.8,5.2,7.8,5.0,7.8,7.8,5.1,7.8,7.7,5.2,5.8,6.9,7.5,7.8,5.1,5.0,7.8,7.8,5.0,7.9,4.9,7.8,7.8,5.1,7.8,5.1]
-              end: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Unknown][Video][Fun]
+             idle: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Unknown][Video][Fun]
              idle: [....12] [ip4][....2] [....192.168.1.7] -> [239.255.255.250] [IGMP][Unknown][Network][Acceptable]
              idle: [....59] [ip4][..udp] [....192.168.1.7][57093] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
              idle: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun]
@@ -630,7 +589,7 @@
               end: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80] [HTTP.NetFlix][Unknown][Video][Fun]
               end: [....21] [ip4][..tcp] [....192.168.1.7][53149] -> [..184.25.204.25][...80] [HTTP.NetFlix][Unknown][Video][Fun]
               end: [....22] [ip4][..tcp] [....192.168.1.7][53150] -> [..184.25.204.25][...80] [HTTP.NetFlix][Unknown][Video][Fun]
-              end: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] [HTTP.NetFlix][Unknown][Video][Fun]
+             idle: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] [HTTP.NetFlix][Unknown][Video][Fun]
                    RISK: HTTP Suspicious Content
               end: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] 
              idle: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] 
@@ -684,13 +643,13 @@
                    RISK: HTTP Numeric IP Address
               end: [....43] [ip4][..tcp] [....192.168.1.7][53182] -> [..23.246.11.141][...80] [HTTP][NetFlix][Web][Acceptable]
                    RISK: HTTP Numeric IP Address
-              end: [....44] [ip4][..tcp] [....192.168.1.7][53183] -> [...23.246.3.140][...80] [HTTP][NetFlix][Web][Acceptable]
+             idle: [....44] [ip4][..tcp] [....192.168.1.7][53183] -> [...23.246.3.140][...80] [HTTP][NetFlix][Web][Acceptable]
                    RISK: HTTP Numeric IP Address
               end: [....45] [ip4][..tcp] [....192.168.1.7][53184] -> [..23.246.11.141][...80] [HTTP][NetFlix][Web][Acceptable]
                    RISK: HTTP Numeric IP Address
-              end: [....50] [ip4][..tcp] [....192.168.1.7][53210] -> [..23.246.11.133][...80] [HTTP][NetFlix][Web][Acceptable]
+             idle: [....50] [ip4][..tcp] [....192.168.1.7][53210] -> [..23.246.11.133][...80] [HTTP][NetFlix][Web][Acceptable]
                    RISK: HTTP Numeric IP Address
-              end: [....51] [ip4][..tcp] [....192.168.1.7][53217] -> [..23.246.11.141][...80] [HTTP][NetFlix][Web][Acceptable]
+             idle: [....51] [ip4][..tcp] [....192.168.1.7][53217] -> [..23.246.11.141][...80] [HTTP][NetFlix][Web][Acceptable]
                    RISK: HTTP Numeric IP Address
               end: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
               end: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
diff --git a/test/results/flow-info/ookla.pcap.out b/test/results/flow-info/ookla.pcap.out
index 406a1a48b..5cd9597a3 100644
--- a/test/results/flow-info/ookla.pcap.out
+++ b/test/results/flow-info/ookla.pcap.out
@@ -3,6 +3,8 @@
      DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
               new: [.....1] [ip4][..tcp] [....192.168.1.7][51207] -> [..46.44.253.187][...80] 
          detected: [.....1] [ip4][..tcp] [....192.168.1.7][51207] -> [..46.44.253.187][...80] [HTTP.Ookla][Unknown][Network][Safe][]
+ detection-update: [.....1] [ip4][..tcp] [....192.168.1.7][51207] -> [..46.44.253.187][...80] [HTTP.Ookla][Unknown][Network][Safe][]
+                   RISK: HTTP Suspicious User-Agent
               new: [.....2] [ip4][..tcp] [....192.168.1.7][51215] -> [..46.44.253.187][.8080] 
          detected: [.....2] [ip4][..tcp] [....192.168.1.7][51215] -> [..46.44.253.187][.8080] [Ookla][Unknown][Network][Safe]
           analyse: [.....2] [ip4][..tcp] [....192.168.1.7][51215] -> [..46.44.253.187][.8080] [Ookla][Unknown][Network][Safe]
@@ -17,4 +19,5 @@
                    [ENTROPIES...: 4.5,5.3,5.1,5.2,5.2,5.5,5.1,5.4,5.5,5.0,5.4,5.5,5.1,5.5,5.5,5.1,5.4,5.6,5.1,5.4,5.6,5.1,5.5,5.5,5.0,5.5,5.6,5.1,5.5,5.5,5.0,5.4]
               end: [.....2] [ip4][..tcp] [....192.168.1.7][51215] -> [..46.44.253.187][.8080] [Ookla][Unknown][Network][Safe]
               end: [.....1] [ip4][..tcp] [....192.168.1.7][51207] -> [..46.44.253.187][...80] [HTTP.Ookla][Unknown][Network][Safe]
+                   RISK: HTTP Suspicious User-Agent
      DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/pgsql.pcap.out b/test/results/flow-info/pgsql.pcap.out
index 1479154d4..a3a6c4476 100644
--- a/test/results/flow-info/pgsql.pcap.out
+++ b/test/results/flow-info/pgsql.pcap.out
@@ -5,6 +5,20 @@
               new: [.....2] [ip4][..tcp] [......127.0.0.1][45931] -> [......127.0.0.1][.5432] 
          detected: [.....1] [ip4][..tcp] [......127.0.0.1][45930] -> [......127.0.0.1][.5432] [PostgreSQL][Unknown][Database][Acceptable]
          detected: [.....2] [ip4][..tcp] [......127.0.0.1][45931] -> [......127.0.0.1][.5432] [PostgreSQL][Unknown][Database][Acceptable]
+     DAEMON-EVENT: [Processed: 39 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+              new: [.....3] [ip4][..tcp] [..172.16.20.244][59036] -> [...172.16.20.75][.5432] 
+         detected: [.....3] [ip4][..tcp] [..172.16.20.244][59036] -> [...172.16.20.75][.5432] [PostgreSQL][Unknown][Database][Acceptable]
+              new: [.....4] [ip4][..tcp] [..172.16.20.244][59037] -> [...172.16.20.75][.5432] 
+         detected: [.....4] [ip4][..tcp] [..172.16.20.244][59037] -> [...172.16.20.75][.5432] [PostgreSQL][Unknown][Database][Acceptable]
+              new: [.....5] [ip4][..tcp] [..172.16.20.244][59038] -> [...172.16.20.75][.5432] 
+         detected: [.....5] [ip4][..tcp] [..172.16.20.244][59038] -> [...172.16.20.75][.5432] [PostgreSQL][Unknown][Database][Acceptable]
+              new: [.....6] [ip4][..tcp] [..172.16.20.244][59039] -> [...172.16.20.75][.5432] 
+         detected: [.....6] [ip4][..tcp] [..172.16.20.244][59039] -> [...172.16.20.75][.5432] [PostgreSQL][Unknown][Database][Acceptable]
              idle: [.....1] [ip4][..tcp] [......127.0.0.1][45930] -> [......127.0.0.1][.5432] [PostgreSQL][Unknown][Database][Acceptable]
              idle: [.....2] [ip4][..tcp] [......127.0.0.1][45931] -> [......127.0.0.1][.5432] [PostgreSQL][Unknown][Database][Acceptable]
+              end: [.....3] [ip4][..tcp] [..172.16.20.244][59036] -> [...172.16.20.75][.5432] [PostgreSQL][Unknown][Database][Acceptable]
+              end: [.....4] [ip4][..tcp] [..172.16.20.244][59037] -> [...172.16.20.75][.5432] [PostgreSQL][Unknown][Database][Acceptable]
+              end: [.....5] [ip4][..tcp] [..172.16.20.244][59038] -> [...172.16.20.75][.5432] [PostgreSQL][Unknown][Database][Acceptable]
+             idle: [.....6] [ip4][..tcp] [..172.16.20.244][59039] -> [...172.16.20.75][.5432] [PostgreSQL][Unknown][Database][Acceptable]
      DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/pinterest.pcap.out b/test/results/flow-info/pinterest.pcap.out
index f2d915d2f..44df58e28 100644
--- a/test/results/flow-info/pinterest.pcap.out
+++ b/test/results/flow-info/pinterest.pcap.out
@@ -120,16 +120,6 @@
          detected: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun][connect.facebook.net]
  detection-update: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] [TLS.Google][Unknown][Web][Acceptable][apis.google.com]
  detection-update: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun][connect.facebook.net]
-          analyse: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] [TLS.Google][Unknown][Web][Acceptable]
-                                        min|      max|      avg|   stddev|       variance| entropy
-                   [IAT.........:     0.000|    0.077|    0.013|    0.025|        631.324|   2.800]
-                   [PKTLEN......:    72.000| 1280.000|  407.600|  486.000|     236213.000|   4.100]
-                   [BINS(c->s)..: 12,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-                   [BINS(s->c)..: 6,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]
-                   [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0]
-                   [IATS(ms)....: 76.8,76.9,1.8,47.3,30.0,0.0,0.0,75.4,0.0,0.0,2.1,0.6,1.6,47.9,0.0,0.0,0.1,0.0,0.0,0.0,0.0,0.0,0.0,0.0,43.7,0.0,0.0,0.0,0.0,0.0,0.0]
-                   [PKTLENS.....: 80,80,72,589,72,1280,1280,342,72,72,72,136,164,386,72,72,72,652,103,470,1280,1280,1280,1280,1280,72,72,72,72,72,72,72]
-                   [ENTROPIES...: 4.8,5.3,5.2,4.5,5.1,7.8,7.8,7.3,5.2,5.2,5.2,6.0,6.5,7.4,5.1,5.1,5.2,7.6,5.7,7.5,7.8,7.8,7.8,7.9,7.8,5.2,5.1,5.2,5.2,5.2,5.2,5.2]
           analyse: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] [TLS.Google][Unknown][Web][Acceptable]
                                         min|      max|      avg|   stddev|       variance| entropy
                    [IAT.........:     0.000|    0.079|    0.013|    0.022|        493.391|   3.300]
@@ -265,7 +255,7 @@
              idle: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51446] -> [...............2a00:1450:4007:816::2003][..443] 
           guessed: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51472] -> [...............2a00:1450:4007:816::2003][..443] [TLS][Unknown][Web][Safe]
              idle: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51472] -> [...............2a00:1450:4007:816::2003][..443] 
-             idle: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] [TLS.Google][Unknown][Web][Acceptable]
+             idle: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] 
           guessed: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38402] -> [.......................2a04:4e42:1d::84][..443] [TLS][Unknown][Web][Safe]
              idle: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38402] -> [.......................2a04:4e42:1d::84][..443] 
           guessed: [....30] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38406] -> [.......................2a04:4e42:1d::84][..443] [TLS][Unknown][Web][Safe]
diff --git a/test/results/flow-info/pps.pcap.out b/test/results/flow-info/pps.pcap.out
index 5ac67e447..d1d3ca05d 100644
--- a/test/results/flow-info/pps.pcap.out
+++ b/test/results/flow-info/pps.pcap.out
@@ -56,6 +56,7 @@
                    [ENTROPIES...: 5.1,5.1,7.8,5.2,5.2,7.8,5.2,5.2,5.2,5.2,7.8,5.3,5.3,7.8,5.1,5.1,5.1,5.1,7.8,5.2,5.2,7.8,5.2,5.2,5.2,5.2,7.8,5.1,5.1,7.8,4.9,4.9]
      not-detected: [.....7] [ip4][..udp] [..192.168.115.8][22793] -> [219.228.107.156][.1250] [Unknown][Unknown][Unrated]
               new: [....11] [ip4][..udp] [..192.168.115.8][22793] -> [..218.61.39.103][17788] 
+         detected: [....11] [ip4][..udp] [..192.168.115.8][22793] -> [..218.61.39.103][17788] [PPStream][Unknown][Streaming][Fun]
               new: [....12] [ip4][..udp] [..192.168.115.8][22793] -> [...210.44.171.1][29702] 
               new: [....13] [ip4][..udp] [..192.168.115.8][22793] -> [.111.250.102.66][.1107] 
               new: [....14] [ip4][..udp] [..192.168.115.8][22793] -> [..61.223.204.67][11102] 
@@ -74,13 +75,17 @@
               new: [....27] [ip4][..udp] [..192.168.115.8][22793] -> [..1.169.136.116][17951] 
               new: [....28] [ip4][..udp] [..192.168.115.8][22793] -> [.114.41.144.153][10492] 
               new: [....29] [ip4][..udp] [..192.168.115.8][22793] -> [..183.61.167.82][17788] 
+         detected: [....29] [ip4][..udp] [..192.168.115.8][22793] -> [..183.61.167.82][17788] [PPStream][Unknown][Streaming][Fun]
               new: [....30] [ip4][..udp] [..192.168.115.8][22793] -> [...210.47.12.19][33738] 
               new: [....31] [ip4][..udp] [..192.168.115.8][22793] -> [...210.47.12.20][33738] 
               new: [....32] [ip4][..udp] [..192.168.115.8][22793] -> [..114.47.91.129][22576] 
               new: [....33] [ip4][..udp] [..192.168.115.8][22793] -> [.220.130.154.23][35941] 
               new: [....34] [ip4][..udp] [..192.168.115.8][22793] -> [...218.61.39.87][17788] 
+         detected: [....34] [ip4][..udp] [..192.168.115.8][22793] -> [...218.61.39.87][17788] [PPStream][Unknown][Streaming][Fun]
               new: [....35] [ip4][..udp] [..192.168.115.8][22793] -> [119.188.133.182][17788] 
+         detected: [....35] [ip4][..udp] [..192.168.115.8][22793] -> [119.188.133.182][17788] [PPStream][Unknown][Streaming][Fun]
               new: [....36] [ip4][..udp] [..192.168.115.8][22793] -> [.183.61.167.104][17788] 
+         detected: [....36] [ip4][..udp] [..192.168.115.8][22793] -> [.183.61.167.104][17788] [PPStream][Unknown][Streaming][Fun]
           analyse: [.....4] [ip4][..udp] [..192.168.115.8][22793] -> [.222.197.138.12][.6956] 
                                         min|      max|      avg|   stddev|       variance| entropy
                    [IAT.........:     0.000|    0.108|    0.029|    0.031|        941.853|   4.000]
@@ -118,6 +123,7 @@
          detected: [....48] [ip4][..tcp] [..192.168.115.8][50477] -> [.202.108.14.219][...80] [HTTP][Unknown][Streaming][Acceptable][msg.71.am]
               new: [....49] [ip4][..tcp] [..117.79.81.135][...80] -> [..192.168.115.8][50443] [MIDSTREAM] 
          detected: [....49] [ip4][..tcp] [..117.79.81.135][...80] -> [..192.168.115.8][50443] [HTTP][Unknown][Web][Acceptable][]
+                   RISK: HTTP Suspicious User-Agent
               new: [....50] [ip4][..tcp] [..192.168.115.8][50482] -> [.140.205.243.64][...80] [MIDSTREAM] 
          detected: [....50] [ip4][..tcp] [..192.168.115.8][50482] -> [.140.205.243.64][...80] [HTTP][Unknown][Web][Acceptable][cmc.tanx.com]
               new: [....51] [ip4][..tcp] [..192.168.115.8][50483] -> [.202.108.14.219][...80] [MIDSTREAM] 
@@ -201,18 +207,18 @@
            update: [....23] [ip4][..udp] [..192.168.115.8][22793] -> [.114.37.142.173][.1074] 
            update: [.....7] [ip4][..udp] [..192.168.115.8][22793] -> [219.228.107.156][.1250] [Unknown][Unknown][Unrated]
            update: [....16] [ip4][..udp] [..192.168.115.8][22793] -> [...36.233.39.81][18590] 
-           update: [....35] [ip4][..udp] [..192.168.115.8][22793] -> [119.188.133.182][17788] 
+           update: [....35] [ip4][..udp] [..192.168.115.8][22793] -> [119.188.133.182][17788] [PPStream][Unknown][Streaming][Fun]
            update: [....18] [ip4][..udp] [..192.168.115.8][22793] -> [..61.227.170.88][20227] 
            update: [....20] [ip4][..udp] [..192.168.115.8][22793] -> [.121.248.133.93][12757] 
            update: [....19] [ip4][..udp] [..192.168.115.8][22793] -> [..202.112.31.89][29072] 
            update: [....28] [ip4][..udp] [..192.168.115.8][22793] -> [.114.41.144.153][10492] 
            update: [....14] [ip4][..udp] [..192.168.115.8][22793] -> [..61.223.204.67][11102] 
            update: [.....8] [ip4][..udp] [.183.228.182.44][13913] -> [..192.168.115.8][22793] 
-           update: [....29] [ip4][..udp] [..192.168.115.8][22793] -> [..183.61.167.82][17788] 
-           update: [....36] [ip4][..udp] [..192.168.115.8][22793] -> [.183.61.167.104][17788] 
+           update: [....29] [ip4][..udp] [..192.168.115.8][22793] -> [..183.61.167.82][17788] [PPStream][Unknown][Streaming][Fun]
+           update: [....36] [ip4][..udp] [..192.168.115.8][22793] -> [.183.61.167.104][17788] [PPStream][Unknown][Streaming][Fun]
            update: [....21] [ip4][..udp] [..192.168.115.8][22793] -> [..1.175.128.104][.5185] 
-           update: [....11] [ip4][..udp] [..192.168.115.8][22793] -> [..218.61.39.103][17788] 
-           update: [....34] [ip4][..udp] [..192.168.115.8][22793] -> [...218.61.39.87][17788] 
+           update: [....11] [ip4][..udp] [..192.168.115.8][22793] -> [..218.61.39.103][17788] [PPStream][Unknown][Streaming][Fun]
+           update: [....34] [ip4][..udp] [..192.168.115.8][22793] -> [...218.61.39.87][17788] [PPStream][Unknown][Streaming][Fun]
            update: [....30] [ip4][..udp] [..192.168.115.8][22793] -> [...210.47.12.19][33738] 
            update: [....31] [ip4][..udp] [..192.168.115.8][22793] -> [...210.47.12.20][33738] 
            update: [....17] [ip4][..udp] [..192.168.115.8][22793] -> [.111.117.101.81][10162] 
@@ -241,8 +247,10 @@
          detected: [....85] [ip4][..tcp] [..192.168.115.8][50507] -> [..223.26.106.19][...80] [HTTP][Unknown][Web][Acceptable][static.qiyi.com]
               new: [....86] [ip4][..tcp] [.202.108.14.219][...80] -> [..192.168.115.8][50506] [MIDSTREAM] 
          detected: [....86] [ip4][..tcp] [.202.108.14.219][...80] -> [..192.168.115.8][50506] [HTTP][Unknown][Web][Acceptable][]
+                   RISK: HTTP Suspicious User-Agent
               new: [....87] [ip4][..tcp] [.202.108.14.219][...80] -> [..192.168.115.8][50295] [MIDSTREAM] 
          detected: [....87] [ip4][..tcp] [.202.108.14.219][...80] -> [..192.168.115.8][50295] [HTTP][Unknown][Web][Acceptable][]
+                   RISK: HTTP Suspicious User-Agent
               new: [....88] [ip4][..tcp] [..192.168.115.8][50508] -> [..223.26.106.19][...80] [MIDSTREAM] 
          detected: [....88] [ip4][..tcp] [..192.168.115.8][50508] -> [..223.26.106.19][...80] [HTTP][Unknown][Web][Acceptable][static.qiyi.com]
               new: [....89] [ip4][..tcp] [..192.168.115.8][50509] -> [.106.38.219.107][...80] [MIDSTREAM] 
@@ -304,9 +312,9 @@
          detected: [...106] [ip4][..tcp] [..192.168.115.8][50781] -> [..223.26.106.20][...80] [HTTP.PPStream][Unknown][Streaming][Fun][preimage1.qiyipic.com]
               new: [...107] [ip4][..tcp] [...77.234.41.35][...80] -> [..192.168.115.8][49174] [MIDSTREAM] 
          detected: [...107] [ip4][..tcp] [...77.234.41.35][...80] -> [..192.168.115.8][49174] [HTTP][AVAST][Download][Acceptable][]
-                   RISK: Binary App Transfer
+                   RISK: Binary App Transfer, HTTP Suspicious User-Agent
  detection-update: [...107] [ip4][..tcp] [...77.234.41.35][...80] -> [..192.168.115.8][49174] [HTTP][AVAST][Download][Acceptable][]
-                   RISK: Binary App Transfer
+                   RISK: Binary App Transfer, HTTP Suspicious User-Agent
      not-detected: [....22] [ip4][..udp] [..192.168.115.8][22793] -> [.222.26.193.119][.7133] [Unknown][Unknown][Unrated]
              idle: [....22] [ip4][..udp] [..192.168.115.8][22793] -> [.222.26.193.119][.7133] 
              idle: [....54] [ip4][..tcp] [..192.168.115.8][50486] -> [...77.234.40.96][...80] [HTTP.Cybersec][AVAST][Cybersecurity][Safe]
@@ -390,8 +398,7 @@
      not-detected: [....16] [ip4][..udp] [..192.168.115.8][22793] -> [...36.233.39.81][18590] [Unknown][Unknown][Unrated]
              idle: [....16] [ip4][..udp] [..192.168.115.8][22793] -> [...36.233.39.81][18590] 
              idle: [....38] [ip4][..tcp] [..192.168.115.8][50464] -> [.123.125.112.49][...80] [HTTP][Unknown][Web][Acceptable]
-     not-detected: [....35] [ip4][..udp] [..192.168.115.8][22793] -> [119.188.133.182][17788] [Unknown][Unknown][Unrated]
-             idle: [....35] [ip4][..udp] [..192.168.115.8][22793] -> [119.188.133.182][17788] 
+             idle: [....35] [ip4][..udp] [..192.168.115.8][22793] -> [119.188.133.182][17788] [PPStream][Unknown][Streaming][Fun]
               end: [....68] [ip4][..tcp] [..192.168.115.8][50497] -> [.123.125.112.49][...80] [HTTP][Unknown][Web][Acceptable]
              idle: [....50] [ip4][..tcp] [..192.168.115.8][50482] -> [.140.205.243.64][...80] [HTTP][Unknown][Web][Acceptable]
      not-detected: [....18] [ip4][..udp] [..192.168.115.8][22793] -> [..61.227.170.88][20227] [Unknown][Unknown][Unrated]
@@ -416,16 +423,12 @@
      not-detected: [.....8] [ip4][..udp] [.183.228.182.44][13913] -> [..192.168.115.8][22793] [Unknown][Unknown][Unrated]
              idle: [.....8] [ip4][..udp] [.183.228.182.44][13913] -> [..192.168.115.8][22793] 
              idle: [....84] [ip4][..udp] [...192.168.5.41][50374] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable]
-     not-detected: [....36] [ip4][..udp] [..192.168.115.8][22793] -> [.183.61.167.104][17788] [Unknown][Unknown][Unrated]
-             idle: [....36] [ip4][..udp] [..192.168.115.8][22793] -> [.183.61.167.104][17788] 
-     not-detected: [....29] [ip4][..udp] [..192.168.115.8][22793] -> [..183.61.167.82][17788] [Unknown][Unknown][Unrated]
-             idle: [....29] [ip4][..udp] [..192.168.115.8][22793] -> [..183.61.167.82][17788] 
+             idle: [....36] [ip4][..udp] [..192.168.115.8][22793] -> [.183.61.167.104][17788] [PPStream][Unknown][Streaming][Fun]
+             idle: [....29] [ip4][..udp] [..192.168.115.8][22793] -> [..183.61.167.82][17788] [PPStream][Unknown][Streaming][Fun]
      not-detected: [....21] [ip4][..udp] [..192.168.115.8][22793] -> [..1.175.128.104][.5185] [Unknown][Unknown][Unrated]
              idle: [....21] [ip4][..udp] [..192.168.115.8][22793] -> [..1.175.128.104][.5185] 
-     not-detected: [....34] [ip4][..udp] [..192.168.115.8][22793] -> [...218.61.39.87][17788] [Unknown][Unknown][Unrated]
-             idle: [....34] [ip4][..udp] [..192.168.115.8][22793] -> [...218.61.39.87][17788] 
-     not-detected: [....11] [ip4][..udp] [..192.168.115.8][22793] -> [..218.61.39.103][17788] [Unknown][Unknown][Unrated]
-             idle: [....11] [ip4][..udp] [..192.168.115.8][22793] -> [..218.61.39.103][17788] 
+             idle: [....34] [ip4][..udp] [..192.168.115.8][22793] -> [...218.61.39.87][17788] [PPStream][Unknown][Streaming][Fun]
+             idle: [....11] [ip4][..udp] [..192.168.115.8][22793] -> [..218.61.39.103][17788] [PPStream][Unknown][Streaming][Fun]
              idle: [....77] [ip4][..udp] [...192.168.5.50][52529] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable]
      not-detected: [....31] [ip4][..udp] [..192.168.115.8][22793] -> [...210.47.12.20][33738] [Unknown][Unknown][Unrated]
              idle: [....31] [ip4][..udp] [..192.168.115.8][22793] -> [...210.47.12.20][33738] 
diff --git a/test/results/flow-info/quic-33.pcapng.out b/test/results/flow-info/quic-33.pcapng.out
index ebdc71921..8cc283c11 100644
--- a/test/results/flow-info/quic-33.pcapng.out
+++ b/test/results/flow-info/quic-33.pcapng.out
@@ -4,16 +4,6 @@
               new: [.....1] [ip6][..udp] [....................................::1][51430] -> [....................................::1][.4443] 
          detected: [.....1] [ip6][..udp] [....................................::1][51430] -> [....................................::1][.4443] [QUIC][Unknown][Web][Acceptable][]
                    RISK: Known Proto on Non Std Port, Missing SNI TLS Extn
-          analyse: [.....1] [ip6][..udp] [....................................::1][51430] -> [....................................::1][.4443] [QUIC][Unknown][Web][Acceptable]
-                                        min|      max|      avg|   stddev|       variance| entropy
-                   [IAT.........:     0.000|    0.003|    0.000|    0.001|          0.627|   3.200]
-                   [PKTLEN......:   101.000| 1488.000|  990.900|  605.000|     366070.200|   4.600]
-                   [BINS(c->s)..: 0,4,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0]
-                   [BINS(s->c)..: 0,3,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,15,0,0]
-                   [DIRECTIONS..: 0,1,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1]
-                   [IATS(ms)....: 2.8,0.1,0.0,3.4,0.6,0.3,0.0,0.4,0.1,0.4,0.0,1.1,1.4,0.5,0.0,0.3,0.1,0.3,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0]
-                   [PKTLENS.....: 1280,1280,791,1488,101,103,195,103,1280,1280,359,1488,487,231,103,103,103,103,1488,1488,1488,1488,1488,1488,1488,1488,1488,1488,1488,1488,1488,1488]
-                   [ENTROPIES...: 7.8,7.8,7.6,7.8,4.5,4.9,6.0,4.9,7.8,7.8,7.0,7.8,7.4,6.6,4.8,4.9,4.7,4.9,7.8,7.8,7.8,7.8,7.9,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8]
              idle: [.....1] [ip6][..udp] [....................................::1][51430] -> [....................................::1][.4443] [QUIC][Unknown][Web][Acceptable]
                    RISK: Known Proto on Non Std Port, Missing SNI TLS Extn
      DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/quic-v2-01.pcapng.out b/test/results/flow-info/quic-v2-01.pcapng.out
index d91287021..a47d20b00 100644
--- a/test/results/flow-info/quic-v2-01.pcapng.out
+++ b/test/results/flow-info/quic-v2-01.pcapng.out
@@ -4,16 +4,6 @@
               new: [.....1] [ip4][..udp] [...192.168.56.1][34229] -> [.192.168.56.198][.4443] 
          detected: [.....1] [ip4][..udp] [...192.168.56.1][34229] -> [.192.168.56.198][.4443] [QUIC][Unknown][Web][Acceptable][]
                    RISK: Known Proto on Non Std Port, Missing SNI TLS Extn
-          analyse: [.....1] [ip4][..udp] [...192.168.56.1][34229] -> [.192.168.56.198][.4443] [QUIC][Unknown][Web][Acceptable]
-                                        min|      max|      avg|   stddev|       variance| entropy
-                   [IAT.........:     0.000|    0.003|    0.000|    0.001|          0.343|   3.200]
-                   [PKTLEN......:    83.000| 1468.000| 1031.900|  592.800|     351417.000|   4.700]
-                   [BINS(c->s)..: 0,4,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0]
-                   [BINS(s->c)..: 0,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,18,0,0]
-                   [DIRECTIONS..: 0,1,1,1,0,0,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,0,1]
-                   [IATS(ms)....: 2.2,0.0,0.1,2.6,0.0,0.2,0.5,0.1,0.1,0.4,0.5,0.3,0.4,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.3,0.2,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.4,0.3]
-                   [PKTLENS.....: 1280,1280,752,1468,431,1468,211,83,83,467,83,83,211,1468,1468,1468,1468,1468,1468,1468,1468,83,1468,1468,1468,1468,1468,1468,1468,1468,83,1468]
-                   [ENTROPIES...: 7.9,7.8,7.7,7.9,7.5,7.9,7.0,5.9,6.0,7.6,6.1,5.9,7.0,7.9,7.9,7.9,7.9,7.9,7.9,7.8,7.8,5.8,7.9,7.9,7.9,7.9,7.9,7.8,7.9,7.9,5.9,7.9]
              idle: [.....1] [ip4][..udp] [...192.168.56.1][34229] -> [.192.168.56.198][.4443] [QUIC][Unknown][Web][Acceptable]
                    RISK: Known Proto on Non Std Port, Missing SNI TLS Extn
      DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/quic.pcap.out b/test/results/flow-info/quic.pcap.out
index 82c1da2ab..0a18f1a43 100644
--- a/test/results/flow-info/quic.pcap.out
+++ b/test/results/flow-info/quic.pcap.out
@@ -51,7 +51,7 @@
                    [PKTLENS.....: 1378,373,1378,1378,1378,369,65,68,1378,61,61,71,1378,1378,1174,68,65,1378,1378,68,1378,1378,1378,68,1378,68,1378,1378,1378,68,1378,1378]
                    [ENTROPIES...: 5.1,7.4,7.6,2.6,5.4,7.4,5.3,5.5,7.9,5.5,5.5,5.7,7.9,7.9,7.8,5.6,5.6,7.9,7.9,5.7,7.9,7.9,7.9,5.6,7.9,5.7,7.9,7.8,7.9,5.6,7.9,7.9]
              idle: [.....7] [ip4][..udp] [..192.168.1.105][40030] -> [.216.58.201.227][..443] [QUIC.Google][Google][Web][Acceptable]
-     not-detected: [.....4] [ip4][..udp] [..192.168.1.105][40461] -> [...172.217.16.3][..443] [Unknown][Google][Unrated]
+          guessed: [.....4] [ip4][..udp] [..192.168.1.105][40461] -> [...172.217.16.3][..443] [QUIC][Google][Web][Acceptable]
              idle: [.....4] [ip4][..udp] [..192.168.1.105][40461] -> [...172.217.16.3][..443] 
              idle: [.....6] [ip4][..udp] [..192.168.1.105][48445] -> [.216.58.214.110][..443] [QUIC.YouTube][Google][Media][Fun]
              idle: [.....5] [ip4][..udp] [..192.168.1.105][34438] -> [.216.58.210.238][..443] [QUIC.YouTube][Google][Media][Fun]
diff --git a/test/results/flow-info/quic_t51.pcap.out b/test/results/flow-info/quic_t51.pcap.out
index 3e08f9c07..3eed957fd 100644
--- a/test/results/flow-info/quic_t51.pcap.out
+++ b/test/results/flow-info/quic_t51.pcap.out
@@ -3,16 +3,5 @@
      DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
               new: [.....1] [ip4][..udp] [187.227.136.152][55356] -> [.211.247.147.90][..443] 
          detected: [.....1] [ip4][..udp] [187.227.136.152][55356] -> [.211.247.147.90][..443] [QUIC.Google][Unknown][Web][Acceptable][www.google.com]
-          analyse: [.....1] [ip4][..udp] [187.227.136.152][55356] -> [.211.247.147.90][..443] [QUIC.Google][Unknown][Web][Acceptable]
-                                        min|      max|      avg|   stddev|       variance| entropy
-                   [IAT.........:     0.000|   19.583|    2.165|    5.210|   27140724.621|   2.500]
-                   [PKTLEN......:    53.000| 1378.000|  437.200|  500.300|     250315.800|   4.100]
-                   [BINS(c->s)..: 0,8,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0]
-                   [BINS(s->c)..: 7,0,0,1,0,0,0,1,1,0,0,0,0,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0]
-                   [DIRECTIONS..: 0,1,0,1,1,1,0,0,0,1,1,0,0,1,1,1,1,0,0,0,1,1,1,1,0,0,0,1,1,1,1,0]
-                   [IATS(ms)....: 5.9,69.3,110.8,0.0,0.0,113.6,2.3,5.8,80.0,0.0,46.4,10090.9,10162.3,246.2,1.4,0.0,331.6,26.2,19472.4,19582.6,120.2,0.7,0.2,185.0,26.5,2999.5,3090.0,125.9,1.4,0.1,205.6]
-                   [PKTLENS.....: 1378,1378,1378,1378,1378,1240,69,69,101,54,644,61,989,53,668,54,299,61,61,497,53,720,54,137,61,61,211,53,456,54,259,61]
-                   [ENTROPIES...: 7.9,7.9,7.8,7.8,7.9,7.8,5.6,5.7,6.2,5.2,7.7,5.6,7.8,5.2,7.7,5.4,7.3,5.7,5.6,7.5,5.3,7.7,5.3,6.5,5.6,5.6,7.0,5.3,7.5,5.2,7.3,5.6]
-           update: [.....1] [ip4][..udp] [187.227.136.152][55356] -> [.211.247.147.90][..443] [QUIC.Google][Unknown][Web][Acceptable]
              idle: [.....1] [ip4][..udp] [187.227.136.152][55356] -> [.211.247.147.90][..443] [QUIC.Google][Unknown][Web][Acceptable]
      DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/radius_false_positive.pcapng.out b/test/results/flow-info/radius_false_positive.pcapng.out
index afe56155d..9628c93df 100644
--- a/test/results/flow-info/radius_false_positive.pcapng.out
+++ b/test/results/flow-info/radius_false_positive.pcapng.out
@@ -2,6 +2,6 @@
      DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
      DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
               new: [.....1] [ip6][..udp] [................2bc6:b5ac:cb3b:676b::18][..443] -> [3dba:3762:c186:e122:89b0:5170:a86c:ecff][53129] 
-     not-detected: [.....1] [ip6][..udp] [................2bc6:b5ac:cb3b:676b::18][..443] -> [3dba:3762:c186:e122:89b0:5170:a86c:ecff][53129] [Unknown][Unknown][Unrated]
+          guessed: [.....1] [ip6][..udp] [................2bc6:b5ac:cb3b:676b::18][..443] -> [3dba:3762:c186:e122:89b0:5170:a86c:ecff][53129] [QUIC][Unknown][Web][Acceptable]
              idle: [.....1] [ip6][..udp] [................2bc6:b5ac:cb3b:676b::18][..443] -> [3dba:3762:c186:e122:89b0:5170:a86c:ecff][53129] 
      DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/reddit.pcap.out b/test/results/flow-info/reddit.pcap.out
index 8686ff02e..ec11c7bfd 100644
--- a/test/results/flow-info/reddit.pcap.out
+++ b/test/results/flow-info/reddit.pcap.out
@@ -96,16 +96,6 @@
  detection-update: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56586] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][preview.redd.it]
  detection-update: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56588] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][preview.redd.it]
  detection-update: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56588] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][preview.redd.it]
-          analyse: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56564] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun]
-                                        min|      max|      avg|   stddev|       variance| entropy
-                   [IAT.........:     0.000|    0.042|    0.008|    0.014|        202.320|   3.100]
-                   [PKTLEN......:    72.000| 1460.000|  316.100|  366.700|     134435.400|   4.300]
-                   [BINS(c->s)..: 8,1,1,4,2,0,2,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0]
-                   [BINS(s->c)..: 4,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-                   [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,0,0,0,0]
-                   [IATS(ms)....: 29.9,29.9,0.1,38.0,2.3,0.0,40.2,0.0,0.1,0.0,0.0,0.0,2.7,0.1,0.6,0.0,0.2,0.0,41.5,1.3,39.1,1.6,0.0,7.3,1.5,7.3,2.1,0.2,0.1,0.0,0.2]
-                   [PKTLENS.....: 80,80,72,589,72,1120,1120,72,72,1120,592,72,72,165,171,361,391,1460,269,72,330,72,195,227,72,138,72,217,110,182,183,294]
-                   [ENTROPIES...: 4.9,5.3,5.2,4.5,5.1,6.9,7.3,5.2,5.2,7.3,7.5,5.2,5.2,5.9,6.4,7.2,7.2,7.6,6.8,5.1,7.1,5.2,6.6,6.5,5.1,6.2,5.2,6.7,5.5,6.5,6.5,6.9]
  detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56592] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][emoji.redditmedia.com]
  detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56592] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][emoji.redditmedia.com]
  detection-update: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56590] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][emoji.redditmedia.com]
@@ -121,17 +111,6 @@
                    [PKTLENS.....: 80,80,72,589,72,1120,72,1120,72,1120,602,72,72,165,171,436,468,115,72,330,72,72,72,138,72,110,72,1120,1120,1120,1120,1120]
                    [ENTROPIES...: 4.7,5.2,5.3,4.6,5.1,6.9,5.3,7.3,5.3,7.4,7.6,5.3,5.3,6.0,6.4,7.4,7.2,5.8,5.1,7.1,5.2,5.1,5.1,6.2,5.2,5.7,5.1,7.8,7.8,7.8,7.8,7.8]
  detection-update: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56578] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][styles.redditmedia.com]
-          analyse: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56582] -> [.....................64:ff9b::9765:798c][..443] 
-                                        min|      max|      avg|   stddev|       variance| entropy
-                   [IAT.........:     0.000|    0.060|    0.009|    0.018|        336.129|   2.700]
-                   [PKTLEN......:    72.000| 1120.000|  297.400|  353.700|     125114.100|   4.200]
-                   [BINS(c->s)..: 10,1,1,1,1,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-                   [BINS(s->c)..: 7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-                   [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,1,1,1,1,0,0,0,0]
-                   [IATS(ms)....: 36.1,36.1,0.1,41.3,0.0,41.2,0.0,0.0,0.7,0.0,0.7,0.0,2.3,1.1,0.2,0.0,0.2,60.3,1.0,0.0,57.4,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.9]
-                   [PKTLENS.....: 80,80,72,589,72,1120,72,1120,72,1120,576,72,72,165,171,446,359,227,72,330,72,72,138,72,72,72,1120,687,72,72,72,110]
-                   [ENTROPIES...: 4.8,5.3,5.3,4.5,5.1,6.9,5.3,7.4,5.3,7.3,7.5,5.3,5.3,6.1,6.5,7.4,7.1,6.8,5.1,7.1,5.1,5.2,6.2,5.0,5.0,5.1,7.8,7.7,5.2,5.2,5.2,5.6]
- detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56582] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][preview.redd.it]
           analyse: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56592] -> [.....................64:ff9b::9765:798c][..443] 
                                         min|      max|      avg|   stddev|       variance| entropy
                    [IAT.........:     0.000|    0.052|    0.010|    0.019|        355.472|   2.800]
@@ -270,16 +249,6 @@
                    [PKTLENS.....: 80,80,72,589,72,1460,1460,660,72,72,72,198,171,330,330,72,346,141,72,72,110,72,72,110,72,1460,1460,72,72,1460,1460,1460]
                    [ENTROPIES...: 5.3,5.6,5.5,4.7,5.4,6.9,7.4,7.6,5.4,5.4,5.3,6.5,6.4,7.2,7.2,5.4,7.2,6.3,5.5,5.5,5.8,5.4,5.4,6.0,5.4,7.9,7.9,5.5,5.5,7.9,7.9,7.9]
  detection-update: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] [TLS][Unknown][Web][Safe][secure.quantserve.com]
-          analyse: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54862] -> [...............2a00:1450:4007:806::200e][..443] [TLS.YouTube][Unknown][Media][Fun]
-                                        min|      max|      avg|   stddev|       variance| entropy
-                   [IAT.........:     0.000|    0.169|    0.022|    0.038|       1465.366|   3.300]
-                   [PKTLEN......:    72.000| 1280.000|  394.800|  466.200|     217386.300|   4.100]
-                   [BINS(c->s)..: 12,0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-                   [BINS(s->c)..: 6,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0]
-                   [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,0,1,1,0,0,1,1,0,1,1,1,0,0,1,0,1]
-                   [IATS(ms)....: 34.8,34.8,0.2,53.0,4.9,57.8,0.5,0.0,0.0,0.4,0.0,0.0,3.6,2.0,0.4,91.7,168.8,1.8,72.8,0.2,1.0,2.0,2.7,14.6,61.7,0.0,76.3,0.0,0.7,0.7,0.1]
-                   [PKTLENS.....: 80,80,72,589,72,1280,72,1280,1280,272,72,72,72,136,164,477,477,72,652,72,103,72,103,72,72,813,1280,72,72,1280,72,1280]
-                   [ENTROPIES...: 4.9,5.3,5.2,4.5,5.1,7.8,5.2,7.8,7.9,7.2,5.2,5.2,5.2,6.1,6.5,7.4,7.4,5.1,7.6,5.1,5.7,5.1,5.7,5.2,5.1,7.7,7.8,5.2,5.2,7.8,5.2,7.8]
               new: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] 
               new: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51102] -> [.....................64:ff9b::d83a:d1e6][..443] 
               new: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] 
@@ -509,7 +478,7 @@
              idle: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56560] -> [.....................64:ff9b::9765:798c][..443] 
               end: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47304] -> [...............2a00:1450:4007:80c::2003][..443] 
               end: [.....5] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56562] -> [.....................64:ff9b::9765:798c][..443] 
-             idle: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56564] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun]
+             idle: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56564] -> [.....................64:ff9b::9765:798c][..443] 
               end: [.....7] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56566] -> [.....................64:ff9b::9765:798c][..443] 
               end: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56568] -> [.....................64:ff9b::9765:798c][..443] 
               end: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56570] -> [.....................64:ff9b::9765:798c][..443] 
@@ -518,7 +487,7 @@
               end: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56576] -> [.....................64:ff9b::9765:798c][..443] 
              idle: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56578] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun]
               end: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56580] -> [.....................64:ff9b::9765:798c][..443] 
-             idle: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56582] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun]
+             idle: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56582] -> [.....................64:ff9b::9765:798c][..443] 
               end: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56584] -> [.....................64:ff9b::9765:798c][..443] 
               end: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56586] -> [.....................64:ff9b::9765:798c][..443] 
               end: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56588] -> [.....................64:ff9b::9765:798c][..443] 
@@ -546,7 +515,7 @@
              idle: [....54] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38166] -> [...............2a00:1450:4007:811::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable]
              idle: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] [TLS.Amazon][Unknown][Web][Acceptable]
              idle: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54726] -> [...............2a00:1450:4007:808::2006][..443] [TLS.Google][Unknown][Advertisement][Acceptable]
-             idle: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54862] -> [...............2a00:1450:4007:806::200e][..443] [TLS.YouTube][Unknown][Media][Fun]
+             idle: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54862] -> [...............2a00:1450:4007:806::200e][..443] 
              idle: [....30] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39626] -> [.....................64:ff9b::2278:cf94][..443] [TLS][Unknown][Web][Safe]
              idle: [....49] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46806] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Unknown][Web][Acceptable]
               end: [....50] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46808] -> [...............2a00:1450:4007:808::2001][..443] 
diff --git a/test/results/flow-info/starcraft_battle.pcap.out b/test/results/flow-info/starcraft_battle.pcap.out
index afd4af97e..9137b09e0 100644
--- a/test/results/flow-info/starcraft_battle.pcap.out
+++ b/test/results/flow-info/starcraft_battle.pcap.out
@@ -7,7 +7,6 @@
          detected: [.....2] [ip4][..udp] [..192.168.1.100][58818] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][91.252.30.192.in-addr.arpa]
  detection-update: [.....2] [ip4][..udp] [..192.168.1.100][58818] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][100.1.168.192.in-addr.arpa]
  detection-update: [.....2] [ip4][..udp] [..192.168.1.100][58818] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][100.1.168.192.in-addr.arpa]
-                   RISK: Suspicious DNS Traffic
               new: [.....3] [ip4][..tcp] [..80.239.186.26][..443] -> [..192.168.1.100][.3476] [MIDSTREAM] 
               new: [.....4] [ip4][..udp] [..192.168.1.100][58831] -> [..192.168.1.254][...53] 
          detected: [.....4] [ip4][..udp] [..192.168.1.100][58831] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][254.1.168.192.in-addr.arpa]
@@ -53,6 +52,8 @@
                    [ENTROPIES...: 4.6,4.9,4.7,5.8,4.5,5.3,4.7,5.1,4.6,5.2,4.7,5.1,4.7,5.1,4.6,5.2,4.6,5.2,4.6,5.1,4.7,5.2,4.7,5.1,4.7,5.1,4.7,5.2,4.7,5.2,4.7,5.1]
               new: [....16] [ip4][..tcp] [..192.168.1.100][.3512] -> [..12.129.222.54][...80] 
          detected: [....16] [ip4][..tcp] [..192.168.1.100][.3512] -> [..12.129.222.54][...80] [HTTP.WorldOfWarcraft][Unknown][Game][Fun][us.scan.worldofwarcraft.com]
+ detection-update: [....16] [ip4][..tcp] [..192.168.1.100][.3512] -> [..12.129.222.54][...80] [HTTP.WorldOfWarcraft][Unknown][Game][Fun][us.scan.worldofwarcraft.com]
+                   RISK: HTTP Suspicious User-Agent
               new: [....17] [ip4][..tcp] [..192.168.1.100][.3492] -> [...2.228.46.104][..443] [MIDSTREAM] 
               new: [....18] [ip4][..tcp] [..192.168.1.100][.3489] -> [...2.228.46.104][..443] [MIDSTREAM] 
               new: [....19] [ip4][..tcp] [..192.168.1.100][.3490] -> [...2.228.46.104][..443] [MIDSTREAM] 
@@ -189,7 +190,7 @@
               end: [....41] [ip4][..tcp] [..192.168.1.100][.3524] -> [..80.239.186.26][...80] [HTTP][Unknown][Web][Acceptable]
               end: [....42] [ip4][..tcp] [..192.168.1.100][.3525] -> [..80.239.186.40][...80] [HTTP][Unknown][Web][Acceptable]
               end: [....43] [ip4][..tcp] [..192.168.1.100][.3526] -> [..80.239.186.40][...80] [HTTP][Unknown][Web][Acceptable]
-     not-detected: [.....6] [ip4][..udp] [..173.194.40.22][..443] -> [..192.168.1.100][53568] [Unknown][Google][Unrated]
+          guessed: [.....6] [ip4][..udp] [..173.194.40.22][..443] -> [..192.168.1.100][53568] [QUIC][Google][Web][Acceptable]
              idle: [.....6] [ip4][..udp] [..173.194.40.22][..443] -> [..192.168.1.100][53568] 
           guessed: [....34] [ip4][..udp] [..192.168.1.100][53146] -> [...5.42.180.154][.1119] [Starcraft][Starcraft][Game][Fun]
              idle: [....34] [ip4][..udp] [..192.168.1.100][53146] -> [...5.42.180.154][.1119] 
@@ -203,9 +204,9 @@
           guessed: [.....5] [ip4][..tcp] [..80.239.186.40][..443] -> [..192.168.1.100][.3478] [TLS][Unknown][Web][Safe]
               end: [.....5] [ip4][..tcp] [..80.239.186.40][..443] -> [..192.168.1.100][.3478] 
              idle: [.....2] [ip4][..udp] [..192.168.1.100][58818] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable]
-                   RISK: Suspicious DNS Traffic
              idle: [.....4] [ip4][..udp] [..192.168.1.100][58831] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable]
              idle: [.....7] [ip4][..udp] [..192.168.1.100][58844] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable]
              idle: [.....9] [ip4][..udp] [..192.168.1.100][58851] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable]
               end: [....16] [ip4][..tcp] [..192.168.1.100][.3512] -> [..12.129.222.54][...80] [HTTP.WorldOfWarcraft][Unknown][Game][Fun]
+                   RISK: HTTP Suspicious User-Agent
      DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/synscan.pcap.out b/test/results/flow-info/synscan.pcap.out
index aceebaa5a..577074123 100644
--- a/test/results/flow-info/synscan.pcap.out
+++ b/test/results/flow-info/synscan.pcap.out
@@ -2679,7 +2679,7 @@
              idle: [..1534] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][55055] 
      not-detected: [..1083] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.5902] [Unknown][Unknown][Unrated]
              idle: [..1083] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.5902] 
-     not-detected: [...796] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.9999] [Unknown][Unknown][Unrated]
+          guessed: [...796] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
              idle: [...796] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.9999] 
      not-detected: [...103] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.5903] [Unknown][Unknown][Unrated]
              idle: [...103] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.5903] 
@@ -2687,7 +2687,7 @@
              idle: [..1791] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][55056] 
      not-detected: [..1619] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][55055] [Unknown][Unknown][Unrated]
              idle: [..1619] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][55055] 
-     not-detected: [...859] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.9999] [Unknown][Unknown][Unrated]
+          guessed: [...859] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
              idle: [...859] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.9999] 
           guessed: [...539] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][10000] [CiscoVPN][Unknown][VPN][Acceptable]
              idle: [...539] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][10000] 
diff --git a/test/results/flow-info/teams.pcap.out b/test/results/flow-info/teams.pcap.out
index cc3b24cdb..97e3986c5 100644
--- a/test/results/flow-info/teams.pcap.out
+++ b/test/results/flow-info/teams.pcap.out
@@ -64,17 +64,6 @@
                    [IATS(ms)....: 45.3,45.4,0.3,49.2,0.0,48.8,0.2,0.2,1.3,46.5,45.3,1.9,0.0,0.0,47.7,45.8,0.0,0.0,0.0,37.7,37.7,0.0,8.0,8.1,0.0,0.7,37.0,7.8,4.3,49.8,1.3]
                    [PKTLENS.....: 64,60,52,258,1492,1375,64,1492,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,825,52,52,52,497,52,83]
                    [ENTROPIES...: 4.3,5.2,5.0,6.0,7.3,7.7,5.1,7.3,5.0,6.0,5.7,5.1,7.8,7.9,7.9,5.2,7.9,7.9,7.9,7.9,5.2,7.9,7.9,5.2,7.9,7.8,5.1,5.2,5.2,7.5,5.0,5.3]
-          analyse: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] 
-                                        min|      max|      avg|   stddev|       variance| entropy
-                   [IAT.........:     0.000|    0.050|    0.005|    0.010|         94.878|   3.300]
-                   [PKTLEN......:    40.000| 1492.000|  416.000|  569.700|     324516.500|   3.800]
-                   [BINS(c->s)..: 8,1,2,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
-                   [BINS(s->c)..: 7,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
-                   [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,0,0,0,0,1,1,0,1,1,1,1,1]
-                   [IATS(ms)....: 11.4,11.5,0.2,11.3,2.8,0.1,13.8,0.1,0.1,0.1,0.0,0.1,4.8,15.5,11.8,1.3,0.0,0.2,0.0,0.3,0.2,0.0,0.1,10.9,0.0,10.4,1.7,0.2,0.0,50.4,0.0]
-                   [PKTLENS.....: 64,52,40,254,46,1492,1492,40,1492,40,1492,257,40,198,46,133,366,109,40,40,78,1480,1047,124,46,78,40,46,46,46,1492,1055]
-                   [ENTROPIES...: 4.4,4.9,4.6,5.5,4.5,7.3,7.4,4.7,7.5,4.6,7.6,7.1,4.7,6.5,4.5,6.1,7.2,5.9,4.7,4.6,5.1,7.9,7.8,6.1,4.5,5.4,4.6,4.6,4.6,4.5,7.8,7.8]
- detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com]
       ERROR-EVENT: Unknown packet type [8/16]
       ERROR-EVENT: Unknown packet type [9/16]
               new: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] 
@@ -234,7 +223,6 @@
               new: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] 
  detection-update: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][api.flightproxy.teams.microsoft.com]
  detection-update: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][euaz.tr.teams.microsoft.com]
-                   RISK: Suspicious DNS Traffic
               new: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] 
          detected: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][outlook.office.com]
  detection-update: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][outlook.office.com]
@@ -470,7 +458,7 @@
              idle: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] [ICMP][Unknown][Network][Acceptable]
               end: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] 
              idle: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
-             idle: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
+             idle: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] 
              idle: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
              idle: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
                    RISK: TLS (probably) Not Carrying HTTPS
@@ -484,7 +472,6 @@
              idle: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
              idle: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable]
              idle: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
-                   RISK: Suspicious DNS Traffic
              idle: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable]
               end: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
                    RISK: TLS (probably) Not Carrying HTTPS
diff --git a/test/results/flow-info/teamspeak3.pcap.out b/test/results/flow-info/teamspeak3.pcap.out
index ab95348c3..fce6c16c2 100644
--- a/test/results/flow-info/teamspeak3.pcap.out
+++ b/test/results/flow-info/teamspeak3.pcap.out
@@ -3,5 +3,356 @@
      DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
               new: [.....1] [ip4][..udp] [.......10.0.0.1][53187] -> [.......10.0.0.2][.9987] 
          detected: [.....1] [ip4][..udp] [.......10.0.0.1][53187] -> [.......10.0.0.2][.9987] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 13 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+              new: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] 
+         detected: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
              idle: [.....1] [ip4][..udp] [.......10.0.0.1][53187] -> [.......10.0.0.2][.9987] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 21 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 1]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 25 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 2]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 33 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 4]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 41 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 6]
+          analyse: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+                                        min|      max|      avg|   stddev|       variance| entropy
+                   [IAT.........:     0.005|  600.181|  132.446|  380.876|145066403072.836|   3.800]
+                   [PKTLEN......:    32.000|   44.000|   40.000|    4.700|         22.000|   5.000]
+                   [BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
+                   [IATS(ms)....: 4.8,5.4,5.5,599973.1,599973.0,5.0,5.0,600080.5,600080.5,5.2,5.2,600089.7,600089.6,5.0,5.0,599897.6,599897.7,5.2,5.1,600181.0,600181.0,5.0,4.9,599984.8,599984.8,5.2,5.1,600152.3,600152.4,5.0,5.0]
+                   [PKTLENS.....: 32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42]
+                   [ENTROPIES...: 4.6,4.5,4.8,4.1,4.6,4.5,4.8,4.1,4.5,4.3,4.7,4.0,4.6,4.5,4.7,4.1,4.6,4.5,4.7,4.0,4.6,4.3,4.7,4.0,4.6,4.5,4.6,4.1,4.6,4.5,4.7,4.0]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 49 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 8]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 57 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 10]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 65 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 12]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 69 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 13]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 73 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 14]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 81 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 16]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 89 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 18]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 93 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 19]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 97 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 20]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 105 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 22]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 112 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 23]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 113 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 24]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 120 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 25]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 121 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 26]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 125 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 27]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 132 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 28]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 133 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 29]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 141 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 31]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 145 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 32]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 149 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 33]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 157 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 35]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 161 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 36]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 165 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 37]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 169 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 38]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 173 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 39]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 181 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 41]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 189 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 43]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 197 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 45]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 205 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 47]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 209 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 48]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 213 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 49]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 221 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 51]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 229 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 53]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 233 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 54]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 237 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 55]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 245 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 57]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 253 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 59]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 261 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 61]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 265 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 62]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 269 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 63]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 277 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 65]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 285 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 67]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 293 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 69]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 301 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 71]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 309 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 73]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 317 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 75]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 321 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 76]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 325 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 77]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 329 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 78]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 333 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 79]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 337 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 80]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 345 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 82]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 353 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 84]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 360 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 85]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 361 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 86]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 369 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 88]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 377 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 90]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 385 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 92]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 389 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 93]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 397 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 95]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 401 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 96]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 405 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 97]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 409 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 98]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 413 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 99]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 421 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 101]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 425 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 102]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 429 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 103]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 437 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 105]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 445 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 107]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 449 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 108]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 453 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 109]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 461 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 111]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 465 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 112]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 469 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 113]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 477 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 115]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 485 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 117]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 493 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 119]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 501 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 121]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 509 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 123]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 517 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 125]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 521 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 126]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 529 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 128]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 533 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 129]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 537 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 130]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 545 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 132]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 549 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 133]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 553 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 134]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 561 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 136]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 569 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 138]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 573 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 139]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 577 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 140]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 581 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 141]
+           update: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
+     DAEMON-EVENT: [Processed: 585 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 142]
+             idle: [.....2] [ip4][..udp] [...193.31.25.70][.2011] -> [...51.68.181.92][.2010] [TeamSpeak][Unknown][VoIP][Fun]
      DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/telegram.pcap.out b/test/results/flow-info/telegram.pcap.out
index 23d6b0949..65d660683 100644
--- a/test/results/flow-info/telegram.pcap.out
+++ b/test/results/flow-info/telegram.pcap.out
@@ -92,7 +92,6 @@
               new: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53] 
          detected: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][www.googletagservices.com]
  detection-update: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][www.googletagservices.com]
-                   RISK: Suspicious DNS Traffic
           analyse: [....25] [ip4][..udp] [...192.168.1.77][23174] -> [...192.168.1.52][31480] 
                                         min|      max|      avg|   stddev|       variance| entropy
                    [IAT.........:     0.042|    1.999|    0.261|    0.473|     223426.380|   3.600]
@@ -117,7 +116,6 @@
               new: [....32] [ip4][..udp] [...192.168.1.77][.5812] -> [....192.168.1.1][...53] 
          detected: [....32] [ip4][..udp] [...192.168.1.77][.5812] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][pixel.wp.com]
  detection-update: [....32] [ip4][..udp] [...192.168.1.77][.5812] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][pixel.wp.com]
-                   RISK: Suspicious DNS Traffic
               new: [....33] [ip4][..udp] [...192.168.1.77][54595] -> [....192.168.1.1][...53] 
          detected: [....33] [ip4][..udp] [...192.168.1.77][54595] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe][b._dns-sd._udp.ntop.org]
  detection-update: [.....3] [ip4][..udp] [...192.168.1.53][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_googlecast._tcp.local]
@@ -184,7 +182,6 @@
  detection-update: [....48] [ip4][..udp] [...192.168.1.77][49533] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][e4518.dscx.akamaiedge.net]
  detection-update: [....47] [ip4][..udp] [...192.168.1.77][58615] -> [....192.168.1.1][...53] [DNS.Dropbox][Unknown][Network][Acceptable][telemetry.dropbox.com]
              idle: [....32] [ip4][..udp] [...192.168.1.77][.5812] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
-                   RISK: Suspicious DNS Traffic
              idle: [....16] [ip4][..udp] [...192.168.1.77][61120] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
              idle: [....28] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable]
              idle: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable]
@@ -196,7 +193,6 @@
              idle: [....24] [ip4][..udp] [...192.168.1.77][23174] -> [....91.108.16.4][..538] [Telegram][Telegram][Chat][Acceptable]
              idle: [....23] [ip4][..udp] [...192.168.1.77][23174] -> [.....91.108.8.8][..538] [Telegram][Telegram][Chat][Acceptable]
              idle: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable]
-                   RISK: Suspicious DNS Traffic
              idle: [....18] [ip6][..udp] [...............fe80::4dc:edec:5b0c:a661][.5353] -> [...............................ff02::fb][.5353] 
              idle: [....10] [ip4][..udp] [...192.168.1.77][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
              idle: [....15] [ip4][..udp] [...192.168.1.75][57916] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable]
diff --git a/test/results/flow-info/tor.pcap.out b/test/results/flow-info/tor.pcap.out
index 0f001ff9c..f5e51f8b9 100644
--- a/test/results/flow-info/tor.pcap.out
+++ b/test/results/flow-info/tor.pcap.out
@@ -101,16 +101,6 @@
                    [PKTLENS.....: 52,52,46,253,40,788,174,99,114,1500,142,46,626,40,626,40,626,626,40,626,626,40,626,46,626,40,626,626,40,626,626,40]
                    [ENTROPIES...: 4.5,4.9,4.4,5.4,4.8,7.4,6.7,5.9,6.1,7.8,6.6,4.4,7.7,4.8,7.7,4.7,7.7,7.6,4.7,7.6,7.6,4.7,7.7,4.4,7.7,4.8,7.6,7.7,4.8,7.7,7.7,4.7]
       ERROR-EVENT: Unknown packet type [5/16]
-          analyse: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443] [TLS][Unknown][Web][Safe]
-                                        min|      max|      avg|   stddev|       variance| entropy
-                   [IAT.........:     0.000|    0.755|    0.186|    0.164|      26767.544|   4.500]
-                   [PKTLEN......:    40.000| 1500.000|  337.400|  355.400|     126324.200|   4.200]
-                   [BINS(c->s)..: 5,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-                   [BINS(s->c)..: 9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
-                   [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,0]
-                   [IATS(ms)....: 143.9,144.3,0.7,149.5,37.2,196.0,163.6,154.0,192.3,56.2,0.2,255.1,2.1,152.8,143.9,143.9,44.6,192.1,147.6,608.5,755.3,145.5,149.4,149.8,132.7,281.6,155.0,87.8,477.2,367.8,127.5]
-                   [PKTLENS.....: 52,52,46,250,40,969,238,99,114,40,1500,126,46,626,40,626,40,626,626,40,626,626,40,626,40,626,626,40,626,46,626,52]
-                   [ENTROPIES...: 4.6,4.8,4.4,5.3,4.8,7.6,6.9,5.9,6.1,4.9,7.9,6.4,4.3,7.7,4.7,7.7,4.8,7.6,7.7,4.8,7.6,7.6,4.9,7.6,4.8,7.7,7.6,4.9,7.6,4.5,7.6,4.7]
               end: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443] [TLS][Unknown][Web][Safe]
                    RISK: Obsolete TLS (v1.1 or older)
              idle: [.....5] [ip4][..udp] [..192.168.1.252][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous]
@@ -142,7 +132,7 @@
               new: [....11] [ip6][..udp] [..............fe80::c583:1972:5728:7323][..546] -> [..............................ff02::1:2][..547] 
          detected: [....11] [ip6][..udp] [..............fe80::c583:1972:5728:7323][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable]
            update: [.....4] [ip4][..udp] [....192.168.1.1][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
-     DAEMON-EVENT: [Processed: 3664 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Processed: 1873 pkts][ZLib][compressions: 0|diff: 0 / 0]
      DAEMON-EVENT: [Flows][active: 6 / 11|skipped: 0|!detected: 0|guessed: 1|detection-updates: 7|updates: 5]
           analyse: [.....7] [ip4][..tcp] [..192.168.1.252][51174] -> [.212.83.155.250][..443] [TLS][Unknown][Web][Safe]
                                         min|      max|      avg|   stddev|       variance| entropy
@@ -163,6 +153,6 @@
                    RISK: Obsolete TLS (v1.1 or older)
               end: [.....7] [ip4][..tcp] [..192.168.1.252][51174] -> [.212.83.155.250][..443] [TLS][Unknown][Web][Safe]
                    RISK: Obsolete TLS (v1.1 or older)
-              end: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443] [TLS][Unknown][Web][Safe]
+             idle: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443] [TLS][Unknown][Web][Safe]
                    RISK: Obsolete TLS (v1.1 or older)
      DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/tplink_shp.pcap.out b/test/results/flow-info/tplink_shp.pcap.out
new file mode 100644
index 000000000..e72308fa9
--- /dev/null
+++ b/test/results/flow-info/tplink_shp.pcap.out
@@ -0,0 +1,305 @@
+     DAEMON-EVENT: init
+     DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+              new: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] 
+         detected: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+              new: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] 
+         detected: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+              new: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] 
+         detected: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+              new: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] 
+         detected: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+              new: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] 
+         detected: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+              new: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] 
+         detected: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+              new: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] 
+         detected: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+              new: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] 
+         detected: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+     DAEMON-EVENT: [Processed: 80 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 8 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 73]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+     DAEMON-EVENT: [Processed: 160 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 8 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 153]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+     DAEMON-EVENT: [Processed: 240 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 8 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 233]
+           update: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+           update: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+          analyse: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+                                        min|      max|      avg|   stddev|       variance| entropy
+                   [IAT.........:    59.941|   60.059|   60.014|    0.029|        831.284|   5.000]
+                   [PKTLEN......:    57.000|   57.000|   57.000|    0.000|          0.000|   5.000]
+                   [BINS(c->s)..: 32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [IATS(ms)....: 59981.5,60026.9,60033.5,60026.0,60019.4,60029.1,60007.9,59960.6,60018.5,60041.6,60007.8,60058.7,60009.9,59988.2,60032.8,60028.0,59999.0,60019.8,59971.9,60037.1,60038.4,59969.7,60047.5,60049.6,59970.5,60028.1,60020.9,60058.3,59941.0,60019.2,60000.5]
+                   [PKTLENS.....: 57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57]
+                   [ENTROPIES...: 5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0]
+          analyse: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+                                        min|      max|      avg|   stddev|       variance| entropy
+                   [IAT.........:    58.158|   62.682|   60.014|    0.762|     579959.128|   5.000]
+                   [PKTLEN......:    57.000|   57.000|   57.000|    0.000|          0.000|   5.000]
+                   [BINS(c->s)..: 32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [IATS(ms)....: 60006.9,59992.2,59988.1,60055.9,62042.4,58480.2,59529.0,59979.2,60022.4,59995.8,60040.1,60020.8,60008.8,60011.0,60032.3,59945.9,60060.7,59962.3,60043.9,60010.5,60018.3,62682.1,59182.3,58157.9,60047.2,60012.4,60002.5,60045.8,59979.5,60038.8,60049.7]
+                   [PKTLENS.....: 57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57]
+                   [ENTROPIES...: 5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0]
+          analyse: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+                                        min|      max|      avg|   stddev|       variance| entropy
+                   [IAT.........:    59.882|   60.106|   60.000|    0.033|       1108.379|   5.000]
+                   [PKTLEN......:    57.000|   57.000|   57.000|    0.000|          0.000|   5.000]
+                   [BINS(c->s)..: 32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [IATS(ms)....: 59993.2,60020.4,59991.0,59994.5,60003.7,60005.1,59991.4,60018.9,59983.3,60003.7,59994.5,59997.1,60003.7,59991.5,60013.3,59999.4,60003.1,59995.8,59988.2,60000.2,60004.2,60003.1,60004.0,59996.9,60008.0,60106.3,59882.0,60006.8,59993.7,60005.2,59999.8]
+                   [PKTLENS.....: 57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57]
+                   [ENTROPIES...: 5.2,5.2,5.2,5.2,5.2,5.2,5.2,5.2,5.2,5.1,5.2,5.2,5.2,5.2,5.2,5.2,5.1,5.1,5.2,5.2,5.2,5.1,5.2,5.2,5.2,5.2,5.2,5.2,5.1,5.2,5.2,5.2]
+             idle: [.....6] [ip4][..udp] [192.168.242.122][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+             idle: [.....5] [ip4][..udp] [.192.168.242.98][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+             idle: [.....3] [ip4][..udp] [.192.168.242.99][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+             idle: [.....8] [ip4][..udp] [.192.168.242.33][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+             idle: [.....7] [ip4][..udp] [.192.168.242.32][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+             idle: [.....4] [ip4][..udp] [.192.168.242.38][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+             idle: [.....2] [ip4][..udp] [.192.168.242.40][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+             idle: [.....1] [ip4][..udp] [.192.168.242.41][.9999] -> [255.255.255.255][.9999] [TPLINK_SHP][Unknown][IoT-Scada][Acceptable]
+     DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/tumblr.pcap.out b/test/results/flow-info/tumblr.pcap.out
index cf9ce88e0..de2fc8a64 100644
--- a/test/results/flow-info/tumblr.pcap.out
+++ b/test/results/flow-info/tumblr.pcap.out
@@ -91,16 +91,6 @@
               new: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56842] -> [.....................64:ff9b::c000:4d03][..443] 
          detected: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56842] -> [.....................64:ff9b::c000:4d03][..443] [TLS.Tumblr][Unknown][SocialNetwork][Fun][64.media.tumblr.com]
  detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56842] -> [.....................64:ff9b::c000:4d03][..443] [TLS.Tumblr][Unknown][SocialNetwork][Fun][64.media.tumblr.com]
-          analyse: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56842] -> [.....................64:ff9b::c000:4d03][..443] [TLS.Tumblr][Unknown][SocialNetwork][Fun]
-                                        min|      max|      avg|   stddev|       variance| entropy
-                   [IAT.........:     0.000|    0.070|    0.011|    0.020|        394.564|   3.100]
-                   [PKTLEN......:    72.000| 1472.000|  363.800|  486.500|     236637.800|   4.000]
-                   [BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-                   [BINS(s->c)..: 6,1,0,1,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,4,0,0,0,0]
-                   [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,1,0,0,0,0,0,1,1,1,1,0,1,1,1,1,1,0,0,0]
-                   [IATS(ms)....: 22.6,22.7,0.4,30.7,24.8,0.0,0.0,0.0,54.9,0.0,0.0,0.0,0.0,0.0,1.5,0.2,0.1,59.7,70.2,0.0,0.0,28.6,37.1,0.5,0.0,0.0,0.0,0.0,0.5,0.0,0.0]
-                   [PKTLENS.....: 80,80,72,589,72,1472,1472,1368,1472,72,72,72,72,193,72,136,164,403,403,72,72,72,343,72,343,134,103,1472,408,72,72,72]
-                   [ENTROPIES...: 4.8,5.2,5.1,4.5,5.0,7.8,7.9,7.8,7.9,5.1,5.1,5.2,5.1,6.6,5.1,6.0,6.5,7.4,7.4,5.0,5.0,5.0,7.1,5.2,7.2,6.1,5.6,7.9,7.3,5.2,5.2,5.2]
               new: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56558] -> [.....................64:ff9b::9765:798c][..443] [MIDSTREAM] 
               new: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [MIDSTREAM] 
               new: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49496] -> [...............2a00:1450:4007:815::2003][..443] [MIDSTREAM] 
@@ -229,7 +219,7 @@
              idle: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56794] -> [.....................64:ff9b::c000:4d03][..443] [TLS][Unknown][Web][Safe]
           guessed: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57788] -> [...............2a00:1450:4007:80b::200e][..443] [TLS][Unknown][Web][Safe]
              idle: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57788] -> [...............2a00:1450:4007:80b::200e][..443] 
-             idle: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56842] -> [.....................64:ff9b::c000:4d03][..443] [TLS.Tumblr][Unknown][SocialNetwork][Fun]
+             idle: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56842] -> [.....................64:ff9b::c000:4d03][..443] 
           guessed: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][42674] -> [.....................64:ff9b::4a72:9a15][..443] [TLS][Unknown][Web][Safe]
              idle: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][42674] -> [.....................64:ff9b::4a72:9a15][..443] 
           guessed: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45706] -> [...............2a00:1450:4007:80a::200e][..443] [TLS][Unknown][Web][Safe]
diff --git a/test/results/flow-info/tuya_lp.pcap.out b/test/results/flow-info/tuya_lp.pcap.out
new file mode 100644
index 000000000..49f886ee4
--- /dev/null
+++ b/test/results/flow-info/tuya_lp.pcap.out
@@ -0,0 +1,43 @@
+     DAEMON-EVENT: init
+     DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+              new: [.....1] [ip4][..udp] [192.168.242.181][49154] -> [255.255.255.255][.6667] 
+         detected: [.....1] [ip4][..udp] [192.168.242.181][49154] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+              new: [.....2] [ip4][..udp] [192.168.242.174][49154] -> [255.255.255.255][.6667] 
+         detected: [.....2] [ip4][..udp] [192.168.242.174][49154] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+              new: [.....3] [ip4][..udp] [192.168.242.202][59727] -> [255.255.255.255][.6667] 
+         detected: [.....3] [ip4][..udp] [192.168.242.202][59727] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+              new: [.....4] [ip4][..udp] [192.168.242.177][49154] -> [255.255.255.255][.6667] 
+         detected: [.....4] [ip4][..udp] [192.168.242.177][49154] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+              new: [.....5] [ip4][..udp] [192.168.242.170][49154] -> [255.255.255.255][.6667] 
+         detected: [.....5] [ip4][..udp] [192.168.242.170][49154] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+              new: [.....6] [ip4][..udp] [192.168.242.179][49153] -> [255.255.255.255][.6667] 
+         detected: [.....6] [ip4][..udp] [192.168.242.179][49153] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+              new: [.....7] [ip4][..udp] [192.168.242.172][49154] -> [255.255.255.255][.6667] 
+         detected: [.....7] [ip4][..udp] [192.168.242.172][49154] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+              new: [.....8] [ip4][..udp] [192.168.242.175][49154] -> [255.255.255.255][.6667] 
+         detected: [.....8] [ip4][..udp] [192.168.242.175][49154] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+              new: [.....9] [ip4][..udp] [192.168.242.178][49154] -> [255.255.255.255][.6667] 
+         detected: [.....9] [ip4][..udp] [192.168.242.178][49154] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+              new: [....10] [ip4][..udp] [192.168.242.180][49153] -> [255.255.255.255][.6667] 
+         detected: [....10] [ip4][..udp] [192.168.242.180][49153] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+              new: [....11] [ip4][..udp] [192.168.242.240][59727] -> [255.255.255.255][.6667] 
+         detected: [....11] [ip4][..udp] [192.168.242.240][59727] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+              new: [....12] [ip4][..udp] [192.168.242.234][59727] -> [255.255.255.255][.6667] 
+         detected: [....12] [ip4][..udp] [192.168.242.234][59727] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+              new: [....13] [ip4][..udp] [192.168.242.176][49154] -> [255.255.255.255][.6667] 
+         detected: [....13] [ip4][..udp] [192.168.242.176][49154] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+             idle: [....10] [ip4][..udp] [192.168.242.180][49153] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+             idle: [.....6] [ip4][..udp] [192.168.242.179][49153] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+             idle: [.....9] [ip4][..udp] [192.168.242.178][49154] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+             idle: [....13] [ip4][..udp] [192.168.242.176][49154] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+             idle: [.....8] [ip4][..udp] [192.168.242.175][49154] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+             idle: [.....4] [ip4][..udp] [192.168.242.177][49154] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+             idle: [.....7] [ip4][..udp] [192.168.242.172][49154] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+             idle: [.....5] [ip4][..udp] [192.168.242.170][49154] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+             idle: [.....2] [ip4][..udp] [192.168.242.174][49154] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+             idle: [.....1] [ip4][..udp] [192.168.242.181][49154] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+             idle: [....12] [ip4][..udp] [192.168.242.234][59727] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+             idle: [....11] [ip4][..udp] [192.168.242.240][59727] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+             idle: [.....3] [ip4][..udp] [192.168.242.202][59727] -> [255.255.255.255][.6667] [TuyaLP][Unknown][IoT-Scada][Acceptable]
+     DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/viber.pcap.out b/test/results/flow-info/viber.pcap.out
index f91c1b89d..9b6583702 100644
--- a/test/results/flow-info/viber.pcap.out
+++ b/test/results/flow-info/viber.pcap.out
@@ -121,7 +121,7 @@
          detected: [....27] [ip4][..tcp] [..192.168.2.100][48690] -> [...52.0.252.145][.4244] [Viber][Viber][VoIP][Fun]
               end: [.....5] [ip4][..tcp] [...192.168.0.17][36986] -> [..54.69.166.226][..443] 
               end: [.....6] [ip4][..tcp] [...192.168.0.17][36988] -> [..54.69.166.226][..443] [TLS][AmazonAWS][Web][Safe]
-     not-detected: [....11] [ip4][..udp] [...192.168.0.17][41993] -> [.172.217.23.106][..443] [Unknown][Google][Unrated]
+          guessed: [....11] [ip4][..udp] [...192.168.0.17][41993] -> [.172.217.23.106][..443] [QUIC][Google][Web][Acceptable]
              idle: [....11] [ip4][..udp] [...192.168.0.17][41993] -> [.172.217.23.106][..443] 
              idle: [....19] [ip4][..udp] [...192.168.0.17][47171] -> [....18.201.4.32][.7985] [Viber][AmazonAWS][VoIP][Fun]
              idle: [....20] [ip4][..udp] [...192.168.0.17][47171] -> [....18.201.4.32][.7987] [Viber][AmazonAWS][VoIP][Fun]
@@ -149,11 +149,11 @@
               end: [....22] [ip4][..tcp] [...192.168.0.17][33744] -> [.....18.201.4.3][..443] 
              idle: [.....9] [ip4][..udp] [...192.168.0.17][40445] -> [...192.168.0.15][...53] [DNS.Viber][Unknown][Network][Fun]
      DAEMON-EVENT: [Processed: 435 pkts][ZLib][compressions: 0|diff: 0 / 0]
-     DAEMON-EVENT: [Flows][active: 1 / 27|skipped: 0|!detected: 1|guessed: 3|detection-updates: 20|updates: 4]
+     DAEMON-EVENT: [Flows][active: 1 / 27|skipped: 0|!detected: 0|guessed: 4|detection-updates: 20|updates: 4]
               new: [....28] [ip4][..tcp] [..192.168.2.100][41184] -> [.....52.0.252.2][.5242] 
          detected: [....28] [ip4][..tcp] [..192.168.2.100][41184] -> [.....52.0.252.2][.5242] [Viber][Viber][VoIP][Fun]
      DAEMON-EVENT: [Processed: 446 pkts][ZLib][compressions: 0|diff: 0 / 0]
-     DAEMON-EVENT: [Flows][active: 2 / 28|skipped: 0|!detected: 1|guessed: 3|detection-updates: 20|updates: 4]
+     DAEMON-EVENT: [Flows][active: 2 / 28|skipped: 0|!detected: 0|guessed: 4|detection-updates: 20|updates: 4]
               new: [....29] [ip4][..tcp] [..192.168.2.100][42900] -> [..44.192.202.74][.4244] [MIDSTREAM] 
          detected: [....29] [ip4][..tcp] [..192.168.2.100][42900] -> [..44.192.202.74][.4244] [Viber][AmazonAWS][VoIP][Fun]
              idle: [....29] [ip4][..tcp] [..192.168.2.100][42900] -> [..44.192.202.74][.4244] [Viber][AmazonAWS][VoIP][Fun]
diff --git a/test/results/flow-info/weibo.pcap.out b/test/results/flow-info/weibo.pcap.out
index 59af47738..f43e788b3 100644
--- a/test/results/flow-info/weibo.pcap.out
+++ b/test/results/flow-info/weibo.pcap.out
@@ -35,7 +35,6 @@
               new: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] 
          detected: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun][img.t.sinajs.cn]
  detection-update: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun][img.t.sinajs.cn]
-                   RISK: Suspicious DNS Traffic
               new: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80] 
               new: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] 
               new: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] 
@@ -179,7 +178,6 @@
           guessed: [....43] [ip4][..tcp] [..192.168.1.105][52274] -> [..42.156.184.19][..443] [TLS][Unknown][Web][Safe]
              idle: [....43] [ip4][..tcp] [..192.168.1.105][52274] -> [..42.156.184.19][..443] 
              idle: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun]
-                   RISK: Suspicious DNS Traffic
              idle: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun]
              idle: [....31] [ip4][..udp] [..192.168.1.105][16804] -> [....192.168.1.1][...53] 
           guessed: [....14] [ip4][..tcp] [..192.168.1.105][34699] -> [..216.58.212.65][..443] [TLS][Google][Web][Safe]
@@ -192,7 +190,7 @@
              idle: [....39] [ip4][..tcp] [..192.168.1.105][48356] -> [..140.205.174.1][..443] 
              idle: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun]
              idle: [....24] [ip4][..udp] [..192.168.1.105][33822] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
-     not-detected: [.....1] [ip4][..udp] [..216.58.210.14][..443] -> [..192.168.1.105][49361] [Unknown][Google][Unrated]
+          guessed: [.....1] [ip4][..udp] [..216.58.210.14][..443] -> [..192.168.1.105][49361] [QUIC][Google][Web][Acceptable]
              idle: [.....1] [ip4][..udp] [..216.58.210.14][..443] -> [..192.168.1.105][49361] 
               end: [.....6] [ip4][..tcp] [..192.168.1.105][59119] -> [.114.134.80.162][...80] [HTTP][Unknown][Web][Acceptable]
           guessed: [.....7] [ip4][..tcp] [..192.168.1.105][59120] -> [.114.134.80.162][...80] [HTTP][Unknown][Web][Acceptable][]
@@ -201,7 +199,7 @@
              idle: [.....8] [ip4][..tcp] [..192.168.1.105][59121] -> [.114.134.80.162][...80] 
           guessed: [.....9] [ip4][..tcp] [..192.168.1.105][35154] -> [.216.58.210.206][..443] [TLS][Google][Web][Safe]
              idle: [.....9] [ip4][..tcp] [..192.168.1.105][35154] -> [.216.58.210.206][..443] 
-     not-detected: [.....4] [ip4][..udp] [..192.168.1.105][53656] -> [.216.58.210.227][..443] [Unknown][Google][Unrated]
+          guessed: [.....4] [ip4][..udp] [..192.168.1.105][53656] -> [.216.58.210.227][..443] [QUIC][Google][Web][Acceptable]
              idle: [.....4] [ip4][..udp] [..192.168.1.105][53656] -> [.216.58.210.227][..443] 
              idle: [....33] [ip4][..udp] [..192.168.1.105][50533] -> [....192.168.1.1][...53] 
              idle: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun]
diff --git a/test/results/flow-info/wow.pcap.out b/test/results/flow-info/wow.pcap.out
index 8c790cf3c..c9efd1b34 100644
--- a/test/results/flow-info/wow.pcap.out
+++ b/test/results/flow-info/wow.pcap.out
@@ -5,17 +5,23 @@
               new: [.....2] [ip4][..tcp] [.192.168.178.20][39312] -> [...24.105.29.21][...80] 
          detected: [.....1] [ip4][..tcp] [.192.168.178.20][39309] -> [..12.129.222.53][...80] [HTTP.WorldOfWarcraft][Unknown][Game][Fun][us.scan.worldofwarcraft.com]
          detected: [.....2] [ip4][..tcp] [.192.168.178.20][39312] -> [...24.105.29.21][...80] [HTTP.WorldOfWarcraft][Starcraft][Game][Fun][launcher.worldofwarcraft.com]
+ detection-update: [.....1] [ip4][..tcp] [.192.168.178.20][39309] -> [..12.129.222.53][...80] [HTTP.WorldOfWarcraft][Unknown][Game][Fun][us.scan.worldofwarcraft.com]
+                   RISK: HTTP Suspicious User-Agent
+ detection-update: [.....2] [ip4][..tcp] [.192.168.178.20][39312] -> [...24.105.29.21][...80] [HTTP.WorldOfWarcraft][Starcraft][Game][Fun][launcher.worldofwarcraft.com]
+                   RISK: HTTP Suspicious User-Agent
               new: [.....3] [ip4][..tcp] [.192.168.178.20][39329] -> [.12.129.228.153][.3724] 
          detected: [.....3] [ip4][..tcp] [.192.168.178.20][39329] -> [.12.129.228.153][.3724] [WorldOfWarcraft][Unknown][Game][Fun]
               new: [.....4] [ip4][..tcp] [.192.168.178.20][39364] -> [.12.129.228.153][.3724] 
          detected: [.....4] [ip4][..tcp] [.192.168.178.20][39364] -> [.12.129.228.153][.3724] [WorldOfWarcraft][Unknown][Game][Fun]
      DAEMON-EVENT: [Processed: 82 pkts][ZLib][compressions: 0|diff: 0 / 0]
-     DAEMON-EVENT: [Flows][active: 4 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+     DAEMON-EVENT: [Flows][active: 4 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 0]
               new: [.....5] [ip4][..tcp] [.192.168.178.20][39593] -> [.12.129.228.152][.3724] 
          detected: [.....5] [ip4][..tcp] [.192.168.178.20][39593] -> [.12.129.228.152][.3724] [WorldOfWarcraft][Unknown][Game][Fun]
              idle: [.....3] [ip4][..tcp] [.192.168.178.20][39329] -> [.12.129.228.153][.3724] [WorldOfWarcraft][Unknown][Game][Fun]
              idle: [.....4] [ip4][..tcp] [.192.168.178.20][39364] -> [.12.129.228.153][.3724] [WorldOfWarcraft][Unknown][Game][Fun]
              idle: [.....5] [ip4][..tcp] [.192.168.178.20][39593] -> [.12.129.228.152][.3724] [WorldOfWarcraft][Unknown][Game][Fun]
               end: [.....1] [ip4][..tcp] [.192.168.178.20][39309] -> [..12.129.222.53][...80] [HTTP.WorldOfWarcraft][Unknown][Game][Fun]
+                   RISK: HTTP Suspicious User-Agent
               end: [.....2] [ip4][..tcp] [.192.168.178.20][39312] -> [...24.105.29.21][...80] [HTTP.WorldOfWarcraft][Starcraft][Game][Fun]
+                   RISK: HTTP Suspicious User-Agent
      DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/zoom.pcap.out b/test/results/flow-info/zoom.pcap.out
index 27a394823..db2c95518 100644
--- a/test/results/flow-info/zoom.pcap.out
+++ b/test/results/flow-info/zoom.pcap.out
@@ -30,13 +30,13 @@
               new: [....11] [ip4][..tcp] [..192.168.1.117][54798] -> [..13.225.84.182][..443] [MIDSTREAM] 
          detected: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][Zoom][Video][Acceptable][log.zoom.us]
               new: [....12] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.37.14][.3478] 
+         detected: [....12] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.37.14][.3478] [STUN.Zoom][Zoom][Video][Acceptable][]
  detection-update: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][Zoom][Video][Acceptable][log.zoom.us]
  detection-update: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][Zoom][Video][Acceptable][log.zoom.us]
-         detected: [....12] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.37.14][.3478] [STUN][Zoom][Network][Acceptable][]
               new: [....13] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.38.14][.3478] 
-         detected: [....13] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.38.14][.3478] [STUN][Zoom][Network][Acceptable][]
+         detected: [....13] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.38.14][.3478] [STUN.Zoom][Zoom][Video][Acceptable][]
               new: [....14] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.38.14][.3479] 
-         detected: [....14] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.38.14][.3479] [STUN][Zoom][Network][Acceptable][]
+         detected: [....14] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.38.14][.3479] [STUN.Zoom][Zoom][Video][Acceptable][]
                    RISK: Known Proto on Non Std Port
               new: [....15] [ip4][..tcp] [..192.168.1.117][53867] -> [..104.199.65.42][...80] [MIDSTREAM] 
               new: [....16] [ip4][..tcp] [..192.168.1.117][53872] -> [..35.186.224.53][..443] [MIDSTREAM] 
@@ -156,9 +156,9 @@
              idle: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] 
              idle: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] 
              idle: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][Zoom][Video][Acceptable]
-             idle: [....13] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.38.14][.3478] [STUN][Zoom][Network][Acceptable]
-             idle: [....12] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.37.14][.3478] [STUN][Zoom][Network][Acceptable]
-             idle: [....14] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.38.14][.3479] [STUN][Zoom][Network][Acceptable]
+             idle: [....13] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.38.14][.3478] [STUN.Zoom][Zoom][Video][Acceptable]
+             idle: [....12] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.37.14][.3478] [STUN.Zoom][Zoom][Video][Acceptable]
+             idle: [....14] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.38.14][.3479] [STUN.Zoom][Zoom][Video][Acceptable]
                    RISK: Known Proto on Non Std Port
              idle: [.....2] [ip4][..udp] [..192.168.1.117][.5353] -> [....224.0.0.251][.5353] 
              idle: [....22] [ip4][..udp] [..192.168.1.117][57621] -> [..192.168.1.255][57621] [Spotify][Unknown][Music][Fun]
diff --git a/test/results/flow-info/zoom2.pcap.out b/test/results/flow-info/zoom2.pcap.out
index f707d4c6d..871a30cae 100644
--- a/test/results/flow-info/zoom2.pcap.out
+++ b/test/results/flow-info/zoom2.pcap.out
@@ -19,7 +19,8 @@
                    [PKTLENS.....: 64,60,52,569,52,1492,1492,1268,814,52,52,52,52,178,103,52,208,127,52,1492,767,52,1492,442,52,200,52,102,1330,52,1330,256]
                    [ENTROPIES...: 4.3,5.2,5.1,4.4,5.1,7.2,7.4,7.5,7.6,5.0,5.0,5.0,5.0,6.5,5.8,4.9,6.8,6.3,5.0,7.9,7.7,5.1,7.9,7.5,5.0,6.7,5.0,6.0,7.9,5.0,7.9,6.9]
               new: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] 
-          analyse: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] 
+         detected: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] [RTP.Zoom][Zoom][Video][Acceptable]
+          analyse: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] [RTP.Zoom][Zoom][Video][Acceptable]
                                         min|      max|      avg|   stddev|       variance| entropy
                    [IAT.........:     0.000|    0.167|    0.025|    0.040|       1639.456|   3.600]
                    [PKTLEN......:    46.000| 1064.000|  704.700|  464.600|     215864.300|   4.600]
@@ -29,11 +30,11 @@
                    [IATS(ms)....: 101.4,166.6,0.0,73.0,12.3,100.4,0.0,101.8,73.0,11.9,4.9,10.9,10.5,10.1,0.2,9.2,10.4,10.3,11.4,0.0,0.3,9.4,8.6,5.4,4.9,0.1,10.8,10.0,10.5,9.4,0.2]
                    [PKTLENS.....: 151,151,72,46,156,156,72,46,156,88,88,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,88,1064,1064,1064,1064,1064,1064,1064]
                    [ENTROPIES...: 5.8,5.8,4.9,4.2,5.4,5.6,4.8,4.3,5.6,4.7,4.7,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.6,4.8,0.6,0.6,0.6,0.6,0.6,0.6,0.6]
-          guessed: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] [Zoom][Zoom][Video][Acceptable]
-         detected: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] [Zoom][Zoom][Video][Acceptable]
               new: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] 
               new: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] 
-          analyse: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] 
+         detected: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] [RTP.Zoom][Zoom][Video][Acceptable]
+         detected: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] [RTP.Zoom][Zoom][Video][Acceptable]
+          analyse: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] [RTP.Zoom][Zoom][Video][Acceptable]
                                         min|      max|      avg|   stddev|       variance| entropy
                    [IAT.........:     0.000|    0.176|    0.043|    0.049|       2389.122|   4.100]
                    [PKTLEN......:    46.000|  189.000|  129.000|   35.800|       1279.800|   4.900]
@@ -43,9 +44,7 @@
                    [IATS(ms)....: 98.5,176.4,0.1,85.5,9.5,94.8,0.0,99.9,94.2,12.3,1.9,12.4,20.6,17.0,20.1,168.4,18.0,3.6,10.9,10.3,19.4,32.1,20.9,115.3,0.0,17.8,18.7,20.1,20.2,21.5,85.5]
                    [PKTLENS.....: 151,151,72,46,156,156,72,46,156,88,88,161,164,154,149,145,116,88,149,92,143,144,134,135,166,189,116,150,148,143,144,116]
                    [ENTROPIES...: 5.8,5.8,4.9,4.4,5.6,5.6,4.8,4.4,5.5,4.7,4.7,6.0,6.0,5.9,5.8,5.7,5.1,4.7,5.8,4.7,5.7,5.7,5.6,5.6,6.0,6.2,5.3,5.7,5.7,5.7,5.7,5.2]
-          guessed: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] [Zoom][Zoom][Video][Acceptable]
-         detected: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] [Zoom][Zoom][Video][Acceptable]
-          analyse: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] 
+          analyse: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] [RTP.Zoom][Zoom][Video][Acceptable]
                                         min|      max|      avg|   stddev|       variance| entropy
                    [IAT.........:     0.000|    0.188|    0.047|    0.043|       1844.784|   4.300]
                    [PKTLEN......:    46.000|  171.000|   91.100|   44.600|       1993.400|   4.800]
@@ -55,14 +54,12 @@
                    [IATS(ms)....: 102.1,187.6,0.0,105.6,0.1,93.5,0.0,87.6,70.7,0.1,106.0,0.0,21.5,32.8,59.0,0.0,48.4,5.5,49.5,50.2,0.0,0.0,55.2,45.7,56.3,52.4,0.0,59.8,52.1,47.7,58.6]
                    [PKTLENS.....: 153,153,72,46,163,163,72,46,163,163,163,103,103,55,55,171,55,55,103,55,103,103,55,55,55,55,103,55,55,55,55,55]
                    [ENTROPIES...: 5.8,5.9,4.8,4.3,5.5,5.5,4.8,4.4,5.6,5.5,5.6,4.4,4.5,3.6,3.9,5.5,3.6,3.9,4.5,3.7,4.5,4.5,3.9,3.7,4.0,3.7,4.5,3.9,3.7,3.9,3.9,3.7]
-          guessed: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] [Zoom][Zoom][Video][Acceptable]
-         detected: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] [Zoom][Zoom][Video][Acceptable]
               new: [.....5] [ip4][.icmp] [..192.168.1.178] -> [.144.195.73.154] 
          detected: [.....5] [ip4][.icmp] [..192.168.1.178] -> [.144.195.73.154] [ICMP][Zoom][Network][Acceptable]
-             idle: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] [Zoom][Zoom][Video][Acceptable]
+             idle: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] [RTP.Zoom][Zoom][Video][Acceptable]
               end: [.....1] [ip4][..tcp] [..192.168.1.178][50076] -> [.144.195.73.154][..443] [TLS.Zoom][Zoom][Video][Acceptable]
                    RISK: TLS (probably) Not Carrying HTTPS
-             idle: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] [Zoom][Zoom][Video][Acceptable]
-             idle: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] [Zoom][Zoom][Video][Acceptable]
+             idle: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] [RTP.Zoom][Zoom][Video][Acceptable]
+             idle: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] [RTP.Zoom][Zoom][Video][Acceptable]
              idle: [.....5] [ip4][.icmp] [..192.168.1.178] -> [.144.195.73.154] [ICMP][Zoom][Network][Acceptable]
      DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/zoom_p2p.pcapng.out b/test/results/flow-info/zoom_p2p.pcapng.out
new file mode 100644
index 000000000..1b20d0107
--- /dev/null
+++ b/test/results/flow-info/zoom_p2p.pcapng.out
@@ -0,0 +1,113 @@
+     DAEMON-EVENT: init
+     DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+              new: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] 
+         detected: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
+              new: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] 
+         detected: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local]
+           update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
+           update: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] 
+           update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
+           update: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] 
+              new: [.....3] [ip4][..udp] [.192.168.12.156][39065] -> [.206.247.87.213][.3478] 
+         detected: [.....3] [ip4][..udp] [.192.168.12.156][39065] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable][]
+              new: [.....4] [ip4][..udp] [.192.168.12.156][38453] -> [.206.247.87.213][.3478] 
+         detected: [.....4] [ip4][..udp] [.192.168.12.156][38453] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable][]
+              new: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] 
+         detected: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable]
+           update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
+              new: [.....6] [ip4][..udp] [.192.168.12.156][38453] -> [..192.168.1.226][41036] 
+           update: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable]
+           update: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] 
+              new: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757] 
+          analyse: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757] 
+                                        min|      max|      avg|   stddev|       variance| entropy
+                   [IAT.........:     0.000|    0.089|    0.026|    0.021|        430.173|   4.500]
+                   [PKTLEN......:   113.000| 1277.000|  673.700|  485.600|     235788.400|   4.500]
+                   [BINS(c->s)..: 0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,1,0,0,0,0,0,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [BINS(s->c)..: 0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,1,0,0,0,0,0,0,0,0]
+                   [DIRECTIONS..: 0,1,0,1,1,0,1,0,1,1,0,1,0,0,1,0,1,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0]
+                   [IATS(ms)....: 8.4,10.2,12.0,0.1,14.3,5.0,17.5,37.3,28.4,52.5,29.0,88.6,0.2,71.3,10.8,22.4,0.1,28.5,48.7,32.5,39.0,13.4,0.2,30.2,24.5,22.8,31.8,53.4,31.8,40.1,10.0]
+                   [PKTLENS.....: 113,113,113,113,113,113,113,113,113,113,113,1246,1056,1056,1246,800,1245,119,1245,800,800,1245,800,799,118,831,1245,1277,1043,1043,1257,1043]
+                   [ENTROPIES...: 4.9,4.8,4.8,4.9,4.9,4.8,4.8,4.9,4.8,4.8,4.8,7.8,0.5,0.5,7.8,7.7,7.8,5.8,7.8,7.7,7.7,7.8,7.7,7.7,5.8,7.7,7.8,7.8,7.8,7.8,7.8,7.8]
+          guessed: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757] [Zoom][Unknown][Video][Acceptable]
+         detected: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757] [Zoom][Unknown][Video][Acceptable]
+           update: [.....4] [ip4][..udp] [.192.168.12.156][38453] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.12.156][39065] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable]
+           update: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable]
+           update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
+           update: [.....6] [ip4][..udp] [.192.168.12.156][38453] -> [..192.168.1.226][41036] 
+           update: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable]
+           update: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757] [Zoom][Unknown][Video][Acceptable]
+           update: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] 
+           update: [.....4] [ip4][..udp] [.192.168.12.156][38453] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.12.156][39065] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable]
+           update: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable]
+           update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
+             idle: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable]
+           update: [.....6] [ip4][..udp] [.192.168.12.156][38453] -> [..192.168.1.226][41036] 
+           update: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757] [Zoom][Unknown][Video][Acceptable]
+           update: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] 
+           update: [.....4] [ip4][..udp] [.192.168.12.156][38453] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable]
+           update: [.....3] [ip4][..udp] [.192.168.12.156][39065] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable]
+             idle: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] 
+           update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
+          guessed: [.....6] [ip4][..udp] [.192.168.12.156][38453] -> [..192.168.1.226][41036] [Zoom][Unknown][Video][Acceptable]
+             idle: [.....6] [ip4][..udp] [.192.168.12.156][38453] -> [..192.168.1.226][41036] 
+             idle: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757] [Zoom][Unknown][Video][Acceptable]
+             idle: [.....4] [ip4][..udp] [.192.168.12.156][38453] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable]
+             idle: [.....3] [ip4][..udp] [.192.168.12.156][39065] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable]
+              new: [.....8] [ip4][..udp] [.192.168.12.156][49579] -> [.206.247.10.253][.3478] 
+         detected: [.....8] [ip4][..udp] [.192.168.12.156][49579] -> [.206.247.10.253][.3478] [STUN.Zoom][Zoom][Video][Acceptable][]
+              new: [.....9] [ip4][..udp] [.192.168.12.156][42208] -> [.206.247.10.253][.3478] 
+         detected: [.....9] [ip4][..udp] [.192.168.12.156][42208] -> [.206.247.10.253][.3478] [STUN.Zoom][Zoom][Video][Acceptable][]
+              new: [....10] [ip4][.icmp] [.206.247.10.253] -> [.192.168.12.156] 
+         detected: [....10] [ip4][.icmp] [.206.247.10.253] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable]
+              new: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] 
+         detected: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local]
+           update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
+          analyse: [....10] [ip4][.icmp] [.206.247.10.253] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable]
+                                        min|      max|      avg|   stddev|       variance| entropy
+                   [IAT.........:     0.000|    2.031|    0.974|    1.005|    1010541.658|   3.900]
+                   [PKTLEN......:   100.000|  100.000|  100.000|    0.000|          0.000|   5.000]
+                   [BINS(c->s)..: 0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [IATS(ms)....: 0.0,2023.3,0.0,2021.5,0.0,2008.4,0.0,2013.5,0.0,1994.8,0.0,2022.5,0.0,1990.7,0.1,2022.2,0.0,2022.0,0.1,1995.4,0.0,2020.2,0.0,2002.2,3.1,1996.9,3.1,2014.1,0.0,2030.9,0.0]
+                   [PKTLENS.....: 100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100]
+                   [ENTROPIES...: 5.4,5.3,5.2,5.3,5.4,5.3,5.4,5.3,5.4,5.3,5.3,5.4,5.3,5.3,5.3,5.4,5.3,5.4,5.3,5.3,5.3,5.3,5.3,5.3,5.4,5.3,5.3,5.4,5.4,5.3,5.4,5.3]
+              new: [....12] [ip4][..udp] [.192.168.12.156][42208] -> [...10.78.14.178][47312] 
+              new: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586] 
+           update: [....10] [ip4][.icmp] [.206.247.10.253] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable]
+          analyse: [....12] [ip4][..udp] [.192.168.12.156][42208] -> [...10.78.14.178][47312] 
+                                        min|      max|      avg|   stddev|       variance| entropy
+                   [IAT.........:     0.000|    0.052|    0.013|    0.016|        253.890|   4.000]
+                   [PKTLEN......:   112.000|  112.000|  112.000|    0.000|          0.000|   5.000]
+                   [BINS(c->s)..: 0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [IATS(ms)....: 0.2,27.3,11.2,7.7,6.8,1.5,0.1,13.3,6.9,1.7,40.5,0.2,15.5,0.6,33.3,0.2,50.8,0.4,5.9,5.7,52.3,0.4,7.2,2.3,22.7,0.2,31.0,0.2,40.9,0.2,22.6]
+                   [PKTLENS.....: 112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112]
+                   [ENTROPIES...: 5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0]
+          guessed: [....12] [ip4][..udp] [.192.168.12.156][42208] -> [...10.78.14.178][47312] [Zoom][Unknown][Video][Acceptable]
+         detected: [....12] [ip4][..udp] [.192.168.12.156][42208] -> [...10.78.14.178][47312] [Zoom][Unknown][Video][Acceptable]
+          analyse: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586] 
+                                        min|      max|      avg|   stddev|       variance| entropy
+                   [IAT.........:     0.000|    0.055|    0.027|    0.014|        209.331|   4.700]
+                   [PKTLEN......:   112.000|  112.000|  112.000|    0.000|          0.000|   5.000]
+                   [BINS(c->s)..: 0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [IATS(ms)....: 23.8,0.3,29.8,1.6,40.5,0.5,22.7,46.4,8.7,38.1,43.6,20.5,19.3,34.0,24.4,41.5,21.1,25.0,31.1,47.2,23.8,22.9,54.8,6.0,45.0,14.9,26.8,31.6,48.3,23.8,18.7]
+                   [PKTLENS.....: 112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112]
+                   [ENTROPIES...: 4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9]
+          guessed: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586] [Zoom][Unknown][Video][Acceptable]
+         detected: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586] [Zoom][Unknown][Video][Acceptable]
+             idle: [....10] [ip4][.icmp] [.206.247.10.253] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable]
+             idle: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586] [Zoom][Unknown][Video][Acceptable]
+             idle: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
+             idle: [.....9] [ip4][..udp] [.192.168.12.156][42208] -> [.206.247.10.253][.3478] [STUN.Zoom][Zoom][Video][Acceptable]
+             idle: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] 
+             idle: [....12] [ip4][..udp] [.192.168.12.156][42208] -> [...10.78.14.178][47312] [Zoom][Unknown][Video][Acceptable]
+             idle: [.....8] [ip4][..udp] [.192.168.12.156][49579] -> [.206.247.10.253][.3478] [STUN.Zoom][Zoom][Video][Acceptable]
+     DAEMON-EVENT: shutdown
diff --git a/test/results/forticlient.pcap.out b/test/results/forticlient.pcap.out
index f85641f03..cedf21eca 100644
--- a/test/results/forticlient.pcap.out
+++ b/test/results/forticlient.pcap.out
@@ -60,9 +60,9 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6523605 bytes
-~~ total memory freed........: 6523605 bytes
-~~ total allocations/frees...: 124515/124515
+~~ total memory allocated....: 6528542 bytes
+~~ total memory freed........: 6528542 bytes
+~~ total allocations/frees...: 124525/124525
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 496 chars
 ~~ json string max len.......: 2436 chars
diff --git a/test/results/ftp-start-tls.pcap.out b/test/results/ftp-start-tls.pcap.out
index 61b1115a5..a92a6b062 100644
--- a/test/results/ftp-start-tls.pcap.out
+++ b/test/results/ftp-start-tls.pcap.out
@@ -22,9 +22,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6419584 bytes
-~~ total memory freed........: 6419584 bytes
-~~ total allocations/frees...: 122495/122495
+~~ total memory allocated....: 6424489 bytes
+~~ total memory freed........: 6424489 bytes
+~~ total allocations/frees...: 122505/122505
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 498 chars
 ~~ json string max len.......: 1929 chars
diff --git a/test/results/ftp.pcap.out b/test/results/ftp.pcap.out
index bf0269b44..72635f565 100644
--- a/test/results/ftp.pcap.out
+++ b/test/results/ftp.pcap.out
@@ -35,9 +35,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6456089 bytes
-~~ total memory freed........: 6456089 bytes
-~~ total allocations/frees...: 123654/123654
+~~ total memory allocated....: 6461010 bytes
+~~ total memory freed........: 6461010 bytes
+~~ total allocations/frees...: 123664/123664
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 488 chars
 ~~ json string max len.......: 2431 chars
diff --git a/test/results/ftp_failed.pcap.out b/test/results/ftp_failed.pcap.out
index 39f72d4f4..18eb604c7 100644
--- a/test/results/ftp_failed.pcap.out
+++ b/test/results/ftp_failed.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414343 bytes
-~~ total memory freed........: 6414343 bytes
-~~ total allocations/frees...: 122456/122456
+~~ total memory allocated....: 6419248 bytes
+~~ total memory freed........: 6419248 bytes
+~~ total allocations/frees...: 122466/122466
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 495 chars
 ~~ json string max len.......: 1104 chars
diff --git a/test/results/fuzz-2006-06-26-2594.pcap.out b/test/results/fuzz-2006-06-26-2594.pcap.out
index 75fe7de6d..2abb95da3 100644
--- a/test/results/fuzz-2006-06-26-2594.pcap.out
+++ b/test/results/fuzz-2006-06-26-2594.pcap.out
@@ -97,7 +97,7 @@
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1120469633828778,"flow_dst_last_pkt_time":1120469633828778,"flow_idle_time":200000000,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1120469633828778,"pkt":"ADBUADRWEODtAW69CABFAAA9aasAAIARTbHAqAECwKgBAQqfADUAKUpe7dQBAAABAAAAAAAAA2Z0cAdlY2l0ZWxlA2NvbQAAAQAB"}
 01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469633828778,"flow_src_last_pkt_time":1120469633828778,"flow_dst_last_pkt_time":1120469633828778,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469633828778,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ftp.ecitele.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1120469633828778,"flow_dst_last_pkt_time":1120469634840520,"flow_idle_time":200000000,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1120469634840520,"pkt":"AODtAW69ADBUADRWCABFAACaAABAAEARtv\/AqAEBwKgBAgA1Cp8Ahtfh7dSBgAABAAKzAgABA2Z0cLxlY2l0ZexlA2NvbQAAAQABwAwABQABAAAC9QAGA2Ruc8AQwC0AAQABAAAAIQAEk+oB\/cAQAAIAAQAAA0MAEQJucwViYXJhawNuZXQCaWwAwBAAAgABAAADQwACwC3ATwABAGoAAAARAATUljCp"}
-01166{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120469633828778,"flow_src_last_pkt_time":1120469633828778,"flow_dst_last_pkt_time":1120469634840520,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":126,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":126,"midstream":0,"thread_ts_usec":1120469634840520,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"147.234.1.253"}}}
+01160{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120469633828778,"flow_src_last_pkt_time":1120469633828778,"flow_dst_last_pkt_time":1120469634840520,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":126,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":126,"midstream":0,"thread_ts_usec":1120469634840520,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469634878338,"flow_src_last_pkt_time":1120469634878338,"flow_dst_last_pkt_time":1120469634878338,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469634878338,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1120469634878338,"flow_dst_last_pkt_time":1120469634878338,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1120469634878338,"pkt":"ADBUAHNWAODtAW69CABFAAAwaaxAAIAGOYrAqAECk+oB\/QqgABWvnVkPAABkAHACQABuKwAAAgQFtAEBBAI="}
 00298{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469634896583,"packet_id":45,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1120469634896583}
@@ -187,7 +187,7 @@
 01063{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120469664171980,"flow_src_last_pkt_time":1120469680185381,"flow_dst_last_pkt_time":1120469664171980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469680185381,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469680186878,"flow_src_last_pkt_time":1120469680186878,"flow_dst_last_pkt_time":1120469680186878,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469680186878,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1120469680186878,"flow_dst_last_pkt_time":1120469680186878,"flow_idle_time":200000000,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120469680186878,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CqMAR8XBQdaAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRzBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469680186878,"flow_src_last_pkt_time":1120469680186878,"flow_dst_last_pkt_time":1120469680186878,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469680186878,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2723,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-adds.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":10000,"rsp_addr":"0.0.0.0"}}}
+01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469680186878,"flow_src_last_pkt_time":1120469680186878,"flow_dst_last_pkt_time":1120469680186878,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469680186878,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2723,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-adds.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 01112{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1120469590455801,"flow_dst_last_pkt_time":1120469680188467,"flow_idle_time":200000000,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"thread_ts_usec":1120469680188467,"pkt":"ADBUADRWAODtAW69CABFAAHvac4AAIARF3DAqAEC1PIhIxPEE8QB29MsUkVHSVN0RVIgcGlwOnNpcC5jeWJlcmO3dHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4DjEuMjticmFuY2g9ejloRzRiS24lcwAwNTIwMTk5LTQ4OWQ1MjBmMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAw2lwLnB5YmVyY2l0eS5kaz47dGFnPTg2MDJiMTQNClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlGOiA1NzgyMjI3MjktNGs2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9OWM3ZDJkYmQ4ODIyMDEzYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDcwIFJFR0lTVEVSDQpDb25mZW50LUxlbmd0aDogMA0KTWF4LUZvcndhcmRzOiA3MA0KVXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNg0KDQo="}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1120469680330692,"flow_dst_last_pkt_time":1120469680188467,"flow_idle_time":200000000,"pkt_caplen":528,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":528,"pkt_l4_len":494,"thread_ts_usec":1120469680330692,"pkt":"AODtAW69ADBUADRWCABFAAICAABAADcRiivU8iEjwKgBAhPEE8QB7uWqU0lQLzIuMCA0MDEgVW5hdXRob3JpJXMADQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA3MCBSRUdJU1RFUg0KRnJvbTogPHNpcDp2b2kxODA2M0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9ODYwMmIxNA0KVG86IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTAwLTA0MDg5LTE3MDFiMDUwLTYxYWM0Yzk0Mw0KVmlhOiBTSVAvMi4wL1UlcwAxOTIuMTY4LjEuMjtyZWNlaXZlZD04MC4yMzAuMjE5LjcwO3Jwb3J0PTUwNjA7YnJhbiVzAHo5aEc0YktucDE0MDUyMDE5OS00ODlkNTMwZjE5Mi4xNjguMS4yDQpXV1ctQXV0aGVudGljYXRlOiBEaWdlc3QgcmVhbG09InNpcC5jeWJlcmdpdHkuZGsiLG5vbmNlPSIxNzAxYjA0MjA3M2U0MGRjM2FjN2FkYjA1MmFkNDFkIixvU2FxdWU9IjE3MDFhMTM1MWY3MDc5NSIsc3RhbGU9ZmFsc2UsYWxnb3JpdGhtPU1ENQ0KQ29udGVudC1MZW5ndGg6IDANCg0K"}
 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469680447016,"flow_src_last_pkt_time":1120469680447016,"flow_dst_last_pkt_time":1120469680447016,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469680447016,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":9587,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -306,7 +306,7 @@
 01056{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469847666186,"flow_src_last_pkt_time":1120469847666186,"flow_dst_last_pkt_time":1120469847666186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469847666186,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.115.1","src_port":2733,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arqa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469847667702,"flow_src_last_pkt_time":1120469847667702,"flow_dst_last_pkt_time":1120469847667702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469847667702,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1120469847667702,"flow_dst_last_pkt_time":1120469847667702,"flow_idle_time":200000000,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120469847667702,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1Cq0ARz61yNiAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwmEb2NhbGhvc3QA"}
-01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469847667702,"flow_src_last_pkt_time":1120469847667702,"flow_dst_last_pkt_time":1120469847667702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469847667702,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":10000,"rsp_addr":"0.0.0.0"}}}
+01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469847667702,"flow_src_last_pkt_time":1120469847667702,"flow_dst_last_pkt_time":1120469847667702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469847667702,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00738{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":143,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469847669186,"flow_src_last_pkt_time":1120469847669186,"flow_dst_last_pkt_time":1120469847669186,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":475,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":475,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":475,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469847669186,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","l4_proto":120,"flow_datalink":1,"flow_max_packets":5}
 01112{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1120469847669186,"flow_dst_last_pkt_time":1120469847669186,"flow_idle_time":620000000,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"thread_ts_usec":1120469847669186,"pkt":"ADBUADRWAODtAVK9CABFAAHvaiZJAIB4FxjAqAEC1PIhIxPEE8QB25tyUkVmSVNURVIgc2lZOnNpcC5jeWJlckdpdHkyZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTZxJXMAMjticmFuY2g9ejloRzRiS25wMTIzNzU5MDYzLTQ2NGJjMWJiMTkyLjE2OC4xLjI7cpdvcnQNaUZyb206IDxzaXA6dm9pMTgwNjJAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTc2MDY5ZTQNClRvOiA8c2lwOnZvaTE4MDYyQHNpcC5jeWJlcmNpdHkuZGs+QwpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWOqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469847979011,"flow_src_last_pkt_time":1120469847979011,"flow_dst_last_pkt_time":1120469847979011,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469847979011,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -326,7 +326,7 @@
 01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469864991331,"flow_src_last_pkt_time":1120469864991331,"flow_dst_last_pkt_time":1120469864991331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469864991331,"l3_proto":"ip4","src_ip":"200.168.1.2","dst_ip":"192.168.1.1","src_port":2735,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-adds.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469864992832,"flow_src_last_pkt_time":1120469864992832,"flow_dst_last_pkt_time":1120469864992832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469864992832,"l3_proto":"ip4","src_ip":"253.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2735,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1120469864992832,"flow_dst_last_pkt_time":1120469864992832,"flow_idle_time":200000000,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120469864992832,"pkt":"AODzAW69ADBUADRWCABFAABbAABAAEARtz79qAEBwKgBAgA1Cq8ARxOw89uAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469864992832,"flow_src_last_pkt_time":1120469864992832,"flow_dst_last_pkt_time":1120469864992832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469864992832,"l3_proto":"ip4","src_ip":"253.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2735,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":10000,"rsp_addr":"0.0.0.0"}}}
+01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469864992832,"flow_src_last_pkt_time":1120469864992832,"flow_dst_last_pkt_time":1120469864992832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469864992832,"l3_proto":"ip4","src_ip":"253.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2735,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00855{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469680447016,"flow_src_last_pkt_time":1120469680447016,"flow_dst_last_pkt_time":1120469680447016,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469865145161,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":9587,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00768{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469680447016,"flow_src_last_pkt_time":1120469680447016,"flow_dst_last_pkt_time":1120469680447016,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469865145161,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":9587,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00767{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120469664171980,"flow_src_last_pkt_time":1120469680185381,"flow_dst_last_pkt_time":1120469664171980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469865145161,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -410,7 +410,7 @@
 01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469973957831,"flow_src_last_pkt_time":1120469973957831,"flow_dst_last_pkt_time":1120469973957831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469973957831,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2741,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469973959320,"flow_src_last_pkt_time":1120469973959320,"flow_dst_last_pkt_time":1120469973959320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469973959320,"l3_proto":"ip4","src_ip":"192.168.130.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2741,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1120469973959320,"flow_dst_last_pkt_time":1120469973959320,"flow_idle_time":200000000,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120469973959320,"pkt":"YuDtAW69ADBUADRWCABFAABbAABAAEARtz7AqIIBwKgBAgA1CrUAR9PFM8CAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469973959320,"flow_src_last_pkt_time":1120469973959320,"flow_dst_last_pkt_time":1120469973959320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469973959320,"l3_proto":"ip4","src_ip":"192.168.130.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2741,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":10000,"rsp_addr":"0.0.0.0"}}}
+01056{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469973959320,"flow_src_last_pkt_time":1120469973959320,"flow_dst_last_pkt_time":1120469973959320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469973959320,"l3_proto":"ip4","src_ip":"192.168.130.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2741,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00768{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":194,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469922894014,"flow_src_last_pkt_time":1120469922894014,"flow_dst_last_pkt_time":1120469922894014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469973960445,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2684,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00769{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":194,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120469921898259,"flow_src_last_pkt_time":1120469930905493,"flow_dst_last_pkt_time":1120469921898259,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469973960445,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2736,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00769{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":194,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469924897763,"flow_src_last_pkt_time":1120469924897763,"flow_dst_last_pkt_time":1120469924897763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469973960445,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.17","src_port":2736,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -476,7 +476,7 @@
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_src_last_pkt_time":1120470032081813,"flow_dst_last_pkt_time":1120470032081813,"flow_idle_time":200000000,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120470032081813,"pkt":"ADBUADRWAODtAW69CABFAABEamYAAIARTO\/AqAGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470032083301,"flow_src_last_pkt_time":1120470032083301,"flow_dst_last_pkt_time":1120470032083301,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470032083301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2745,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_src_last_pkt_time":1120470032083301,"flow_dst_last_pkt_time":1120470032083301,"flow_idle_time":200000000,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470032083301,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CrkARxK+9MOAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAfRAACwlsb2NhbGhvc3QA"}
-01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470032083301,"flow_src_last_pkt_time":1120470032083301,"flow_dst_last_pkt_time":1120470032083301,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470032083301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2745,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":32016,"rsp_addr":"0.0.0.0"}}}
+01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470032083301,"flow_src_last_pkt_time":1120470032083301,"flow_dst_last_pkt_time":1120470032083301,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470032083301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2745,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470032178937,"flow_src_last_pkt_time":1120470032178937,"flow_dst_last_pkt_time":1120470032178937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470032178937,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_src_last_pkt_time":1120470032178937,"flow_dst_last_pkt_time":1120470032178937,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470032178937,"pkt":"ADBUADRWAODtAW69CABFAABIO2gAAIARTOnAqAECwKgBAQq6ADUANMsPhMQBAAABAAAAAAAABF9zaXAEX3VkcAR2b2lwB2JydWp1bGEDbmV0AAAhIAE="}
 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470032178937,"flow_src_last_pkt_time":1120470032178937,"flow_dst_last_pkt_time":1120470032178937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470032178937,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.voip.brujula.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -508,7 +508,7 @@
 01053{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049185972,"flow_src_last_pkt_time":1120470049185972,"flow_dst_last_pkt_time":1120470049185972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470049185972,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"67.168.1.1","src_port":2747,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049187466,"flow_src_last_pkt_time":1120470049187466,"flow_dst_last_pkt_time":1120470049187466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470049187466,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2747,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_src_last_pkt_time":1120470049187466,"flow_dst_last_pkt_time":1120470049187466,"flow_idle_time":200000000,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470049187466,"pkt":"AODtJXMAADBUAG9WCABFAABbAABAAEARnD7AqAEBwKgBAgA1CrsARxW68cWAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049187466,"flow_src_last_pkt_time":1120470049187466,"flow_dst_last_pkt_time":1120470049187466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470049187466,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2747,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":10000,"rsp_addr":"0.0.0.0"}}}
+01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049187466,"flow_src_last_pkt_time":1120470049187466,"flow_dst_last_pkt_time":1120470049187466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470049187466,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2747,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470049188993,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":822,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":822,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470049188993,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":4932,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_src_last_pkt_time":1120470049188993,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"thread_ts_usec":1120470049188993,"pkt":"ADBUADRWAODtAW69CABFAANSam4AAIARykzAqAECyER4URPEE0QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC9hLjCEClZpYTogU0lQLzIuMC9VRFEgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloR3ZiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCldyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2l2LmJydXJqdWxhLm5ldD47dGFnPTY0M1dlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDWwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgS05WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGNwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29uJXMAdDogPHNpcHM4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUizsT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQZyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLDE2OA4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRw32FwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zIi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtq3BWMTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"}
 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470049188993,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":822,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":822,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470049188993,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":4932,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
@@ -539,7 +539,7 @@
 01149{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470066200488,"flow_src_last_pkt_time":1120470066200488,"flow_dst_last_pkt_time":1120470066200488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470066200488,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2749,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470066201945,"flow_src_last_pkt_time":1120470066201945,"flow_dst_last_pkt_time":1120470066201945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470066201945,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_src_last_pkt_time":1120470066201945,"flow_dst_last_pkt_time":1120470066201945,"flow_idle_time":200000000,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470066201945,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1Cq0AR+y1GsiAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470066201945,"flow_src_last_pkt_time":1120470066201945,"flow_dst_last_pkt_time":1120470066201945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470066201945,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":10000,"rsp_addr":"0.0.0.0"}}}
+01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470066201945,"flow_src_last_pkt_time":1120470066201945,"flow_dst_last_pkt_time":1120470066201945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470066201945,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470066203124,"packet_id":238,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":10240,"global_ts_usec":1120470066203124}
 00330{"packet_event_id":1,"packet_event_name":"packet","packet_id":238,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_caplen":47,"pkt_type":10240,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":47,"pkt_l4_len":0,"thread_ts_usec":1120470066201945,"pkt":"ADBUADRWAODtAW69KABFAAAhankAAIARGJPAqAEC1PIhIxPEE8QADcBLICAgICA="}
 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":239,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470066293853,"flow_src_last_pkt_time":1120470066293853,"flow_dst_last_pkt_time":1120470066293853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470066293853,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -780,7 +780,7 @@
 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470216686822,"flow_src_last_pkt_time":1120470216686822,"flow_dst_last_pkt_time":1120470216686822,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470216686822,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2761,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_src_last_pkt_time":1120470216686822,"flow_dst_last_pkt_time":1120470216686822,"flow_idle_time":200000000,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":17,"thread_ts_usec":1120470216686822,"pkt":"ADBUADRWAODtAW69CABFAAAlcwAAAIARTJrAqAECwKgBAQrJADUAMPj\/K\/YAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":2,"flow_src_last_pkt_time":1120470216686822,"flow_dst_last_pkt_time":1120470216688322,"flow_idle_time":200000000,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470216688322,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CskAR9t7K\/aAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470216686822,"flow_src_last_pkt_time":1120470216686822,"flow_dst_last_pkt_time":1120470216688322,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470216688322,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2761,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":10000,"rsp_addr":"0.0.0.0"}}}
+01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470216686822,"flow_src_last_pkt_time":1120470216686822,"flow_dst_last_pkt_time":1120470216688322,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470216688322,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2761,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":314,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470216783289,"flow_src_last_pkt_time":1120470216783289,"flow_dst_last_pkt_time":1120470216783289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470216783289,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_src_last_pkt_time":1120470216783289,"flow_dst_last_pkt_time":1120470216783289,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470216783289,"pkt":"ADBUADRWAODtAW69CABFAABIar0AAIARTJTAqAECwKgBAQrKADUANKsCfvgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470216783289,"flow_src_last_pkt_time":1120470216783289,"flow_dst_last_pkt_time":1120470216783289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470216783289,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -836,7 +836,7 @@
 01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470250805892,"flow_src_last_pkt_time":1120470250805892,"flow_dst_last_pkt_time":1120470250805892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470250805892,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470250807372,"flow_src_last_pkt_time":1120470250807372,"flow_dst_last_pkt_time":1120470250807372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470250807372,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2765,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_src_last_pkt_time":1120470250807372,"flow_dst_last_pkt_time":1120470250807372,"flow_idle_time":200000000,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470250807372,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1Cs0AR55waP2AAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyhGFycGEAAAwAAcAMAAwAJXMAJxAAawlsb2NhbGhvc3QA"}
-01155{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470250807372,"flow_src_last_pkt_time":1120470250807372,"flow_dst_last_pkt_time":1120470250807372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470250807372,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2765,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":10000,"rsp_addr":"0.0.0.0"}}}
+01151{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470250807372,"flow_src_last_pkt_time":1120470250807372,"flow_dst_last_pkt_time":1120470250807372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470250807372,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2765,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":336,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470250906414,"flow_src_last_pkt_time":1120470250906414,"flow_dst_last_pkt_time":1120470250906414,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470250906414,"l3_proto":"ip4","src_ip":"192.168.1.172","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_src_last_pkt_time":1120470250906414,"flow_dst_last_pkt_time":1120470250906414,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470250906414,"pkt":"ADBUADRWAODtAW69CABFAABIas4AAIARTIPAqAGswKgBAQrOADUANK35e\/0BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":336,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470250906414,"flow_src_last_pkt_time":1120470250906414,"flow_dst_last_pkt_time":1120470250906414,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470250906414,"l3_proto":"ip4","src_ip":"192.168.1.172","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -1068,7 +1068,7 @@
 01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470402624214,"flow_src_last_pkt_time":1120470402624214,"flow_dst_last_pkt_time":1120470402624214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470402624214,"l3_proto":"ip4","src_ip":"192.168.33.2","dst_ip":"192.168.1.1","src_port":2782,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470402625817,"flow_src_last_pkt_time":1120470402625817,"flow_dst_last_pkt_time":1120470402625817,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470402625817,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_src_last_pkt_time":1120470402625817,"flow_dst_last_pkt_time":1120470402625817,"flow_idle_time":200000000,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470402625817,"pkt":"AeDtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1Ct4AR7d4T+SAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470402625817,"flow_src_last_pkt_time":1120470402625817,"flow_dst_last_pkt_time":1120470402625817,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470402625817,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":10000,"rsp_addr":"0.0.0.0"}}}
+01055{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470402625817,"flow_src_last_pkt_time":1120470402625817,"flow_dst_last_pkt_time":1120470402625817,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470402625817,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":400,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470402627133,"flow_src_last_pkt_time":1120470402627133,"flow_dst_last_pkt_time":1120470402627133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470402627133,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_src_last_pkt_time":1120470402627133,"flow_dst_last_pkt_time":1120470402627133,"flow_idle_time":200000000,"pkt_caplen":47,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":47,"pkt_l4_len":13,"thread_ts_usec":1120470402627133,"pkt":"ADBUADRWAODtAW69CABFAAAhaz4AAIARF87AqAEG1PIhIxPEE8QADcBLICAgICA="}
 00301{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470407625543,"packet_id":401,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2566,"global_ts_usec":1120470407625543}
@@ -1114,7 +1114,7 @@
 01154{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470431656040,"flow_src_last_pkt_time":1120470431656040,"flow_dst_last_pkt_time":1120470431656040,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470431656040,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2784,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":14087,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470431657512,"flow_src_last_pkt_time":1120470431657512,"flow_dst_last_pkt_time":1120470431657512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470431657512,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.5.2","src_port":53,"dst_port":2784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_src_last_pkt_time":1120470431657512,"flow_dst_last_pkt_time":1120470431657512,"flow_idle_time":200000000,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470431657512,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgFAgA1CuAAR2l1neWAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFzcGEAAAwAAcAMAAwAAQAAJyVzAAlsb2NhbGhvc3QA"}
-01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470431657512,"flow_src_last_pkt_time":1120470431657512,"flow_dst_last_pkt_time":1120470431657512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470431657512,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.5.2","src_port":53,"dst_port":2784,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.aspa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":10021,"rsp_addr":"0.0.0.0"}}}
+01055{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470431657512,"flow_src_last_pkt_time":1120470431657512,"flow_dst_last_pkt_time":1120470431657512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470431657512,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.5.2","src_port":53,"dst_port":2784,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.aspa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00302{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470439142760,"packet_id":411,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":18688,"global_ts_usec":1120470439142760}
 00382{"packet_event_id":1,"packet_event_name":"packet","packet_id":411,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_caplen":86,"pkt_type":18688,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470431658642,"pkt":"ADBUADRWAODtAW69SQBFAIBIa1EAAIARTADAqAECwKgBAQrhADUANAD+KOYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_src_last_pkt_time":1120470187656855,"flow_dst_last_pkt_time":1120470440137922,"flow_idle_time":620000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470440137922,"pkt":"ADBUADRWAODtAW69CABFAABIa1LfAEwlcwDAqAECwKgBAQrhADUANAD+KOYBAAABAAAAQAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
@@ -1526,7 +1526,7 @@
 01055{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":522,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470814186350,"flow_src_last_pkt_time":1120470814186350,"flow_dst_last_pkt_time":1120470814186350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470814186350,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2799,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":523,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470814187906,"flow_src_last_pkt_time":1120470814187906,"flow_dst_last_pkt_time":1120470814187906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470814187906,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.119.2","src_port":53,"dst_port":2799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_src_last_pkt_time":1120470814187906,"flow_dst_last_pkt_time":1120470814187906,"flow_idle_time":200000000,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470814187906,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKh3AgA1Cu8AR+s3HBSAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAUAAAJxAACwlsb2NhbGhvc3QA"}
-01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":523,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470814187906,"flow_src_last_pkt_time":1120470814187906,"flow_dst_last_pkt_time":1120470814187906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470814187906,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.119.2","src_port":53,"dst_port":2799,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":10000,"rsp_addr":"0.0.0.0"}}}
+01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":523,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470814187906,"flow_src_last_pkt_time":1120470814187906,"flow_dst_last_pkt_time":1120470814187906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470814187906,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.119.2","src_port":53,"dst_port":2799,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 01397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":2,"flow_src_last_pkt_time":1120470796941095,"flow_dst_last_pkt_time":1120470814189540,"flow_idle_time":200000000,"pkt_caplen":721,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":721,"pkt_l4_len":687,"thread_ts_usec":1120470814189540,"pkt":"ADBUADRWAODtAW69CABFAALDa6kAAIARFMHAqAEC1PIhIxPEE8QCr1LWUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMjcxMTExNzUtNDMzMGM5ZDYxOTIuMTY4LjEuMjtycG9ydA0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MTlkYjMxNg0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz6GCkNhbGwtSUQ6IHI5ODU4MTQ3LTQ2NWIwNzUyQDI5ODU4MDUxLTQ2NWIwN2IyDQpDb250YWN0OiBwZWwgPHNpcDozNTEwXzcyM0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9N2QzNjU1OGYzRzM2NzA1MT47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDIgUkVHSVNURVINCkNvbnRlbnQtTGVuZ3RoOiAwDQpBdXRob3JpemF0aW9uOiBEaWdlc3QgdXNlcm5hbWU9InZvaTE4MDYyIixyZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsdXJpPSJzaXA6MTkyLjE2OC4xLjIiLG5vbmNlPSIxNzAxYjkzMzNlODcxMzJlN2Y3NDdjNTA3MjYzZDkzIixvcGFxdWU9IjE3MDFhMTM1MWY3MDc5NSIsbmM9IhIwMDAwMDAxIixyZXNwb25zZT0iMGRmOTZlYjUyOGJiNjMwYTE2ZmQwMjUyNjE4Y2YzY2IiDQpNYXgtRm9yd2FyZHM6IDcwDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQoNCg=="}
 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":525,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470814334275,"flow_src_last_pkt_time":1120470814334275,"flow_dst_last_pkt_time":1120470814334275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470814334275,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_src_last_pkt_time":1120470814334275,"flow_dst_last_pkt_time":1120470814334275,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470814334275,"pkt":"ADBUADRWAODtAW69CABFAABIa6oAAIARS6fAqAECwKgBAQrwADUANDG\/+BUBAAABAAAAAAAABF9zxXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
@@ -1608,7 +1608,7 @@
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_src_last_pkt_time":1120470865650089,"flow_dst_last_pkt_time":1120470865650089,"flow_idle_time":200000000,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120470865650089,"pkt":"ADBUADRWAODtAW69CABFAABEa8UAAIARS5DAqAECwKgBAQr1ADMAMFWvzyVzAAABAAAAAAAAATEBMAEwAzEyNwdpbj1hZGRyBGFmcGEAAAwAAQ=="}
 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470865651601,"flow_src_last_pkt_time":1120470865651601,"flow_dst_last_pkt_time":1120470865651601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470865651601,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2805,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_src_last_pkt_time":1120470865651601,"flow_dst_last_pkt_time":1120470865651601,"flow_idle_time":200000000,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470865651601,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CvUARzgrzxqAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsbmNhbGhvc3QA"}
-01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470865651601,"flow_src_last_pkt_time":1120470865651601,"flow_dst_last_pkt_time":1120470865651601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470865651601,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2805,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":10000,"rsp_addr":"0.0.0.0"}}}
+01055{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470865651601,"flow_src_last_pkt_time":1120470865651601,"flow_dst_last_pkt_time":1120470865651601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470865651601,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2805,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470865712571,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470865712571,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_src_last_pkt_time":1120470865712571,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470865712571,"pkt":"ADBUADRWAODtAW69CABFAABIa8cAAIARS4rAqAECwKgBAQr2ADUANKezghsBAAABAAAAAAAABF9zaU0EX3VkcANzaXAJY3tiZXJbaXRNAmRrAAAhAAE="}
 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470865712571,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470865712571,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sim._udp.sip.c_ber_itm.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -2123,9 +2123,9 @@
 ~~ total active/idle flows...: 257/257
 ~~ total timeout flows.......: 2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6920167 bytes
-~~ total memory freed........: 6920167 bytes
-~~ total allocations/frees...: 125858/125858
+~~ total memory allocated....: 6927120 bytes
+~~ total memory freed........: 6927120 bytes
+~~ total allocations/frees...: 125868/125868
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 303 chars
 ~~ json string max len.......: 2304 chars
diff --git a/test/results/fuzz-2006-09-29-28586.pcap.out b/test/results/fuzz-2006-09-29-28586.pcap.out
index 24c2b3ff6..e8715474d 100644
--- a/test/results/fuzz-2006-09-29-28586.pcap.out
+++ b/test/results/fuzz-2006-09-29-28586.pcap.out
@@ -12,7 +12,7 @@
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1031854488666676,"flow_dst_last_pkt_time":1031854488666676,"flow_idle_time":3285032704,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1031854488666676,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxKdAAEAGF+qsFAMNrBQDBQBQCinJpw1U5EuqimASgyxGZAAAAgQFtA=="}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1031854488666676,"flow_dst_last_pkt_time":1031854488666851,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1031854488666851,"pkt":"CAAgsl17AFCLk5N8CABFAAAo9UpAAIAGp0qsFAMFrBQDDQopAFDkS6qKyacNVVAQIji\/FQAAAgQFtGDD"}
 02454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1031854488666676,"flow_dst_last_pkt_time":1031854488667479,"flow_idle_time":3285032704,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1031854488667479,"pkt":"CAAgsl17AFCLk5N8CABFAAXc9kpAAIAGoJasFAMFrBQDDQopAFDkS6qKyacNVVAQIjheTQAAUE9TVCAvc2VydmxldHMvbW1zIEhUVFAvMS4xDQpIb3N8OiAxNzIuMjAuMy4xMw0KT3B0OiDQaHR0cDovL3d3dy53My5vcmdtMTk5OS8wNi8yNC1DQ1BQZXhjaGFuZ2UiOyBucz01Ng0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlDQpBY2NlcHQ6IGFwcGxpY2F0aW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuDQpVc2VyLUFnZW50OiBTb255RXJpY3Nzb25UNjgvUjIwMUENCkFjY2VwdC1DaGFyc2V0OiAqDQo1Ni1Qcm9maWxlLURpZmYtMTowPD94bWwgdmVyc2lvbj0iMS4wIj8+PHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3Lnd2Lm9yZy8xOTk5LzAyL6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
-00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1031854488666676,"flow_src_last_pkt_time":1031854488666676,"flow_dst_last_pkt_time":1031854488667479,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1031854488667479,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00991{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1031854488666676,"flow_src_last_pkt_time":1031854488666676,"flow_dst_last_pkt_time":1031854488667479,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1031854488667479,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {"request_content_type":"application\/vnd.wap.mms-message"}}}
 02454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1031854488666676,"flow_dst_last_pkt_time":1031854488667572,"flow_idle_time":3285032704,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1031854488667572,"pkt":"CAAgsl17AFCLk5N8CABFAAXc90pAAIAGn5asFAMFrBQDDQopAFDkS7A+yacNVVAQIjhRbwAAMjAxLnhtbCIsIjEtT3dQVndnTWs4aXRxR3gwOGZNWXVTdz09IiwiMi1IZ0NURVFFMW8ydmVOM0ZCeW8xLzVnPT0iLCIzLXpJdGdzSXlLQnBCem01c2xPb2RISEE9PSINCkNvb2tpZTogVXNlci1JZGVudGl0eS1Gb3J3YXJkLXBwcC11c2VybmFtZT02QzZENjM2RDZGNkM2Ng0KQ29vmmllOiBVc3VyLUlkZW50aXR5LUZvcndhcmQtbXNpc2RuPTM0MzkzMTPXMzIzNjMxMzAzMTMwMzAzNA0KQ29va2llOiBVc2VyLUlkZW5kaXR5LUF1dGhlbnRpY2F0aW9uPUJlYXJlcg0KQ29va2llOiBJcC1BZGRyZXNzPTE5Mi4xNjh3Mi4xMw0KQ29va2mOOiBCZWFyJXMAVHlwZT1VRFANCldBUC1Db25uZWN0aW9uOiBTdGFjay1UeXBlPUNPDQpDb29raWU6IHd0bHMtc2VjdXJpdHktbGV2ZWw9bm9uZQ0KQ29udGVudC1MZW5ndGg6IDM5NTYNCg0KjICYMS05Z2EwAI2QhQQ9gOeoiQGBlys0OTE3MjYxMDEwMDQvVFlQRT1QTE1OAJZSRTogAIqAiASBAg4Qj4GUgYaAkICEqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854488668075,"flow_src_last_pkt_time":1031854488668075,"flow_dst_last_pkt_time":1031854488668075,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854488668075,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":81,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1031854488668075,"flow_dst_last_pkt_time":1031854488668075,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1031854488668075,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKhAAEAGF+2sFAMNrBQDBQBRCinJpw1V5EuwPlAQgyxYbQAA"}
@@ -29,7 +29,7 @@
 01624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1031854489006736,"flow_dst_last_pkt_time":1031854489005121,"flow_idle_time":3285032704,"pkt_caplen":894,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":894,"pkt_l4_len":860,"thread_ts_usec":1031854489006736,"pkt":"AFCLk5N8CAAgsl0UCABFAANwxK9AAEAGFJ6sFAMNrBQDBc+MAFDJtO3L5E2aD1AYgyzm2AAALS1tc2dwYXJ0XzBfMTAzOF8xMDMxODU0NDg4OTk5DQpDb250ZW50LVR5cGU6IGFwcGxpuWF0aW9uL0ZtbA0KDQo8P3htbCB2JXMAaW9uPSIxLjAiPz4NCjwhRE9DVFlQRSBwYXAgUFVCTElDICItLy9XQVBGT1JVTS+DRFREIFBBUCAxLjAvL0VOIg0KICAgICAgICAgImh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9wYXBfMS4wLmR0ZCI+DQo8cGFwPg2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854489007208,"flow_src_last_pkt_time":1031854489007208,"flow_dst_last_pkt_time":1031854489007208,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":89,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854489007208,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1031854489007208,"flow_dst_last_pkt_time":1031854489007208,"flow_idle_time":3285032704,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":1031854489007208,"pkt":"CAAgsl17AFCLk5N8CABFAACB\/UpAAIAGnvGsFAMBrBQDDQBQz4zkTZoPybTxE1AYHbQX8gAASFRUUC8xLjEgMTAwIENvbnRpbnVlDQpTZXJ2ZXI6IE1pY3Jvc29mdC1JSVMvNC4wDQpQYXRlOiBUaHUsIDEyIFNlcCAyMDAyIDE3OjU4OjU2IEdNVA0KDQo="}
-00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854489007208,"flow_src_last_pkt_time":1031854489007208,"flow_dst_last_pkt_time":1031854489007208,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":89,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854489007208,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854489007208,"flow_src_last_pkt_time":1031854489007208,"flow_dst_last_pkt_time":1031854489007208,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":89,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854489007208,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854489031542,"flow_src_last_pkt_time":1031854489031542,"flow_dst_last_pkt_time":1031854489031542,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":141,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854489031542,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.57.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1031854489031542,"flow_dst_last_pkt_time":1031854489031542,"flow_idle_time":3285032704,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1031854489031542,"pkt":"CAAgsl17AFCLk5N8CABFAAC1\/kpAAIAGnb2sFAMFrDkDDQBQz4zkTZpoybTxE1AYHbQrwQAASFRUby8xLjEgMjAyIEFjY2VwdGVkDQpTZXJ2ZXI6IE1pY3Jvc29mdC1JSVMvNC4wDQpEYXRlOiBUaHUsIDEyIFNlcCAyMDUyIDE3OjU4OjU2IEdNVA0KQ29udGVudC1MZW5ndGg6IDQyNw0KJXMAdGVudC1UeXBlOiBhcHBsaWNhdGlvbi94bWwNCg0K"}
 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854489131959,"flow_src_last_pkt_time":1031854489131959,"flow_dst_last_pkt_time":1031854489131959,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":427,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":427,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":427,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854489131959,"l3_proto":"ip4","src_ip":"172.6.3.5","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -45,6 +45,7 @@
 01191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854495447686,"flow_src_last_pkt_time":1031854495447686,"flow_dst_last_pkt_time":1031854495447686,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":708,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":708,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":708,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854495447686,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"172.20.3.13","http": {"url":"172.20.3.13.servlets\/mms","code":0,"content_type":"","user_agent":"","request_content_type":"application\/xml"}}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1031854495447686,"flow_dst_last_pkt_time":1031854495448529,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1031854495448529,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxLZAAEAGF9+sFAMNrBQDBQBQCirJ0hrh5GTKL1AQgywwqwAA"}
 01159{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1031854495447686,"flow_dst_last_pkt_time":1031854495554910,"flow_idle_time":3285032704,"pkt_caplen":541,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":541,"pkt_l4_len":507,"thread_ts_usec":1031854495554910,"pkt":"AFCLk5N8CAAgsjZ7CABFAAIPxLdAAEAGU\/esFAMNrBQDBQBQCirJ0hrh5GTKL1AYgyw7RQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3htbA0KY29udGVudC1MZW5ndGg6IDM1OA0KRGF0ZTogVGh1LCAxMiBTZXAgMjAwMiAxODoxNDo1NSBHTVQNCg0KPD94bWzfdmVyc2lvbj0iMS4wIj8+DQo8IURPQ1RZUEUgcGFwIFBVQkxJQyAiLS8vV0FQRk\/+VU0vL0RURCBQQVAgMS4wLy9FTiIgImh0dHA6Ly93d3cud2FwZlVyd20ub3JnL0RURC9wYXBfMS4wL2R0ZCI+DVQ8cGFwPg0KPHJlc3VsdG5vdGlmaWNhdGlvbi1yZXNwb25zZSBwdXNoLWlkPSIxODkzMDFfMTAzMTg1NDQ4ODk5N18xMDM4QGdlY2RzMi5tb2JpbGl0eWxhYi5uZXQiIGNvZGU9IjEwMDAiIGRlc2M9Ik93Ij4NCjxhZ2RyZXPPIDNkZHJlc3MtdmFsdWU9IldBUFBVU0g9KzQ5MTcyNjEwMTAwNC9UWVBFclBMTU5AMTcyLjIwLjMuNSI+PC9hZGRyZXNzPg0KPC9yZXN1bHRub3RpZmljYXRpb24tcmVzcCVzAGU+DQo8L3BhcKqqqg=="}
+01336{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1031854495447686,"flow_src_last_pkt_time":1031854495447686,"flow_dst_last_pkt_time":1031854495554910,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":708,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":708,"flow_dst_max_l4_payload_len":487,"flow_src_tot_l4_payload_len":708,"flow_dst_tot_l4_payload_len":487,"midstream":1,"thread_ts_usec":1031854495554910,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"172.20.3.13","http": {"url":"172.20.3.13.servlets\/mms","code":200,"content_type":"application\/xml","user_agent":"","request_content_type":"application\/xml"}}}
 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1031854495700200,"flow_dst_last_pkt_time":1031854495554910,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1031854495700200,"pkt":"CAAgsl17AFCLk5N8CABFAAAoDEtAAIAGkEqsFAMFrBQDDQoqAFDkZMovydIcyFAQIFGRnwAAAABMjAAA"}
 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854499919193,"flow_src_last_pkt_time":1031854499919193,"flow_dst_last_pkt_time":1031854499919193,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854499919193,"l3_proto":"ip4","src_ip":"172.20.3.88","dst_ip":"172.20.3.82","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1031854499919193,"flow_dst_last_pkt_time":1031854499919193,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1031854499919193,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxLhAAEAGF92sFANYrBQDUgBQCinJpw4S5EvBTlAQgyxGoAAA"}
@@ -87,7 +88,7 @@
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1031854535022424,"flow_dst_last_pkt_time":1031854535022424,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1031854535022424,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxMZAAEAGF8+sFAMNrBRMBQBQ\/i3KbXHM5PFhlFAQgyxBMAAA"}
 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854535090106,"flow_src_last_pkt_time":1031854535090106,"flow_dst_last_pkt_time":1031854535090106,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":143,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":143,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854535090106,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1031854535090106,"flow_dst_last_pkt_time":1031854535090106,"flow_idle_time":3285032704,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_usec":1031854535090106,"pkt":"AFCLk5N8CAAgsl17CABFAAC3xMdAAEAGFz+sFAMNLBQDBQBQCi3KbXHM5PFjO1AYgyyWzgAASFRUUC8xLjEgMjIwIE9LDQpTZXJ2ZXI6IEJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3Zuay53YXAubW1zLW1lc3NhZ2UNCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBUaHUsIDEyIFNlcCAyMDAyIDE4OjFKOjM1IEdNVA0KDQo="}
-00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854535090106,"flow_src_last_pkt_time":1031854535090106,"flow_dst_last_pkt_time":1031854535090106,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":143,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":143,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854535090106,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854535090106,"flow_src_last_pkt_time":1031854535090106,"flow_dst_last_pkt_time":1031854535090106,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":143,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":143,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854535090106,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00299{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1031854535294275,"packet_id":76,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1031854535294275}
 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":76,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1031854535090106,"pkt":"CAAgsl17AFCLk5N8CAAQAAAoKUtAAIAGc0qsFAMFrBQDDQotAFDk8WM7ym1yW1AQIamgfQAAYXRpb24v"}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1031854543322142,"flow_dst_last_pkt_time":1031854495447303,"flow_idle_time":620000000,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1031854543322142,"pkt":"AFCLk5N8CAAgsl17CABFAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
@@ -109,7 +110,7 @@
 00337{"packet_event_id":1,"packet_event_name":"packet","packet_id":91,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_usec":1031854557803574,"pkt":"AFCLk5N8kgAgsl2cCAAlcwAoxM5AAEAGF8esFAMNrBQDBQB+Ci7KxfhF5UF0EVAQgyynkAAA"}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854557975651,"flow_src_last_pkt_time":1031854557975651,"flow_dst_last_pkt_time":1031854557975651,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":1460,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854557975651,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 02459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1031854557975651,"flow_dst_last_pkt_time":1031854557975651,"flow_idle_time":3285032704,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1031854557975651,"pkt":"AFCLk5N8CAAgsl17CABFAAXcxM9AAEAGEhKsFAMNrBRIBQBQCi7KxfhF5UF0EVAQg2xUTwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2Zds6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcJVpY2F0aU9uL3ZuZC53YXAubW1zLW1lQnNhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA0MDAzDQpEYXRlOiBEaHUsIDEyI1NlcCAyMDAyIDE4OjEzOjU3IEdNVA0KDQqMhJgxODkzMDEAjZCLMTg5MzAwQGdlY2RzMi5tb2JpbGl0eWxhYi5uZXQAhQQ9gOeoiRmAKzQ5MTcyNjEwMTAwNC9UWVBFPVBMTU4Alys0OTE3MjYxMDEwMDQvVFlQRT1QTE1OAJZSRTogAIqAj4GGgJCAhBuziWFwcGxpY2F0aW9uL3NtaWwAijxBQUHJPgACF5sIFmF1ZGlvL89tcgCFTWVtb18yLmFtcgAjIUFNUgoEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEAAAAAAAAIAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEYMHXD3zV\/8IgwWAMBAJCE3zKTS6yvWim2AQAaW9MjVBAFq9g49AEG3NPa5xSPjJCwdiuBGBzXCVzANBaejQlAgQt3KzJjOxe+tzME8YEwHMjOLJPC9RhIk1GBGcB9hyMVB+ymov9JgQcc+TIiquQD7ex2a4EwPA8+J0C0fnQHsHIBAJrIB2IKQBtWLyT3gRGCgMIhBG3oPgxOIIEYApux4qh3leJmGFmBAPwbXU1e9R22GaS9AQACnMDejLvmEUFMqwEnXCQ+IVVpDVVYOcgBAMm+YOVuf\/qr8C7EASdBxxFjGX+HDtZYUwEHBnMGjW5n+PI4knwBBsK4SmqTS8eSRtrYAQiJjP5kk8lcwBI1AgEHAoP2II8axveMUxCBBwKU3dDqfCKT69HlgQcGbBpzQqeNOKNF6oEwAEga4ImSmqwxRZQBFAp8rg96cDaFckq\/gRlAdboXdDfSI5Fhs4Eygrc660OMDBW5HaEBBsHdhiinThEsf5noAQbGQJaMx0Ha8dBdkAEbgqMCaJz67tCjYyGBFYKElgduY8Vu4Zy7gQiCozpdU1ad0ULON4ERAcMeDUZFTuMPjUeBCQG2xs90aDTRIjGIgQiCgWIMmeabddj5oQEHBPho51DgcHKVONABDMmMbh6HE7Qii8JIgQxKT03NTDED6MOAHwEACa6M6Mfl1xY4Ih2BG4p2Zgatr88WCLapAQAJndLPeWwjkERZqQEHCkMM4JXinkRKYxyBCMyCApUNjcVUeFBtAQpCgn4gisK1K1VbUYEGQr9sTV75X6826qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
-00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854557975651,"flow_src_last_pkt_time":1031854557975651,"flow_dst_last_pkt_time":1031854557975651,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":1460,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854557975651,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854557975651,"flow_src_last_pkt_time":1031854557975651,"flow_dst_last_pkt_time":1031854557975651,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":1460,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854557975651,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 01182{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":93,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1031854557802049,"flow_src_last_pkt_time":1031854557802834,"flow_dst_last_pkt_time":1031854557975679,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1819,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1031854557975679,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"172.20.3.13","http": {"url":"172.20.3.13\/servlets\/mms?message-id=189301","code":0,"content_type":"","user_agent":""}}}
 00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854562320952,"flow_src_last_pkt_time":1031854562320952,"flow_dst_last_pkt_time":1031854562320952,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1031854562320952,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2607,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1031854562320952,"flow_dst_last_pkt_time":1031854562320952,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1031854562320952,"pkt":"CAAgsl1rAFCLk5N8CABFAAAsPltAAIAGXkasFAMFrBQDDQovAFDlUj+sAAAAAGACIADqbQAAAgQFtAAA"}
@@ -122,7 +123,7 @@
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1031854562321775,"flow_dst_last_pkt_time":1031854562322500,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1031854562322500,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxNNAAEAGF8KsFAMNrBQDBQBQCi\/K2yc25VJFYVAQgyynKAAA"}
 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854562401771,"flow_src_last_pkt_time":1031854562401771,"flow_dst_last_pkt_time":1031854562401771,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854562401771,"l3_proto":"ip4","src_ip":"172.20.2.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2607,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1031854562401771,"flow_dst_last_pkt_time":1031854562401771,"flow_idle_time":3285032704,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":39,"thread_ts_usec":1031854562401771,"pkt":"AFCLk5N8CAAgsl17CABFAAA7xNRAAEAGFzKsFAINrBQDBQBQCi\/K2yc25VJHCFAYgyz\/yAAASFRUUC8xLjEgMjAwIE9LDQpTZXN2ZXI6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0eW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCnRvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBUaHUsIDEyIFNlcCAyMDAyIDE4OjE2OjAyIEdNVA0KDQo="}
-00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854562401771,"flow_src_last_pkt_time":1031854562401771,"flow_dst_last_pkt_time":1031854562401771,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854562401771,"l3_proto":"ip4","src_ip":"172.20.2.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2607,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01064{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854562401771,"flow_src_last_pkt_time":1031854562401771,"flow_dst_last_pkt_time":1031854562401771,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854562401771,"l3_proto":"ip4","src_ip":"172.20.2.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2607,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854562488164,"flow_src_last_pkt_time":1031854562488164,"flow_dst_last_pkt_time":1031854562488164,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1031854562488164,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53193,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1031854562488164,"flow_dst_last_pkt_time":1031854562488164,"flow_idle_time":3285032704,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1031854562488164,"pkt":"AHWLk5N8CAAgsl17CABFAAAwxNVAAEAGF7isFAMNrBQDBc\/JAFDK5CpLAAAAAHACgyzcpwAAAQEEAgIEBbQ="}
 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854562488426,"flow_src_last_pkt_time":1031854562488426,"flow_dst_last_pkt_time":1031854562488426,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1031854562488426,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.35.13","src_port":80,"dst_port":53136,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -130,7 +131,7 @@
 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854562488459,"flow_src_last_pkt_time":1031854562488459,"flow_dst_last_pkt_time":1031854562488459,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854562488459,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1031854562488459,"flow_dst_last_pkt_time":1031854562488459,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1031854562488459,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxNZAAEAGF7+sFAMNrBQDBc+QAFDK5CpM5VPMIVAQgyyD5gAA"}
 00930{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1031854562489825,"flow_dst_last_pkt_time":1031854562488459,"flow_idle_time":3285032704,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_usec":1031854562489825,"pkt":"AFCLkxN8CAAgsl17CABFAAFkZddAAEAGFoKsFAMNrBQDBc+QAFDK5CpN5VOgIVAYgyyj7gAAUE9TVCAvcHBnY3RybC9wcGdjb24lcwBsbG9naWMuZGxsIEhUVFAvZC4xDQpBdXRob3JpemF0aXhuOiBCYXNpYyBiRzFqWDNjNlZHVnpkREV5TXpRPQ0KQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvcmVsYXRlZDsgYm91bmRhcnk9Im1zZyVzAHRfMF8xMDM4XzEwMzE4NTQ1NjI0ODQiOyB0eXBlPSJhcHBsaWNhdGlvTi94bWwiDQpVc2VyLUFnZW50OiBNTVMtUmVsYXktRGVsaXZlcnlJbml0aWF0b3INCkFjY2VwdDogYXBwbGljYXRpb24veG1sDQpDb25uZWN0aW9uOiVzAGVwLWFsaXZlDQpIb3N0OiAxNzIuMjAuMy41DQpDb250ZW50LWxlbmd0aDogODAwDQoNGg=="}
-00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1031854562488459,"flow_src_last_pkt_time":1031854562489825,"flow_dst_last_pkt_time":1031854562488459,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854562489825,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+00989{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1031854562488459,"flow_src_last_pkt_time":1031854562489825,"flow_dst_last_pkt_time":1031854562488459,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854562489825,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"172.20.3.5","http": {"request_content_type":"multipart\/related"}}}
 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854562489900,"flow_src_last_pkt_time":1031854562489900,"flow_dst_last_pkt_time":1031854562489900,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":800,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":800,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854562489900,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.70.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1031854562489900,"flow_dst_last_pkt_time":1031854562489900,"flow_idle_time":3285032704,"pkt_caplen":854,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":854,"pkt_l4_len":820,"thread_ts_usec":1031854562489900,"pkt":"AFCLk5N8CAAgsl17CABFAANIxNhAAEAGFJ2sFAMNrEYDBc+QAFDK5CuI5VOgYVAYgyy9cwAALS1tc2dwYXJ0XzBfMTAzOF8xMDMxODU0NTYyNDg0DQpDb250s250LVR5cGU6IGFwcGxpY2F0em9uk3htbA0KDQo8P3htbCB2ZXJzaW9uPSIxLjAiPz4NCjwhRE9DVFlQRSBwYXAgUFVCTElDICItLy9XQVBGT1JVTS8vRFREIFBBUCAxLjAvL0VOIg0KICAgICAgICAgNmh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9wYXBfMS4wLmR0ZCI+DQo8cCBwPg0KICA8cHVzaC1tZXNzYWdlIHB1dmgtaWQ9IjE4OTMwMV8xMDMxODU0NTYyNDgyXzEwMzhAZ2VjZHMyLm1vYmlsaXR5bGFiLm5lWSIgZGVsaXZlci1iZWZvcmUtdGltZXN0YW1wPSIyMDAyLTA5LTEyVDE5OjE0OjQ4SiIgcHBnLW5vdGlmeS1yZXF1ZXN0ZWQtdG89Imh0dHA6Ly8xNzIuMjAuMy4xMytzZXJ2bGV0cy9tbXMiPg0KICAgITxhZGRyZXNzIGFkZHJlc3MtdmFsdWU9IldBUFBVU0g9KzQ5MTcwNjEwMTAwNC9UWVBFPVBMTU5AMTcyLjIwLjMuNSI+PC9hZGRyZXNzPg0KIDIgIDxxdWFsaXR5LW9mLXNlcnZpY2UgcHJpb3JpdHk9Im1lZGl1bSIgZGVsaXZlcnktbWV0aG9kPSJ1bmNvbmZpcm1lZCI+PC9xdWFsaXR5LW9mLSVzAHZpY2U+DQogIDwvdnVzaC1tZXNzYWdlPg0KPC9wYXA+DQoNCi0tbXNncGFydF8wXzEwWDhfMTAzMTg1NDU2MjQ4NA0KQ29udGVudC1UeXBlOiBjcHBsaVdhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlDQpYLWphcC1BcHBsaWNhdGlvbi1JZDogNA0KDR+Mho2QizE4OTMwMEBnZWNkczIubW9iaWxpdHlsYWIubmV0AJcrNDkxNzI2MTAxMDA0L1RZUEU9UExNTleFBD2A2eKVgQ0KLS1tc2dnYXJ0XzBfMTAzOF8xMDMxODU0NTYyNDg0LS0="}
 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1031854562489825,"flow_dst_last_pkt_time":1031854562490275,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1031854562490275,"pkt":"CAAgsl17AFCLk5N8CABFAAAoREtAAIAGWEqsFAMFrBQDDQBQz5DlW6AhyuQuqFAQHdzk2gAAAgQFtG4v"}
@@ -182,7 +183,7 @@
 00941{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854499919193,"flow_src_last_pkt_time":1031854499919193,"flow_dst_last_pkt_time":1031854499919193,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.88","dst_ip":"172.20.3.82","src_port":80,"dst_port":2601,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00765{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854499919193,"flow_src_last_pkt_time":1031854499919193,"flow_dst_last_pkt_time":1031854499919193,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.88","dst_ip":"172.20.3.82","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00768{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":8,"flow_first_seen":1031854488666676,"flow_src_last_pkt_time":1031854499919530,"flow_dst_last_pkt_time":1031854499919749,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":5827,"midstream":0,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01078{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1031854495447686,"flow_src_last_pkt_time":1031854506544883,"flow_dst_last_pkt_time":1031854506544666,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":708,"flow_dst_max_l4_payload_len":487,"flow_src_tot_l4_payload_len":708,"flow_dst_tot_l4_payload_len":487,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01193{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1031854495447686,"flow_src_last_pkt_time":1031854506544883,"flow_dst_last_pkt_time":1031854506544666,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":708,"flow_dst_max_l4_payload_len":487,"flow_src_tot_l4_payload_len":708,"flow_dst_tot_l4_payload_len":487,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00850{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854488668075,"flow_src_last_pkt_time":1031854488668075,"flow_dst_last_pkt_time":1031854488668075,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":81,"dst_port":2601,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00763{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854488668075,"flow_src_last_pkt_time":1031854488668075,"flow_dst_last_pkt_time":1031854488668075,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":81,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00941{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854525903771,"flow_src_last_pkt_time":1031854525903771,"flow_dst_last_pkt_time":1031854525903771,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.82.5","src_port":80,"dst_port":2603,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
@@ -216,7 +217,7 @@
 00773{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854562321743,"flow_src_last_pkt_time":1031854562321743,"flow_dst_last_pkt_time":1031854562321743,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":1460,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":9587,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00942{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854535022424,"flow_src_last_pkt_time":1031854535022424,"flow_dst_last_pkt_time":1031854535022424,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00766{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854535022424,"flow_src_last_pkt_time":1031854535022424,"flow_dst_last_pkt_time":1031854535022424,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00582{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","packets-captured":131,"packets-processed":123,"total-skipped-flows":0,"total-l4-payload-len":25630,"total-not-detected-flows":4,"total-guessed-flows":23,"total-detected-flows":12,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":39,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":219,"global_ts_usec":1031854568982740}
+00582{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","packets-captured":131,"packets-processed":123,"total-skipped-flows":0,"total-l4-payload-len":25630,"total-not-detected-flows":4,"total-guessed-flows":23,"total-detected-flows":12,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":39,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":220,"global_ts_usec":1031854568982740}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 131/123
 ~~ skipped flows.............: 0
@@ -225,9 +226,9 @@
 ~~ total active/idle flows...: 39/39
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6496420 bytes
-~~ total memory freed........: 6496420 bytes
-~~ total allocations/frees...: 123002/123002
+~~ total memory allocated....: 6501893 bytes
+~~ total memory freed........: 6501893 bytes
+~~ total allocations/frees...: 123023/123023
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 304 chars
 ~~ json string max len.......: 2474 chars
diff --git a/test/results/fuzz-2020-02-16-11740.pcap.out b/test/results/fuzz-2020-02-16-11740.pcap.out
index 45751dc94..072adbcd2 100644
--- a/test/results/fuzz-2020-02-16-11740.pcap.out
+++ b/test/results/fuzz-2020-02-16-11740.pcap.out
@@ -621,9 +621,9 @@
 ~~ total active/idle flows...: 79/79
 ~~ total timeout flows.......: 13
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6560791 bytes
-~~ total memory freed........: 6560791 bytes
-~~ total allocations/frees...: 123592/123592
+~~ total memory allocated....: 6566320 bytes
+~~ total memory freed........: 6566320 bytes
+~~ total allocations/frees...: 123602/123602
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 304 chars
 ~~ json string max len.......: 2298 chars
diff --git a/test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out b/test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out
index 45c73d6e1..a94c1a909 100644
--- a/test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out
+++ b/test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out
@@ -13,9 +13,9 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6409946 bytes
-~~ total memory freed........: 6409946 bytes
-~~ total allocations/frees...: 122425/122425
+~~ total memory allocated....: 6414843 bytes
+~~ total memory freed........: 6414843 bytes
+~~ total allocations/frees...: 122435/122435
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 328 chars
 ~~ json string max len.......: 576 chars
diff --git a/test/results/fuzz-2021-10-13.pcap.out b/test/results/fuzz-2021-10-13.pcap.out
index 0edc7476f..0b1a12f32 100644
--- a/test/results/fuzz-2021-10-13.pcap.out
+++ b/test/results/fuzz-2021-10-13.pcap.out
@@ -11,9 +11,9 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6409946 bytes
-~~ total memory freed........: 6409946 bytes
-~~ total allocations/frees...: 122425/122425
+~~ total memory allocated....: 6414843 bytes
+~~ total memory freed........: 6414843 bytes
+~~ total allocations/frees...: 122435/122435
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 310 chars
 ~~ json string max len.......: 564 chars
diff --git a/test/results/genshin-impact.pcap.out b/test/results/genshin-impact.pcap.out
index b04e83a65..b3c8a900e 100644
--- a/test/results/genshin-impact.pcap.out
+++ b/test/results/genshin-impact.pcap.out
@@ -62,9 +62,9 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6429500 bytes
-~~ total memory freed........: 6429500 bytes
-~~ total allocations/frees...: 122584/122584
+~~ total memory allocated....: 6434445 bytes
+~~ total memory freed........: 6434445 bytes
+~~ total allocations/frees...: 122594/122594
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 499 chars
 ~~ json string max len.......: 1098 chars
diff --git a/test/results/git.pcap.out b/test/results/git.pcap.out
index 254d346e6..dc7574267 100644
--- a/test/results/git.pcap.out
+++ b/test/results/git.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414356 bytes
-~~ total memory freed........: 6414356 bytes
-~~ total allocations/frees...: 122526/122526
+~~ total memory allocated....: 6419261 bytes
+~~ total memory freed........: 6419261 bytes
+~~ total allocations/frees...: 122536/122536
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 488 chars
 ~~ json string max len.......: 2155 chars
diff --git a/test/results/gnutella.pcap.out b/test/results/gnutella.pcap.out
index 03b4c009a..505b9628b 100644
--- a/test/results/gnutella.pcap.out
+++ b/test/results/gnutella.pcap.out
@@ -6910,9 +6910,9 @@
 ~~ total active/idle flows...: 801/801
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 8185987 bytes
-~~ total memory freed........: 8185987 bytes
-~~ total allocations/frees...: 138957/138957
+~~ total memory allocated....: 8197346 bytes
+~~ total memory freed........: 8197346 bytes
+~~ total allocations/frees...: 138970/138970
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 245 chars
 ~~ json string max len.......: 2557 chars
diff --git a/test/results/google_ssl.pcap.out b/test/results/google_ssl.pcap.out
index 0df6d7450..d40fef360 100644
--- a/test/results/google_ssl.pcap.out
+++ b/test/results/google_ssl.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414606 bytes
-~~ total memory freed........: 6414606 bytes
-~~ total allocations/frees...: 122465/122465
+~~ total memory allocated....: 6419511 bytes
+~~ total memory freed........: 6419511 bytes
+~~ total allocations/frees...: 122475/122475
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 494 chars
 ~~ json string max len.......: 921 chars
diff --git a/test/results/googledns_android10.pcap.out b/test/results/googledns_android10.pcap.out
index 18632e65c..e165d358a 100644
--- a/test/results/googledns_android10.pcap.out
+++ b/test/results/googledns_android10.pcap.out
@@ -83,9 +83,9 @@
 ~~ total active/idle flows...: 8/8
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6475926 bytes
-~~ total memory freed........: 6475926 bytes
-~~ total allocations/frees...: 123116/123116
+~~ total memory allocated....: 6480887 bytes
+~~ total memory freed........: 6480887 bytes
+~~ total allocations/frees...: 123126/123126
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 504 chars
 ~~ json string max len.......: 2336 chars
diff --git a/test/results/gquic.pcap.out b/test/results/gquic.pcap.out
index b4b8fc349..9565e643a 100644
--- a/test/results/gquic.pcap.out
+++ b/test/results/gquic.pcap.out
@@ -13,9 +13,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6422146 bytes
-~~ total memory freed........: 6422146 bytes
-~~ total allocations/frees...: 122457/122457
+~~ total memory allocated....: 6427051 bytes
+~~ total memory freed........: 6427051 bytes
+~~ total allocations/frees...: 122467/122467
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 2310 chars
diff --git a/test/results/gre_no_options.pcapng.out b/test/results/gre_no_options.pcapng.out
index 99f300548..ea32f28ce 100644
--- a/test/results/gre_no_options.pcapng.out
+++ b/test/results/gre_no_options.pcapng.out
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411804 bytes
-~~ total memory freed........: 6411804 bytes
-~~ total allocations/frees...: 122438/122438
+~~ total memory allocated....: 6416709 bytes
+~~ total memory freed........: 6416709 bytes
+~~ total allocations/frees...: 122448/122448
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 501 chars
 ~~ json string max len.......: 922 chars
diff --git a/test/results/gtp_c.pcap.out b/test/results/gtp_c.pcap.out
index b5c860ce9..4b0746461 100644
--- a/test/results/gtp_c.pcap.out
+++ b/test/results/gtp_c.pcap.out
@@ -16,9 +16,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411862 bytes
-~~ total memory freed........: 6411862 bytes
-~~ total allocations/frees...: 122440/122440
+~~ total memory allocated....: 6416767 bytes
+~~ total memory freed........: 6416767 bytes
+~~ total allocations/frees...: 122450/122450
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 956 chars
diff --git a/test/results/gtp_false_positive.pcapng.out b/test/results/gtp_false_positive.pcapng.out
index 041f36bef..31e3b7d49 100644
--- a/test/results/gtp_false_positive.pcapng.out
+++ b/test/results/gtp_false_positive.pcapng.out
@@ -28,9 +28,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6415549 bytes
-~~ total memory freed........: 6415549 bytes
-~~ total allocations/frees...: 122465/122465
+~~ total memory allocated....: 6420470 bytes
+~~ total memory freed........: 6420470 bytes
+~~ total allocations/frees...: 122475/122475
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 505 chars
 ~~ json string max len.......: 936 chars
diff --git a/test/results/gtp_prime.pcapng.out b/test/results/gtp_prime.pcapng.out
index b8e4e0319..9ea23f6b4 100644
--- a/test/results/gtp_prime.pcapng.out
+++ b/test/results/gtp_prime.pcapng.out
@@ -11,9 +11,9 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6409946 bytes
-~~ total memory freed........: 6409946 bytes
-~~ total allocations/frees...: 122425/122425
+~~ total memory allocated....: 6414843 bytes
+~~ total memory freed........: 6414843 bytes
+~~ total allocations/frees...: 122435/122435
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 296 chars
 ~~ json string max len.......: 666 chars
diff --git a/test/results/h323-overflow.pcap.out b/test/results/h323-overflow.pcap.out
index e700ae1bb..27b0829d5 100644
--- a/test/results/h323-overflow.pcap.out
+++ b/test/results/h323-overflow.pcap.out
@@ -13,9 +13,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6413823 bytes
-~~ total memory freed........: 6413823 bytes
-~~ total allocations/frees...: 122438/122438
+~~ total memory allocated....: 6418728 bytes
+~~ total memory freed........: 6418728 bytes
+~~ total allocations/frees...: 122448/122448
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 498 chars
 ~~ json string max len.......: 932 chars
diff --git a/test/results/h323.pcap.out b/test/results/h323.pcap.out
index 525404d8c..f44cd0bc7 100644
--- a/test/results/h323.pcap.out
+++ b/test/results/h323.pcap.out
@@ -22,9 +22,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6415942 bytes
-~~ total memory freed........: 6415942 bytes
-~~ total allocations/frees...: 122460/122460
+~~ total memory allocated....: 6420855 bytes
+~~ total memory freed........: 6420855 bytes
+~~ total allocations/frees...: 122470/122470
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 966 chars
diff --git a/test/results/hangout.pcap.out b/test/results/hangout.pcap.out
index 08e2c7c99..90b86aefb 100644
--- a/test/results/hangout.pcap.out
+++ b/test/results/hangout.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412297 bytes
-~~ total memory freed........: 6412297 bytes
-~~ total allocations/frees...: 122455/122455
+~~ total memory allocated....: 6417202 bytes
+~~ total memory freed........: 6417202 bytes
+~~ total allocations/frees...: 122465/122465
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 1149 chars
diff --git a/test/results/hpvirtgrp.pcap.out b/test/results/hpvirtgrp.pcap.out
index ed5ffdace..76a03419c 100644
--- a/test/results/hpvirtgrp.pcap.out
+++ b/test/results/hpvirtgrp.pcap.out
@@ -89,9 +89,9 @@
 ~~ total active/idle flows...: 9/9
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6448521 bytes
-~~ total memory freed........: 6448521 bytes
-~~ total allocations/frees...: 122669/122669
+~~ total memory allocated....: 6453490 bytes
+~~ total memory freed........: 6453490 bytes
+~~ total allocations/frees...: 122679/122679
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 494 chars
 ~~ json string max len.......: 967 chars
diff --git a/test/results/hsrp0.pcap.out b/test/results/hsrp0.pcap.out
index 1b7613e9b..4697ea529 100644
--- a/test/results/hsrp0.pcap.out
+++ b/test/results/hsrp0.pcap.out
@@ -25,9 +25,9 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6417150 bytes
-~~ total memory freed........: 6417150 bytes
-~~ total allocations/frees...: 122469/122469
+~~ total memory allocated....: 6422079 bytes
+~~ total memory freed........: 6422079 bytes
+~~ total allocations/frees...: 122479/122479
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 943 chars
diff --git a/test/results/hsrp2.pcap.out b/test/results/hsrp2.pcap.out
index 287490b41..a1cec9a4c 100644
--- a/test/results/hsrp2.pcap.out
+++ b/test/results/hsrp2.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6413548 bytes
-~~ total memory freed........: 6413548 bytes
-~~ total allocations/frees...: 122447/122447
+~~ total memory allocated....: 6418461 bytes
+~~ total memory freed........: 6418461 bytes
+~~ total allocations/frees...: 122457/122457
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 945 chars
diff --git a/test/results/hsrp2_ipv6.pcapng.out b/test/results/hsrp2_ipv6.pcapng.out
index b55570b8e..86159610a 100644
--- a/test/results/hsrp2_ipv6.pcapng.out
+++ b/test/results/hsrp2_ipv6.pcapng.out
@@ -29,9 +29,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414534 bytes
-~~ total memory freed........: 6414534 bytes
-~~ total allocations/frees...: 122481/122481
+~~ total memory allocated....: 6419447 bytes
+~~ total memory freed........: 6419447 bytes
+~~ total allocations/frees...: 122491/122491
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 497 chars
 ~~ json string max len.......: 1079 chars
diff --git a/test/results/http-crash-content-disposition.pcap.out b/test/results/http-crash-content-disposition.pcap.out
index 53a571d64..472e1f67a 100644
--- a/test/results/http-crash-content-disposition.pcap.out
+++ b/test/results/http-crash-content-disposition.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412151 bytes
-~~ total memory freed........: 6412151 bytes
-~~ total allocations/frees...: 122451/122451
+~~ total memory allocated....: 6417062 bytes
+~~ total memory freed........: 6417062 bytes
+~~ total allocations/frees...: 122462/122462
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 513 chars
 ~~ json string max len.......: 1136 chars
diff --git a/test/results/http-lines-split.pcap.out b/test/results/http-lines-split.pcap.out
index 54400e7ad..7c68ff896 100644
--- a/test/results/http-lines-split.pcap.out
+++ b/test/results/http-lines-split.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412182 bytes
-~~ total memory freed........: 6412182 bytes
-~~ total allocations/frees...: 122452/122452
+~~ total memory allocated....: 6417087 bytes
+~~ total memory freed........: 6417087 bytes
+~~ total allocations/frees...: 122462/122462
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 501 chars
 ~~ json string max len.......: 1143 chars
diff --git a/test/results/http-manipulated.pcap.out b/test/results/http-manipulated.pcap.out
index 736107a2c..5dff0926c 100644
--- a/test/results/http-manipulated.pcap.out
+++ b/test/results/http-manipulated.pcap.out
@@ -27,9 +27,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6423279 bytes
-~~ total memory freed........: 6423279 bytes
-~~ total allocations/frees...: 122784/122784
+~~ total memory allocated....: 6428216 bytes
+~~ total memory freed........: 6428216 bytes
+~~ total allocations/frees...: 122796/122796
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 498 chars
 ~~ json string max len.......: 2240 chars
diff --git a/test/results/http-proxy.pcapng.out b/test/results/http-proxy.pcapng.out
index 896a33738..636c5cbaf 100644
--- a/test/results/http-proxy.pcapng.out
+++ b/test/results/http-proxy.pcapng.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412190 bytes
-~~ total memory freed........: 6412190 bytes
-~~ total allocations/frees...: 122451/122451
+~~ total memory allocated....: 6417118 bytes
+~~ total memory freed........: 6417118 bytes
+~~ total allocations/frees...: 122462/122462
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 496 chars
 ~~ json string max len.......: 1129 chars
diff --git a/test/results/http_auth.pcap.out b/test/results/http_auth.pcap.out
index aa90e8b8e..3d8a08fc8 100644
--- a/test/results/http_auth.pcap.out
+++ b/test/results/http_auth.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412941 bytes
-~~ total memory freed........: 6412941 bytes
-~~ total allocations/frees...: 122475/122475
+~~ total memory allocated....: 6417853 bytes
+~~ total memory freed........: 6417853 bytes
+~~ total allocations/frees...: 122486/122486
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 494 chars
 ~~ json string max len.......: 2183 chars
diff --git a/test/results/http_connect.pcap.out b/test/results/http_connect.pcap.out
index 9637a75ed..600ccba75 100644
--- a/test/results/http_connect.pcap.out
+++ b/test/results/http_connect.pcap.out
@@ -34,9 +34,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6433961 bytes
-~~ total memory freed........: 6433961 bytes
-~~ total allocations/frees...: 122568/122568
+~~ total memory allocated....: 6438882 bytes
+~~ total memory freed........: 6438882 bytes
+~~ total allocations/frees...: 122578/122578
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 497 chars
 ~~ json string max len.......: 2147 chars
diff --git a/test/results/http_guessed_host_and_guessed.pcapng.out b/test/results/http_guessed_host_and_guessed.pcapng.out
index 31c6b4ed5..4d42a86b0 100644
--- a/test/results/http_guessed_host_and_guessed.pcapng.out
+++ b/test/results/http_guessed_host_and_guessed.pcapng.out
@@ -13,9 +13,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6413823 bytes
-~~ total memory freed........: 6413823 bytes
-~~ total allocations/frees...: 122438/122438
+~~ total memory allocated....: 6418728 bytes
+~~ total memory freed........: 6418728 bytes
+~~ total allocations/frees...: 122448/122448
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 516 chars
 ~~ json string max len.......: 1099 chars
diff --git a/test/results/http_ipv6.pcap.out b/test/results/http_ipv6.pcap.out
index e7e171f45..e301d3bc6 100644
--- a/test/results/http_ipv6.pcap.out
+++ b/test/results/http_ipv6.pcap.out
@@ -106,13 +106,13 @@
 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269123954061,"flow_src_last_pkt_time":1448269123954061,"flow_dst_last_pkt_time":1448269123971846,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00944{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269143410021,"flow_src_last_pkt_time":1448269143410021,"flow_dst_last_pkt_time":1448269143539406,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269143410021,"flow_src_last_pkt_time":1448269143410021,"flow_dst_last_pkt_time":1448269143539406,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00878{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1448269127960079,"flow_src_last_pkt_time":1448269128028795,"flow_dst_last_pkt_time":1448269128003411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":81,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":81,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
+00955{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1448269127960079,"flow_src_last_pkt_time":1448269128028795,"flow_dst_last_pkt_time":1448269128003411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":81,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":81,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}}
 00791{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1448269127960079,"flow_src_last_pkt_time":1448269128028795,"flow_dst_last_pkt_time":1448269128003411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":81,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":81,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00931{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269144306064,"flow_src_last_pkt_time":1448269144306064,"flow_dst_last_pkt_time":1448269144348055,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269144306064,"flow_src_last_pkt_time":1448269144306064,"flow_dst_last_pkt_time":1448269144348055,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00933{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269145458059,"flow_src_last_pkt_time":1448269145458059,"flow_dst_last_pkt_time":1448269145478561,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269145458059,"flow_src_last_pkt_time":1448269145458059,"flow_dst_last_pkt_time":1448269145478561,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","packets-captured":193,"packets-processed":193,"total-skipped-flows":0,"total-l4-payload-len":51193,"total-not-detected-flows":1,"total-guessed-flows":6,"total-detected-flows":8,"total-detection-updates":11,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":115,"global_ts_usec":1448269146970056}
+00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","packets-captured":193,"packets-processed":193,"total-skipped-flows":0,"total-l4-payload-len":51193,"total-not-detected-flows":0,"total-guessed-flows":7,"total-detected-flows":8,"total-detection-updates":11,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":115,"global_ts_usec":1448269146970056}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 193/193
 ~~ skipped flows.............: 0
@@ -121,9 +121,9 @@
 ~~ total active/idle flows...: 15/15
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6527318 bytes
-~~ total memory freed........: 6527318 bytes
-~~ total allocations/frees...: 122862/122862
+~~ total memory allocated....: 6532335 bytes
+~~ total memory freed........: 6532335 bytes
+~~ total allocations/frees...: 122872/122872
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 494 chars
 ~~ json string max len.......: 2348 chars
diff --git a/test/results/http_on_sip_port.pcap.out b/test/results/http_on_sip_port.pcap.out
index a9bd4a8e9..8c1dec792 100644
--- a/test/results/http_on_sip_port.pcap.out
+++ b/test/results/http_on_sip_port.pcap.out
@@ -16,9 +16,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412210 bytes
-~~ total memory freed........: 6412210 bytes
-~~ total allocations/frees...: 122446/122446
+~~ total memory allocated....: 6417115 bytes
+~~ total memory freed........: 6417115 bytes
+~~ total allocations/frees...: 122456/122456
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 501 chars
 ~~ json string max len.......: 2322 chars
diff --git a/test/results/i3d.pcap.out b/test/results/i3d.pcap.out
index 4837553f0..eb1b41589 100644
--- a/test/results/i3d.pcap.out
+++ b/test/results/i3d.pcap.out
@@ -43,9 +43,9 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6418886 bytes
-~~ total memory freed........: 6418886 bytes
-~~ total allocations/frees...: 122529/122529
+~~ total memory allocated....: 6423815 bytes
+~~ total memory freed........: 6423815 bytes
+~~ total allocations/frees...: 122539/122539
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 488 chars
 ~~ json string max len.......: 2134 chars
diff --git a/test/results/iax.pcap.out b/test/results/iax.pcap.out
index 506206370..cb6a159eb 100644
--- a/test/results/iax.pcap.out
+++ b/test/results/iax.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6413196 bytes
-~~ total memory freed........: 6413196 bytes
-~~ total allocations/frees...: 122486/122486
+~~ total memory allocated....: 6418101 bytes
+~~ total memory freed........: 6418101 bytes
+~~ total allocations/frees...: 122496/122496
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 486 chars
 ~~ json string max len.......: 2165 chars
diff --git a/test/results/icmp-tunnel.pcap.out b/test/results/icmp-tunnel.pcap.out
index 20d06eea4..a875f4746 100644
--- a/test/results/icmp-tunnel.pcap.out
+++ b/test/results/icmp-tunnel.pcap.out
@@ -45,9 +45,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6436773 bytes
-~~ total memory freed........: 6436773 bytes
-~~ total allocations/frees...: 123299/123299
+~~ total memory allocated....: 6441678 bytes
+~~ total memory freed........: 6441678 bytes
+~~ total allocations/frees...: 123309/123309
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 496 chars
 ~~ json string max len.......: 2351 chars
diff --git a/test/results/iec60780-5-104.pcap.out b/test/results/iec60780-5-104.pcap.out
index 44e26ef5d..593d84e8e 100644
--- a/test/results/iec60780-5-104.pcap.out
+++ b/test/results/iec60780-5-104.pcap.out
@@ -59,9 +59,9 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6425009 bytes
-~~ total memory freed........: 6425009 bytes
-~~ total allocations/frees...: 122638/122638
+~~ total memory allocated....: 6429954 bytes
+~~ total memory freed........: 6429954 bytes
+~~ total allocations/frees...: 122648/122648
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 499 chars
 ~~ json string max len.......: 2238 chars
diff --git a/test/results/imap-starttls.pcap.out b/test/results/imap-starttls.pcap.out
index 3d0ff853c..9b70307b0 100644
--- a/test/results/imap-starttls.pcap.out
+++ b/test/results/imap-starttls.pcap.out
@@ -22,9 +22,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6431070 bytes
-~~ total memory freed........: 6431070 bytes
-~~ total allocations/frees...: 122480/122480
+~~ total memory allocated....: 6435975 bytes
+~~ total memory freed........: 6435975 bytes
+~~ total allocations/frees...: 122490/122490
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 497 chars
 ~~ json string max len.......: 1985 chars
diff --git a/test/results/imap.pcap.out b/test/results/imap.pcap.out
index 81b05a078..e56eb69c3 100644
--- a/test/results/imap.pcap.out
+++ b/test/results/imap.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414779 bytes
-~~ total memory freed........: 6414779 bytes
-~~ total allocations/frees...: 122471/122471
+~~ total memory allocated....: 6419684 bytes
+~~ total memory freed........: 6419684 bytes
+~~ total allocations/frees...: 122481/122481
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 2250 chars
diff --git a/test/results/imaps.pcap.out b/test/results/imaps.pcap.out
index e701a7127..ae8f03d3c 100644
--- a/test/results/imaps.pcap.out
+++ b/test/results/imaps.pcap.out
@@ -29,9 +29,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6428173 bytes
-~~ total memory freed........: 6428173 bytes
-~~ total allocations/frees...: 122488/122488
+~~ total memory allocated....: 6433086 bytes
+~~ total memory freed........: 6433086 bytes
+~~ total allocations/frees...: 122498/122498
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 1206 chars
diff --git a/test/results/imo.pcap.out b/test/results/imo.pcap.out
index 95af12362..739d6a63b 100644
--- a/test/results/imo.pcap.out
+++ b/test/results/imo.pcap.out
@@ -27,9 +27,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6416446 bytes
-~~ total memory freed........: 6416446 bytes
-~~ total allocations/frees...: 122547/122547
+~~ total memory allocated....: 6421359 bytes
+~~ total memory freed........: 6421359 bytes
+~~ total allocations/frees...: 122557/122557
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 474 chars
 ~~ json string max len.......: 2178 chars
diff --git a/test/results/instagram.pcap.out b/test/results/instagram.pcap.out
index 1158b3be9..d5be2caaa 100644
--- a/test/results/instagram.pcap.out
+++ b/test/results/instagram.pcap.out
@@ -316,9 +316,9 @@
 ~~ total active/idle flows...: 38/38
 ~~ total timeout flows.......: 5
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6764923 bytes
-~~ total memory freed........: 6764923 bytes
-~~ total allocations/frees...: 126422/126422
+~~ total memory allocated....: 6770124 bytes
+~~ total memory freed........: 6770124 bytes
+~~ total allocations/frees...: 126432/126432
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 494 chars
 ~~ json string max len.......: 2455 chars
diff --git a/test/results/ip_fragmented_garbage.pcap.out b/test/results/ip_fragmented_garbage.pcap.out
index dff1ef4a6..2741466e4 100644
--- a/test/results/ip_fragmented_garbage.pcap.out
+++ b/test/results/ip_fragmented_garbage.pcap.out
@@ -157,9 +157,9 @@
 ~~ total active/idle flows...: 29/29
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6462175 bytes
-~~ total memory freed........: 6462175 bytes
-~~ total allocations/frees...: 122744/122744
+~~ total memory allocated....: 6467304 bytes
+~~ total memory freed........: 6467304 bytes
+~~ total allocations/frees...: 122754/122754
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 325 chars
 ~~ json string max len.......: 858 chars
diff --git a/test/results/iphone.pcap.out b/test/results/iphone.pcap.out
index 3b55797d4..5d5a1c024 100644
--- a/test/results/iphone.pcap.out
+++ b/test/results/iphone.pcap.out
@@ -363,9 +363,9 @@
 ~~ total active/idle flows...: 51/51
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6918435 bytes
-~~ total memory freed........: 6918435 bytes
-~~ total allocations/frees...: 123751/123751
+~~ total memory allocated....: 6923750 bytes
+~~ total memory freed........: 6923750 bytes
+~~ total allocations/frees...: 123762/123762
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 3928 chars
diff --git a/test/results/ipp.pcap.out b/test/results/ipp.pcap.out
index e15980f29..d05921a53 100644
--- a/test/results/ipp.pcap.out
+++ b/test/results/ipp.pcap.out
@@ -34,9 +34,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6423586 bytes
-~~ total memory freed........: 6423586 bytes
-~~ total allocations/frees...: 122747/122747
+~~ total memory allocated....: 6428507 bytes
+~~ total memory freed........: 6428507 bytes
+~~ total allocations/frees...: 122757/122757
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 488 chars
 ~~ json string max len.......: 2369 chars
diff --git a/test/results/ipsec_isakmp_esp.pcap.out b/test/results/ipsec_isakmp_esp.pcap.out
index 008e9d427..74190188d 100644
--- a/test/results/ipsec_isakmp_esp.pcap.out
+++ b/test/results/ipsec_isakmp_esp.pcap.out
@@ -327,9 +327,9 @@
 ~~ total active/idle flows...: 36/36
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6506122 bytes
-~~ total memory freed........: 6506122 bytes
-~~ total allocations/frees...: 123903/123903
+~~ total memory allocated....: 6511307 bytes
+~~ total memory freed........: 6511307 bytes
+~~ total allocations/frees...: 123913/123913
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 501 chars
 ~~ json string max len.......: 2227 chars
diff --git a/test/results/ipv6_in_gtp.pcap.out b/test/results/ipv6_in_gtp.pcap.out
index 5e70b136b..ccfc3a71f 100644
--- a/test/results/ipv6_in_gtp.pcap.out
+++ b/test/results/ipv6_in_gtp.pcap.out
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6409946 bytes
-~~ total memory freed........: 6409946 bytes
-~~ total allocations/frees...: 122425/122425
+~~ total memory allocated....: 6414843 bytes
+~~ total memory freed........: 6414843 bytes
+~~ total allocations/frees...: 122435/122435
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 296 chars
 ~~ json string max len.......: 561 chars
diff --git a/test/results/irc.pcap.out b/test/results/irc.pcap.out
index cca72a746..4c3054699 100644
--- a/test/results/irc.pcap.out
+++ b/test/results/irc.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414662 bytes
-~~ total memory freed........: 6414662 bytes
-~~ total allocations/frees...: 122467/122467
+~~ total memory allocated....: 6419567 bytes
+~~ total memory freed........: 6419567 bytes
+~~ total allocations/frees...: 122477/122477
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 488 chars
 ~~ json string max len.......: 1182 chars
diff --git a/test/results/ja3_lots_of_cipher_suites.pcap.out b/test/results/ja3_lots_of_cipher_suites.pcap.out
index 49ec22943..768444abf 100644
--- a/test/results/ja3_lots_of_cipher_suites.pcap.out
+++ b/test/results/ja3_lots_of_cipher_suites.pcap.out
@@ -31,9 +31,9 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6409946 bytes
-~~ total memory freed........: 6409946 bytes
-~~ total allocations/frees...: 122425/122425
+~~ total memory allocated....: 6414843 bytes
+~~ total memory freed........: 6414843 bytes
+~~ total allocations/frees...: 122435/122435
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 310 chars
 ~~ json string max len.......: 2322 chars
diff --git a/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out b/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out
index 328ddee62..e626166f6 100644
--- a/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out
+++ b/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out
@@ -43,9 +43,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412529 bytes
-~~ total memory freed........: 6412529 bytes
-~~ total allocations/frees...: 122463/122463
+~~ total memory allocated....: 6417434 bytes
+~~ total memory freed........: 6417434 bytes
+~~ total allocations/frees...: 122473/122473
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 363 chars
 ~~ json string max len.......: 1910 chars
diff --git a/test/results/jabber.pcap.out b/test/results/jabber.pcap.out
index f92f1a2be..5b41897fc 100644
--- a/test/results/jabber.pcap.out
+++ b/test/results/jabber.pcap.out
@@ -116,9 +116,9 @@
 ~~ total active/idle flows...: 12/12
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6466504 bytes
-~~ total memory freed........: 6466504 bytes
-~~ total allocations/frees...: 122927/122927
+~~ total memory allocated....: 6471497 bytes
+~~ total memory freed........: 6471497 bytes
+~~ total allocations/frees...: 122937/122937
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 2168 chars
diff --git a/test/results/kerberos-error.pcap.out b/test/results/kerberos-error.pcap.out
index 3e14ea196..2fb62f62d 100644
--- a/test/results/kerberos-error.pcap.out
+++ b/test/results/kerberos-error.pcap.out
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411804 bytes
-~~ total memory freed........: 6411804 bytes
-~~ total allocations/frees...: 122438/122438
+~~ total memory allocated....: 6416709 bytes
+~~ total memory freed........: 6416709 bytes
+~~ total allocations/frees...: 122448/122448
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 499 chars
 ~~ json string max len.......: 1006 chars
diff --git a/test/results/kerberos-login.pcap.out b/test/results/kerberos-login.pcap.out
index f073a543c..b630d9482 100644
--- a/test/results/kerberos-login.pcap.out
+++ b/test/results/kerberos-login.pcap.out
@@ -86,9 +86,9 @@
 ~~ total active/idle flows...: 13/13
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6434505 bytes
-~~ total memory freed........: 6434505 bytes
-~~ total allocations/frees...: 122608/122608
+~~ total memory allocated....: 6439506 bytes
+~~ total memory freed........: 6439506 bytes
+~~ total allocations/frees...: 122618/122618
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 499 chars
 ~~ json string max len.......: 2161 chars
diff --git a/test/results/kerberos.pcap.out b/test/results/kerberos.pcap.out
index 86368622f..59f53f86d 100644
--- a/test/results/kerberos.pcap.out
+++ b/test/results/kerberos.pcap.out
@@ -196,9 +196,9 @@
 ~~ total active/idle flows...: 36/36
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6528179 bytes
-~~ total memory freed........: 6528179 bytes
-~~ total allocations/frees...: 122923/122923
+~~ total memory allocated....: 6533364 bytes
+~~ total memory freed........: 6533364 bytes
+~~ total allocations/frees...: 122933/122933
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 493 chars
 ~~ json string max len.......: 2461 chars
diff --git a/test/results/kerberos_fuzz.pcapng.out b/test/results/kerberos_fuzz.pcapng.out
index f8d2457c8..4607cc018 100644
--- a/test/results/kerberos_fuzz.pcapng.out
+++ b/test/results/kerberos_fuzz.pcapng.out
@@ -13,9 +13,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411747 bytes
-~~ total memory freed........: 6411747 bytes
-~~ total allocations/frees...: 122436/122436
+~~ total memory allocated....: 6416652 bytes
+~~ total memory freed........: 6416652 bytes
+~~ total allocations/frees...: 122446/122446
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 500 chars
 ~~ json string max len.......: 1023 chars
diff --git a/test/results/kismet.pcap.out b/test/results/kismet.pcap.out
index 0ba510824..1b72be2f1 100644
--- a/test/results/kismet.pcap.out
+++ b/test/results/kismet.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414809 bytes
-~~ total memory freed........: 6414809 bytes
-~~ total allocations/frees...: 122472/122472
+~~ total memory allocated....: 6419714 bytes
+~~ total memory freed........: 6419714 bytes
+~~ total allocations/frees...: 122482/122482
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 2218 chars
diff --git a/test/results/kontiki.pcap.out b/test/results/kontiki.pcap.out
index 444691aa7..6cb14b911 100644
--- a/test/results/kontiki.pcap.out
+++ b/test/results/kontiki.pcap.out
@@ -29,34 +29,34 @@
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1213662198894411,"flow_dst_last_pkt_time":1213662198289578,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1213662198894411,"pkt":"AAAMB6wIABVYKKDoCABFAAAwD6cAACARi6QKGSA7QMiUVk3sIrgAHHRlAgUCAAiZs8I60hgfAAAE5AIEAQA="}
 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1213662198894411,"flow_dst_last_pkt_time":1213662198897316,"flow_idle_time":200000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1213662198897316,"pkt":"ABVYKKDoANAreRD8CABFAAA4AABAADQRR0NAyJRWChkgOyK4TewAJN4CAgcGAAiZs8IXSyN2LCctBTrSGB8AAATkAQQAYw=="}
 02296{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":41,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":22,"flow_first_seen":1213662198289578,"flow_src_last_pkt_time":1213662198988100,"flow_dst_last_pkt_time":1213662198992190,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":1241,"flow_src_tot_l4_payload_len":591,"flow_dst_tot_l4_payload_len":24254,"midstream":0,"thread_ts_usec":1213662198992190,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.86","src_port":19948,"dst_port":8888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":45197.9,"max":607738,"stddev":118031.4,"var":13931400192.0,"ent":2.6,"data": [198615,212422,193796,607738,3074,5780,31191,29960,8831,9093,72,244,17,19380,18261,96,127,127,114,15289,14893,16,235,114,13,97,15924,15357,18,115,125]},"pktlen": {"min":32,"avg":804.4,"max":1269,"stddev":568.0,"var":322604.6,"ent":4.5,"data": [32,32,32,48,56,245,499,232,204,118,1269,1269,1269,1269,44,1269,1269,1269,1269,1269,44,1269,1269,1269,1269,1269,1269,44,1269,1269,1269,1269]},"bins": {"c_to_s": [7,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,1,0,1,0,1,0,1,1,1,1,0,1,1,1,1,1,0,1,1,1,1,1,1,0,1,1,1,1],"entropies": [4.327819824,4.390319824,4.390319824,4.808207035,5.107008457,6.254767418,7.256530285,7.013645172,6.874151707,6.231850147,7.871051788,7.843012333,7.837141991,7.838663578,4.925117970,7.837912083,7.840578079,7.843400478,7.848168850,7.821814060,4.879663467,7.851324558,7.825254917,7.844458103,7.841213703,7.862925529,7.835451603,4.925117970,7.832023621,7.834714890,7.855443478,7.864355564]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Kontiki","proto_id":"32","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media"}}
-00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1213662200284689,"flow_dst_last_pkt_time":1213662198298123,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1213662200284689,"pkt":"AAAMB6wIABVYKKDoCABFAAAwEAgAACARi0EKGSA7QMiUWE3sAFAAHLz5AgUiAE9LWIs\/euHNAAAE5AIEAQA="}
-00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1174,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1213662200285056,"flow_dst_last_pkt_time":1213662198298679,"flow_idle_time":140000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1213662200285056,"pkt":"ABVYKKDoANABJAf8CABFAAA4wRIAAP8BpkIKGSADChkgOwMN8aAAAAAARQAAMBAIAAAfEYxBChkgO0DIlFhN7ABQABy8+Q=="}
-00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2709,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1213662202284851,"flow_dst_last_pkt_time":1213662198298123,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1213662202284851,"pkt":"AAAMB6wIABVYKKDoCABFAAAwEJ8AACARiqoKGSA7QMiUWE3sAFAAHLz5AgUiAE9LWIs\/euHNAAAE5AIEAQA="}
-00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2710,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1213662202285330,"flow_dst_last_pkt_time":1213662198298679,"flow_idle_time":140000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1213662202285330,"pkt":"ABVYKKDoANABJAf8CABFAAA4wVoAAP8BpfoKGSADChkgOwMN8aAAAAAARQAAMBCfAAAfEYuqChkgO0DIlFhN7ABQABy8+Q=="}
-00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3288,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1213662202883098,"flow_dst_last_pkt_time":1213662198298123,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1213662202883098,"pkt":"AAAMB6wIABVYKKDoCABFAAAwEMgAACARioEKGSA7QMiUWE3sAFAAHNT4AgUKAE9LWIs\/euHOAAAE5AIEAQA="}
-00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1213662202883546,"flow_dst_last_pkt_time":1213662198298679,"flow_idle_time":140000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1213662202883546,"pkt":"ABVYKKDoANABJAf8CABFAAA4wXYAAP8Bpd4KGSADChkgOwMN2aEAAAAARQAAMBDIAAAfEYuBChkgO0DIlFhN7ABQABzU+A=="}
-00912{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662198701406,"flow_src_last_pkt_time":1213662198701406,"flow_dst_last_pkt_time":1213662198701406,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"4.79.219.125","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00915{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662198488630,"flow_src_last_pkt_time":1213662198488630,"flow_dst_last_pkt_time":1213662198488630,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"216.168.241.157","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01091{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":261,"flow_dst_packets_processed":3013,"flow_first_seen":1213662198289578,"flow_src_last_pkt_time":1213662202879390,"flow_dst_last_pkt_time":1213662202882191,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":1241,"flow_src_tot_l4_payload_len":6335,"flow_dst_tot_l4_payload_len":3708231,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.86","src_port":19948,"dst_port":8888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Kontiki","proto_id":"32","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media"}}
-00911{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1213662198298679,"flow_src_last_pkt_time":1213662202883546,"flow_dst_last_pkt_time":1213662198298679,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.3","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00912{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662198289778,"flow_src_last_pkt_time":1213662198289778,"flow_dst_last_pkt_time":1213662198289778,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.249.14","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00851{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662195077813,"flow_src_last_pkt_time":1213662195077813,"flow_dst_last_pkt_time":1213662195077813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":991,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":991,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":991,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"255.255.255.255","src_port":19948,"dst_port":19948,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
-00764{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662195077813,"flow_src_last_pkt_time":1213662195077813,"flow_dst_last_pkt_time":1213662195077813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":991,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":991,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":991,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"255.255.255.255","src_port":19948,"dst_port":19948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00851{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1213662198289399,"flow_src_last_pkt_time":1213662198301070,"flow_dst_last_pkt_time":1213662198292691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":327,"flow_dst_tot_l4_payload_len":210,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.82","src_port":19948,"dst_port":1948,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
-00764{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1213662198289399,"flow_src_last_pkt_time":1213662198301070,"flow_dst_last_pkt_time":1213662198292691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":327,"flow_dst_tot_l4_payload_len":210,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.82","src_port":19948,"dst_port":1948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-01073{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1213662198298123,"flow_src_last_pkt_time":1213662202883098,"flow_dst_last_pkt_time":1213662198298123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.88","src_port":19948,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Kontiki","proto_id":"32","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media"}}
-00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","packets-captured":3289,"packets-processed":3289,"total-skipped-flows":0,"total-l4-payload-len":3716430,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1213662202883546}
+00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1213662200284689,"flow_dst_last_pkt_time":1213662198298123,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1213662200284689,"pkt":"AAAMB6wIABVYKKDoCABFAAAwEAgAACARi0EKGSA7QMiUWE3sAFAAHLz5AgUiAE9LWIs\/euHNAAAE5AIEAQA="}
+00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1213662200285056,"flow_dst_last_pkt_time":1213662198298679,"flow_idle_time":140000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1213662200285056,"pkt":"ABVYKKDoANABJAf8CABFAAA4wRIAAP8BpkIKGSADChkgOwMN8aAAAAAARQAAMBAIAAAfEYxBChkgO0DIlFhN7ABQABy8+Q=="}
+00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1213662202284851,"flow_dst_last_pkt_time":1213662198298123,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1213662202284851,"pkt":"AAAMB6wIABVYKKDoCABFAAAwEJ8AACARiqoKGSA7QMiUWE3sAFAAHLz5AgUiAE9LWIs\/euHNAAAE5AIEAQA="}
+00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1213662202285330,"flow_dst_last_pkt_time":1213662198298679,"flow_idle_time":140000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1213662202285330,"pkt":"ABVYKKDoANABJAf8CABFAAA4wVoAAP8BpfoKGSADChkgOwMN8aAAAAAARQAAMBCfAAAfEYuqChkgO0DIlFhN7ABQABy8+Q=="}
+00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1213662202883098,"flow_dst_last_pkt_time":1213662198298123,"flow_idle_time":200000000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1213662202883098,"pkt":"AAAMB6wIABVYKKDoCABFAAAwEMgAACARioEKGSA7QMiUWE3sAFAAHNT4AgUKAE9LWIs\/euHOAAAE5AIEAQA="}
+00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1213662202883546,"flow_dst_last_pkt_time":1213662198298679,"flow_idle_time":140000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1213662202883546,"pkt":"ABVYKKDoANABJAf8CABFAAA4wXYAAP8Bpd4KGSADChkgOwMN2aEAAAAARQAAMBDIAAAfEYuBChkgO0DIlFhN7ABQABzU+A=="}
+00910{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662198701406,"flow_src_last_pkt_time":1213662198701406,"flow_dst_last_pkt_time":1213662198701406,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"4.79.219.125","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00913{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662198488630,"flow_src_last_pkt_time":1213662198488630,"flow_dst_last_pkt_time":1213662198488630,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"216.168.241.157","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":29,"flow_first_seen":1213662198289578,"flow_src_last_pkt_time":1213662199003396,"flow_dst_last_pkt_time":1213662199007691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":1241,"flow_src_tot_l4_payload_len":607,"flow_dst_tot_l4_payload_len":32941,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.86","src_port":19948,"dst_port":8888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Kontiki","proto_id":"32","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media"}}
+00909{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1213662198298679,"flow_src_last_pkt_time":1213662202883546,"flow_dst_last_pkt_time":1213662198298679,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.3","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00910{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662198289778,"flow_src_last_pkt_time":1213662198289778,"flow_dst_last_pkt_time":1213662198289778,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.249.14","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00849{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":55,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662195077813,"flow_src_last_pkt_time":1213662195077813,"flow_dst_last_pkt_time":1213662195077813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":991,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":991,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":991,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"255.255.255.255","src_port":19948,"dst_port":19948,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
+00762{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662195077813,"flow_src_last_pkt_time":1213662195077813,"flow_dst_last_pkt_time":1213662195077813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":991,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":991,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":991,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"255.255.255.255","src_port":19948,"dst_port":19948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00849{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":55,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1213662198289399,"flow_src_last_pkt_time":1213662198301070,"flow_dst_last_pkt_time":1213662198292691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":327,"flow_dst_tot_l4_payload_len":210,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.82","src_port":19948,"dst_port":1948,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
+00762{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1213662198289399,"flow_src_last_pkt_time":1213662198301070,"flow_dst_last_pkt_time":1213662198292691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":327,"flow_dst_tot_l4_payload_len":210,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.82","src_port":19948,"dst_port":1948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+01071{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1213662198298123,"flow_src_last_pkt_time":1213662202883098,"flow_dst_last_pkt_time":1213662198298123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.88","src_port":19948,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Kontiki","proto_id":"32","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media"}}
+00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":55,"source":"kontiki.pcap","alias":"nDPId-test","packets-captured":55,"packets-processed":55,"total-skipped-flows":0,"total-l4-payload-len":35412,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1213662202883546}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
-~~ packets captured/processed: 3289/3289
+~~ packets captured/processed: 55/55
 ~~ skipped flows.............: 0
-~~ total layer4 data length..: 3716430 bytes
+~~ total layer4 data length..: 35412 bytes
 ~~ total detected protocols..: 6
 ~~ total active/idle flows...: 8/8
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6519699 bytes
-~~ total memory freed........: 6519699 bytes
-~~ total allocations/frees...: 125801/125801
+~~ total memory allocated....: 6430874 bytes
+~~ total memory freed........: 6430874 bytes
+~~ total allocations/frees...: 122577/122577
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 482 chars
 ~~ json string max len.......: 2301 chars
diff --git a/test/results/line.pcap.out b/test/results/line.pcap.out
index dc51339b2..69fabec52 100644
--- a/test/results/line.pcap.out
+++ b/test/results/line.pcap.out
@@ -36,31 +36,30 @@
 01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"line.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1663913345289083,"flow_dst_last_pkt_time":1663913345239687,"flow_idle_time":200000000,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1663913345289083,"pkt":"iJCNB9vohKk4ukxYCABFAAI5QEwAAIARAAAKyAN9k1ypWsfZcY4CJU0y0hkDgkoH4fXjR78UbBk55bC11tKoet8mWsuofGTVg3BDDueInFq4I2GHIgjJ4u0feEmKlgylyNuTHlxQZc4kH2D\/VY\/VmE46hmqP2oVMjLDXdADwzICO2nyNfpPRWjFRBRR8I4\/VTiJc59XSw6xVKVl+Kltfh2iUVOzTJPxnbYbotdp6D+wgeMUI3WneAvmGtJnJWORgIjgJlaz2ZOanLkN+pFe+jFVSIRwZLIUs8ybS8fHsA85ykwXp0TNJKmBf2pX0EtwanAoUKSCQ6Okumir6819kZMt14QUNfNQanyhsc0WgwnyrobrwZlS1Ic1rX8xoH2MMZGSbt7hIKlWQtuwURlDeoYU9N33anPoFEN5C61vANKW3yqCivFfa5WYFTLqTN9loxIWnygng6F44dvfWKkGIxM6TNZOy84AqtXHeXHpKtnN4rkKnxizdaZyH4BDvwahiJKQQ+0MrdjJanZ2FovMNYlTt3pByQRjjsTlwBRrkhBVGbH10clpFK3srMAWg5I8D9ngdbhTIden3xe\/sKWF1GJnLBrQml3xeBJ4ertZhyVIrr4QiXwfHFFfVpBvoGK8v+HpMYZJLms5ZvEgtsEGGSyKy8odQX4opkjNoALJOy\/CyMc9Xjvc0WqtaILNMHn6Kl9AAcyq6PssvKqRJv5HOvA8GUrutq9Atzc6rjH5SKtx4+gDL7sOUAzCBL\/Bxs9kACdnOsqjuzw=="}
 00914{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":4,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913345289714,"flow_dst_last_pkt_time":1663913345324006,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":542,"flow_src_tot_l4_payload_len":9673,"flow_dst_tot_l4_payload_len":1845,"midstream":0,"thread_ts_usec":1663913345324006,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 02099{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":160,"source":"line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913345289714,"flow_dst_last_pkt_time":1663913345324209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":542,"flow_src_tot_l4_payload_len":9673,"flow_dst_tot_l4_payload_len":6723,"midstream":0,"thread_ts_usec":1663913345324209,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":15678.7,"max":225047,"stddev":51123.4,"var":2613605376.0,"ent":1.5,"data": [175745,225047,59,35,38,31,59,34,37,32,38,31,36,30,43,29,35,45,113,84319,0,0,0,0,0,0,155,0,0,0,48]},"pktlen": {"min":59,"avg":540.4,"max":881,"stddev":131.0,"var":17170.0,"ent":4.9,"data": [881,419,569,569,569,569,569,569,569,569,569,569,569,569,569,569,569,569,59,161,398,570,570,570,570,570,570,570,570,570,570,570]},"bins": {"c_to_s": [1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [7.761873245,7.165147781,7.605986118,7.625072002,7.581394672,7.661452770,7.659568310,7.627281189,7.538283348,7.648130894,7.648977280,7.646443367,7.577320099,7.610880852,7.662839413,7.594055176,7.592848778,7.662833691,5.346174717,6.693209171,7.482118607,7.644935131,7.664292812,7.595146656,7.643230438,7.594839096,7.698119640,7.644002914,7.648988724,7.686812401,7.668937206,7.563340664]},"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4945,"source":"line.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913367738267,"flow_src_last_pkt_time":1663913367738267,"flow_dst_last_pkt_time":1663913367738267,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":160,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663913367738267,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51170,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4945,"source":"line.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1663913367738267,"flow_dst_last_pkt_time":1663913367738267,"flow_idle_time":200000000,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_usec":1663913367738267,"pkt":"wurksClYhKk4ukxYCABFAAC8Sc8AAIARAAAKyAN9k1ypWsficY4AqEu12JwAcgYC51R82\/sdO99W+wDF9jRfrb04AvdMqXgb50wZvLLuXlSCkyWjcTUi\/cKTsgFGYmcKIB96AAAAGFLc1BqRYT1Dm7zdTADjC6LfWNOY+ZEwbJI1TuqdH\/4lX1PnX5ypdPBspPInQ5c4Diw4J3pBlZs8ubDt+Nn49oFw4dOAHrwEcHe9mQwlyS\/LIDR3HXQdhB1FkyUfjGy7C74gwQ=="}
-00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4955,"source":"line.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1663913367738267,"flow_dst_last_pkt_time":1663913367772993,"flow_idle_time":200000000,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1663913367772993,"pkt":"hKk4ukxYwurksClYCABFAADwQZFAADERvHCTXKlaCsgDfXGOx+IA3NB52NACCQYCBIgnUgi+cJpIHzo0pKH2Mof4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGIbR7dsF\/FEeXuqKNGZ6qn8qjIIpdAkiMwr6nheNdCGmi1kXcmtFF2hM1QUfM6lbpEMI9gRcmiQNtvZ1OzmocB7uYLA5SaOJtlKIZY26U6n3DvHUf4bSurhdRlpuxDXW+UPFw\/GeWj27d2MEWlMpnePK7wBoWt9TAqxwnCv80psjYFsdMpXp1k68dUPN\/RygINo0Ogit4C8="}
-00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5578,"source":"line.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1663913369776646,"flow_dst_last_pkt_time":1663913367772993,"flow_idle_time":200000000,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1663913369776646,"pkt":"wurksClYhKk4ukxYCABFAACgSvMAAIARAAAKyAN9k1ypWsficY4AjEuZ0IAAcxhuz\/CknxAHtn8nVIbxa5FdzvAXUDYRrC1vYGBs6gl2kDv+IDfonNzdmBmoe1ShAHocyanQTqCjjGpx7UoS9VROkFCk9NWJIOfeGjaMAKvNsC88xDjwB9Vf\/kaqamTnUDt+e8vVH\/mBL1fPG5HkHujr+Y+mBI6BFFwwBw4z1XDu"}
-00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5587,"source":"line.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1663913369776646,"flow_dst_last_pkt_time":1663913369810719,"flow_idle_time":200000000,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1663913369810719,"pkt":"hKk4ukxYwurksClYCABFAAC4R8BAADERtnmTXKlaCsgDfXGOx+IApJqp0JgCChiGWLDhCymPOiA7GOihUKqK90TkrcqFwullJAEV2oADnWihdbyc6q\/nasDV+Dh7A70pIhdCEfNArR1c\/WhebhyTFFePqAFlbq1OzARGumdiSRhxlNcCjkr6Q2K08GtRKaw\/NnxYXqK5UjlCvzZGM4WI18t7ZD6sNk4z6FH7+I3LIDMZGWElUUwTstmPxEW8Fmp9UpUHCUfq"}
-00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6210,"source":"line.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1663913371776534,"flow_dst_last_pkt_time":1663913369810719,"flow_idle_time":200000000,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1663913371776534,"pkt":"wurksClYhKk4ukxYCABFAACgTAsAAIARAAAKyAN9k1ypWsficY4AjEuZ0IAAdBhu88EWWQL4L1LbfqJDYnRGb01n1sKe0lvHVBBVqL892BxEkY41O\/gD87wC+rkYULF+KivffNKDYpmu8Lr2YTMKuqmgFw81LNTiXLlSmUStTYkycWllbdexMt40BG5jgNMIyhppdjzjK900bA0+E\/u\/TLw5WKXLjH9MQPIR88Dz"}
-00913{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6978,"source":"line.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1663913367738267,"flow_src_last_pkt_time":1663913373776892,"flow_dst_last_pkt_time":1663913373811116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":212,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":680,"midstream":0,"thread_ts_usec":1663913373811116,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51170,"dst_port":29070,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":15161,"source":"line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":7014,"flow_dst_packets_processed":8001,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913394134559,"flow_dst_last_pkt_time":1663913394126239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1056,"flow_dst_max_l4_payload_len":1044,"flow_src_tot_l4_payload_len":5759547,"flow_dst_tot_l4_payload_len":5848835,"midstream":0,"thread_ts_usec":1663913394134559,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00955{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":24186,"source":"line.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1663913367738267,"flow_src_last_pkt_time":1663913375776479,"flow_dst_last_pkt_time":1663913375810399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":212,"flow_src_tot_l4_payload_len":688,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1663913414134632,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51170,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24574,"source":"line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":41,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913418926686,"flow_dst_last_pkt_time":1663913418885464,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3138,"flow_dst_max_l4_payload_len":334,"flow_src_tot_l4_payload_len":4954,"flow_dst_tot_l4_payload_len":2495,"midstream":1,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-01093{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24574,"source":"line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":21,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913402819217,"flow_dst_last_pkt_time":1663913403056559,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":573,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":4223,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24574,"source":"line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":11410,"flow_dst_packets_processed":12995,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913415094687,"flow_dst_last_pkt_time":1663913415128660,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1056,"flow_dst_max_l4_payload_len":1054,"flow_src_tot_l4_payload_len":9457705,"flow_dst_tot_l4_payload_len":9794243,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00953{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24574,"source":"line.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1663913367738267,"flow_src_last_pkt_time":1663913375776479,"flow_dst_last_pkt_time":1663913375810399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":212,"flow_src_tot_l4_payload_len":688,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51170,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24574,"source":"line.pcap","alias":"nDPId-test","packets-captured":24574,"packets-processed":24574,"total-skipped-flows":0,"total-l4-payload-len":19275463,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":2,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1663913418926686}
+00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"line.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913367738267,"flow_src_last_pkt_time":1663913367738267,"flow_dst_last_pkt_time":1663913367738267,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":160,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663913367738267,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51170,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"line.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1663913367738267,"flow_dst_last_pkt_time":1663913367738267,"flow_idle_time":200000000,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_usec":1663913367738267,"pkt":"wurksClYhKk4ukxYCABFAAC8Sc8AAIARAAAKyAN9k1ypWsficY4AqEu12JwAcgYC51R82\/sdO99W+wDF9jRfrb04AvdMqXgb50wZvLLuXlSCkyWjcTUi\/cKTsgFGYmcKIB96AAAAGFLc1BqRYT1Dm7zdTADjC6LfWNOY+ZEwbJI1TuqdH\/4lX1PnX5ypdPBspPInQ5c4Diw4J3pBlZs8ubDt+Nn49oFw4dOAHrwEcHe9mQwlyS\/LIDR3HXQdhB1FkyUfjGy7C74gwQ=="}
+00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"line.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1663913367738267,"flow_dst_last_pkt_time":1663913367772993,"flow_idle_time":200000000,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1663913367772993,"pkt":"hKk4ukxYwurksClYCABFAADwQZFAADERvHCTXKlaCsgDfXGOx+IA3NB52NACCQYCBIgnUgi+cJpIHzo0pKH2Mof4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGIbR7dsF\/FEeXuqKNGZ6qn8qjIIpdAkiMwr6nheNdCGmi1kXcmtFF2hM1QUfM6lbpEMI9gRcmiQNtvZ1OzmocB7uYLA5SaOJtlKIZY26U6n3DvHUf4bSurhdRlpuxDXW+UPFw\/GeWj27d2MEWlMpnePK7wBoWt9TAqxwnCv80psjYFsdMpXp1k68dUPN\/RygINo0Ogit4C8="}
+00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"line.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1663913369776646,"flow_dst_last_pkt_time":1663913367772993,"flow_idle_time":200000000,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1663913369776646,"pkt":"wurksClYhKk4ukxYCABFAACgSvMAAIARAAAKyAN9k1ypWsficY4AjEuZ0IAAcxhuz\/CknxAHtn8nVIbxa5FdzvAXUDYRrC1vYGBs6gl2kDv+IDfonNzdmBmoe1ShAHocyanQTqCjjGpx7UoS9VROkFCk9NWJIOfeGjaMAKvNsC88xDjwB9Vf\/kaqamTnUDt+e8vVH\/mBL1fPG5HkHujr+Y+mBI6BFFwwBw4z1XDu"}
+00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"line.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1663913369776646,"flow_dst_last_pkt_time":1663913369810719,"flow_idle_time":200000000,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1663913369810719,"pkt":"hKk4ukxYwurksClYCABFAAC4R8BAADERtnmTXKlaCsgDfXGOx+IApJqp0JgCChiGWLDhCymPOiA7GOihUKqK90TkrcqFwullJAEV2oADnWihdbyc6q\/nasDV+Dh7A70pIhdCEfNArR1c\/WhebhyTFFePqAFlbq1OzARGumdiSRhxlNcCjkr6Q2K08GtRKaw\/NnxYXqK5UjlCvzZGM4WI18t7ZD6sNk4z6FH7+I3LIDMZGWElUUwTstmPxEW8Fmp9UpUHCUfq"}
+00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"line.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1663913371776534,"flow_dst_last_pkt_time":1663913369810719,"flow_idle_time":200000000,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1663913371776534,"pkt":"wurksClYhKk4ukxYCABFAACgTAsAAIARAAAKyAN9k1ypWsficY4AjEuZ0IAAdBhu88EWWQL4L1LbfqJDYnRGb01n1sKe0lvHVBBVqL892BxEkY41O\/gD87wC+rkYULF+KivffNKDYpmu8Lr2YTMKuqmgFw81LNTiXLlSmUStTYkycWllbdexMt40BG5jgNMIyhppdjzjK900bA0+E\/u\/TLw5WKXLjH9MQPIR88Dz"}
+00912{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"line.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1663913367738267,"flow_src_last_pkt_time":1663913373776892,"flow_dst_last_pkt_time":1663913373811116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":212,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":680,"midstream":0,"thread_ts_usec":1663913373811116,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51170,"dst_port":29070,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00958{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":269,"source":"line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":66,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913353743994,"flow_dst_last_pkt_time":1663913353727759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":542,"flow_src_tot_l4_payload_len":12625,"flow_dst_tot_l4_payload_len":13364,"midstream":0,"thread_ts_usec":1663913403056559,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00940{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":41,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913418926686,"flow_dst_last_pkt_time":1663913418885464,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3138,"flow_dst_max_l4_payload_len":334,"flow_src_tot_l4_payload_len":4954,"flow_dst_tot_l4_payload_len":2495,"midstream":1,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+01091{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":290,"source":"line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":21,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913402819217,"flow_dst_last_pkt_time":1663913403056559,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":573,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":4223,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
+00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":66,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913353743994,"flow_dst_last_pkt_time":1663913353727759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":542,"flow_src_tot_l4_payload_len":12625,"flow_dst_tot_l4_payload_len":13364,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00951{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"line.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1663913367738267,"flow_src_last_pkt_time":1663913375776479,"flow_dst_last_pkt_time":1663913375810399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":212,"flow_src_tot_l4_payload_len":688,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51170,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":290,"source":"line.pcap","alias":"nDPId-test","packets-captured":290,"packets-processed":290,"total-skipped-flows":0,"total-l4-payload-len":49504,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":1,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_usec":1663913418926686}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
-~~ packets captured/processed: 24574/24574
+~~ packets captured/processed: 290/290
 ~~ skipped flows.............: 0
-~~ total layer4 data length..: 19275463 bytes
+~~ total layer4 data length..: 49504 bytes
 ~~ total detected protocols..: 5
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 7146029 bytes
-~~ total memory freed........: 7146029 bytes
-~~ total allocations/frees...: 147066/147066
+~~ total memory allocated....: 6446730 bytes
+~~ total memory freed........: 6446730 bytes
+~~ total allocations/frees...: 122792/122792
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 2313 chars
diff --git a/test/results/lisp_registration.pcap.out b/test/results/lisp_registration.pcap.out
index bc5b1c4df..a83a710cd 100644
--- a/test/results/lisp_registration.pcap.out
+++ b/test/results/lisp_registration.pcap.out
@@ -41,9 +41,9 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6422112 bytes
-~~ total memory freed........: 6422112 bytes
-~~ total allocations/frees...: 122501/122501
+~~ total memory allocated....: 6427041 bytes
+~~ total memory freed........: 6427041 bytes
+~~ total allocations/frees...: 122511/122511
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 502 chars
 ~~ json string max len.......: 1398 chars
diff --git a/test/results/log4j-webapp-exploit.pcap.out b/test/results/log4j-webapp-exploit.pcap.out
index fee27e8e9..b29b39bbe 100644
--- a/test/results/log4j-webapp-exploit.pcap.out
+++ b/test/results/log4j-webapp-exploit.pcap.out
@@ -73,9 +73,9 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6441400 bytes
-~~ total memory freed........: 6441400 bytes
-~~ total allocations/frees...: 122947/122947
+~~ total memory allocated....: 6446409 bytes
+~~ total memory freed........: 6446409 bytes
+~~ total allocations/frees...: 122959/122959
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 304 chars
 ~~ json string max len.......: 1913 chars
diff --git a/test/results/long_tls_certificate.pcap.out b/test/results/long_tls_certificate.pcap.out
index 684242ad7..9c28ebad9 100644
--- a/test/results/long_tls_certificate.pcap.out
+++ b/test/results/long_tls_certificate.pcap.out
@@ -21,9 +21,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6812428 bytes
-~~ total memory freed........: 6812428 bytes
-~~ total allocations/frees...: 122678/122678
+~~ total memory allocated....: 6817333 bytes
+~~ total memory freed........: 6817333 bytes
+~~ total allocations/frees...: 122688/122688
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 505 chars
 ~~ json string max len.......: 5358 chars
diff --git a/test/results/lru_ipv6_caches.pcapng.out b/test/results/lru_ipv6_caches.pcapng.out
new file mode 100644
index 000000000..edcc6faf3
--- /dev/null
+++ b/test/results/lru_ipv6_caches.pcapng.out
@@ -0,0 +1,98 @@
+00497{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639052947835473}
+00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947835473,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052947835473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052947835473,"l3_proto":"ip6","src_ip":"32fb:f967:681e:e96b:face:b00c::74fd","dst_ip":"20ed:470f:6f73:ce60:60be:8b4f:df37:b080","src_port":3478,"dst_port":45658,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052947835473,"flow_idle_time":200000000,"pkt_caplen":84,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":84,"pkt_l4_len":30,"thread_ts_usec":1639052947835473,"pkt":"AAAAAAAAAAIAiPwTht1gAAAAAB4RNTL7+WdoHulr+s6wDAAAdP0g7UcPb3POYGC+i0\/fN7CADZayWgAeVVyAyQABc057KIAAAAURUN3Xuv65y9fO"}
+00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052948008616,"flow_idle_time":200000000,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":112,"pkt_l4_len":58,"thread_ts_usec":1639052948008616,"pkt":"AAAAAAAAAAUAny4Oht1gCOxqADoRPyDtRw9vc85gYL6LT983sIAy+\/lnaB7pa\/rOsAwAAHT9sloNlgA6KoqAyQABWl1ZNGNoadjLndjyhIQdR3eb9BFhVVqa3fOaaflunNCAAAAByaRnP87SPV4aWA=="}
+00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1639052948274471,"flow_dst_last_pkt_time":1639052948008616,"flow_idle_time":200000000,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":112,"pkt_l4_len":58,"thread_ts_usec":1639052948274471,"pkt":"AAAAAAAAAAIAiPwTht1gAAAAADoRNTL7+WdoHulr+s6wDAAAdP0g7UcPb3POYGC+i0\/fN7CADZayWgA67jSAyQABc057KPtqh0GuGNqHQpVdUH9DbV7N1xxXOtXJtJqdGPOAAAAGtXeTrpTWaBsieQ=="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1639052948289476,"flow_dst_last_pkt_time":1639052948008616,"flow_idle_time":200000000,"pkt_caplen":84,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":84,"pkt_l4_len":30,"thread_ts_usec":1639052948289476,"pkt":"AAAAAAAAAAIAiPwTht1gAAAAAB4RNTL7+WdoHulr+s6wDAAAdP0g7UcPb3POYGC+i0\/fN7CADZayWgAecUyAyQABc057KIAAAAeHMLnCpIkbax7n"}
+00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639052948289476,"flow_dst_last_pkt_time":1639052948301493,"flow_idle_time":200000000,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":112,"pkt_l4_len":58,"thread_ts_usec":1639052948301493,"pkt":"AAAAAAAAAAUAny4Oht1gCOxqADoRPyDtRw9vc85gYL6LT983sIAy+\/lnaB7pa\/rOsAwAAHT9sloNlgA6RJGAyQABkTlfEc51q66FXyPDwam3nbBa6WicqgKI89C6hGhWlhyAAAAFFpuu1SLHCT7WvA=="}
+01055{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1639052947835473,"flow_src_last_pkt_time":1639052948665588,"flow_dst_last_pkt_time":1639052948452760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":144,"flow_src_tot_l4_payload_len":268,"flow_dst_tot_l4_payload_len":356,"midstream":0,"thread_ts_usec":1639052948665588,"l3_proto":"ip6","src_ip":"32fb:f967:681e:e96b:face:b00c::74fd","dst_ip":"20ed:470f:6f73:ce60:60be:8b4f:df37:b080","src_port":3478,"dst_port":45658,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":2,"num_processed_pkts":3}}}
+00818{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948897167,"flow_src_last_pkt_time":1639052948897167,"flow_dst_last_pkt_time":1639052948897167,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948897167,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27","src_port":6881,"dst_port":60506,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1639052948897167,"flow_dst_last_pkt_time":1639052948897167,"flow_idle_time":200000000,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052948897167,"pkt":"AAAAAAAAAAgAVrKUht1gDMK7ABwRPzmRBy0zbmXsxb+l+oOtI94wJOXurC\/Ndl3Wp6Hxf1wnGuHsWgAcMekhAKzS+CpD0rrw8PwAEAAA1ElsQg=="}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1639052948898635,"flow_dst_last_pkt_time":1639052948897167,"flow_idle_time":200000000,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052948898635,"pkt":"AAAAAAAAAAgAVrKUht1gDMK7ABwRPzmRBy0zbmXsxb+l+oOtI94wJOXurC\/Ndl3Wp6Hxf1wnGuHsWgAcMDchAKzS+CpIPbrw7kIAEAAA1ElsQw=="}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1639052949314245,"flow_dst_last_pkt_time":1639052948897167,"flow_idle_time":200000000,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052949314245,"pkt":"AAAAAAAAAAgAVrKUht1gDMK7ABwRPzmRBy0zbmXsxb+l+oOtI94wJOXurC\/Ndl3Wp6Hxf1wnGuHsWgAc2C8hAKzS+DCgmLrw7eYAEAAA1ElsRQ=="}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1639052949726707,"flow_dst_last_pkt_time":1639052948897167,"flow_idle_time":200000000,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052949726707,"pkt":"AAAAAAAAAAgAVrKUht1gDMK7ABwRPzmRBy0zbmXsxb+l+oOtI94wJOXurC\/Ndl3Wp6Hxf1wnGuHsWgAciKUhAKzS+Dby0rrw6y8AEAAA1ElsRg=="}
+00817{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052950309556,"flow_src_last_pkt_time":1639052950309556,"flow_dst_last_pkt_time":1639052950309556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052950309556,"l3_proto":"ip6","src_ip":"2a2f:8509:1cb2:466d:ecbf:69d6:109c:608","dst_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","src_port":62229,"dst_port":6881,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1639052950309556,"flow_dst_last_pkt_time":1639052950309556,"flow_idle_time":200000000,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"thread_ts_usec":1639052950309556,"pkt":"AAAAAAAAAAQAC1O2ht1gD4GkACIRLyovhQkcskZt7L9p1hCcBgg5kQctM25l7MW\/pfqDrSPe8xUa4QAiuZUBAO\/LwNkaKsifYvoAEAAAXBJdZgAABjkUAQ=="}
+01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1639052950315672,"flow_dst_last_pkt_time":1639052950309556,"flow_idle_time":200000000,"pkt_caplen":610,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":610,"pkt_l4_len":556,"thread_ts_usec":1639052950315672,"pkt":"AAAAAAAAAAQAC1O2ht1gD4GkAiwRLyovhQkcskZt7L9p1hCcBgg5kQctM25l7MW\/pfqDrSPe8xUa4QIsPEQBAO\/LwNkrxcifYvoAEAAAXBNdZmQ1OmFkZGVkMjY0Olt6GN4a4XJPFwwa4XJPNqIa4U3bBrD5J03bBa5eyS6kkX4iw03bAmvTm03bAzlkM8XSCKYtOJwA1jZOanJPJcAa4XJPFTMa4ZwA1TIFYXJPFUEa4ZwA1hZXanJPJcka4XJPN0Ea4WZEMl4a4cXSL7wa4U3bDTCPpHJPFdUAAXJPN+0a4XJPFyga4XJPJdEa4XGUfbweYXJPF7Ya4Y3tzXEa4SmKW7oa4bBE6PXP7JwA1TxbWV+emWoa4cXSQPY8dMXSQRCj+MpZSa4gYymKWfIyf8XSQYIa4V9GW8Qa4b5PQUlL38XSHRIa4U3bBdKokE3bBl7c5MjXtQka4cXSL7rTQCUDXkNEsjc6YWRkZWQuZjQ0OhgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAABgAAAAAAAgaAAAAAAAANjphZGRlZDY0MzI6JAWYALUQiNdQlRmDQPuzOOrkJANiAIhBA8Zxm8HewmfRLhrhKAQaPD6RyQD5+e0X8PMLDRrhKAOYAJCNic\/kobfhWSrVRRrhKgPsALFGLQiQ0rJMasWLJxrhKgPsALFVX7GkySnULDWtYQABKgPsALGDFNcE+jM\/aJRmIRrhKgPsALGMATOw4X7j0+0AAxrhKgPsALl9ntIgYIosLw+Q8RrhKgPsALGLG4DBNAlI4GnXHwABKgPsAA=="}
+00820{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052950545675,"flow_src_last_pkt_time":1639052950545675,"flow_dst_last_pkt_time":1639052950545675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052950545675,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c","src_port":6881,"dst_port":6881,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1639052950545675,"flow_dst_last_pkt_time":1639052950545675,"flow_idle_time":200000000,"pkt_caplen":166,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":166,"pkt_l4_len":112,"thread_ts_usec":1639052950545675,"pkt":"AAAAAAAAAAgAVrKUht1gDngoAHARPzmRBy0zbmXsxb+l+oOtI94v2h+KwQeIpOUJ0uFEX\/NMGuEa4QBwlhdkMTphZDI6aWQyMDrlXFuiZTjDuuw6Y5fpKld4tI\/Cxjk6aW5mb19oYXNoMjA65VxX8VkubhLb4bEqLlkIOyJcOUNlMTpxOTpnZXRfcGVlcnMxOnQyOnRFMTp2NDpMVAECMTp5MTpxZQ=="}
+01133{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052950545675,"flow_src_last_pkt_time":1639052950545675,"flow_dst_last_pkt_time":1639052950545675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052950545675,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c","src_port":6881,"dst_port":6881,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}}
+00817{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052950583119,"flow_src_last_pkt_time":1639052950583119,"flow_dst_last_pkt_time":1639052950583119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052950583119,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83","src_port":6881,"dst_port":1,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1639052950583119,"flow_dst_last_pkt_time":1639052950583119,"flow_idle_time":200000000,"pkt_caplen":166,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":166,"pkt_l4_len":112,"thread_ts_usec":1639052950583119,"pkt":"AAAAAAAAAAgAVrKUht1gAdfJAHARPzmRBy0zbmXsxb+l+oOtI94sf9egRKlJ6eWG+39bhZyDGuEAAQBwpipkMTphZDI6aWQyMDrlXFuiZTjDuuw6Y5fpKld4tI\/Cxjk6aW5mb19oYXNoMjA65VwDWNsjaMkiDHcKmOO7g\/XbXJhlMTpxOTpnZXRfcGVlcnMxOnQyOlMzMTp2NDpMVAECMTp5MTpxZQ=="}
+01249{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1639052950737932,"flow_dst_last_pkt_time":1639052950309556,"flow_idle_time":200000000,"pkt_caplen":610,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":610,"pkt_l4_len":556,"thread_ts_usec":1639052950737932,"pkt":"AAAAAAAAAAQAC1O2ht1gD4GkAiwRLyovhQkcskZt7L9p1hCcBgg5kQctM25l7MW\/pfqDrSPe8xUa4QIsgIEBAO\/LwN+LSsifX1YAEAAAXBRdZrmjKql8pxLTwtgC3wABKgPsALmjOmYkMZq5vlzkRBrhKgPsALGlIxIQwxYNdIMcJRrhIAFEVQRNbwAAAAAAAAAAARrhKAQNQeBOQQCcCWtW2g3p0xrhJAmKMAGSIKAAJEcQZZTkzRrhKAQBTRSFgKXsCXPJ8t\/t0BrhJAJAACCAJn0lJdoyVKC02RrhJAmKMAGSIKABAowTtx2Z\/xrhKgPsALFHRmq0kvb8O5gcGhrhKAQH8LHAqrrtV+a7hK777BrhJAQAwIQRCU20IiGX0FJ9DxrhKgPsALGHCtRNvIdV3hcH8xrhJALigCE5AGsF1y+9GcXXOBrhODphZGRlZDYuZjI0OhgaGhoAAAAAAAAAAAAaGhgYGggAGAAAGDc6ZHJvcHBlZDMwMDolA14zRKopilndXiMpilpYLtop+IDsGuEqlgEaMthNKFAHGuFN2wLj9rpN2wYlVTxN2wy2WrlN2wzupylN2w3QCt1N2w37DTdVXvArGuFVrsilDI9qa5NYJzRyTxb9GuFyTyWlGuFyTzceGuFyTzdHGuFyTzeNGuFyTzeUGuGcANQSGuGcANQWOOacANQdGuGcANUDGuGcANYRGuGwNdRuBgSyz75mGuG1gY4CGuG5DXCeCSfF0gg6GuHF0ghJGuHF0hxaT7\/F0hy9j+nF0hzOAAHF0h0EC6vF0i8DErXF0i8ZDbbF0g=="}
+01255{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1639052950737932,"flow_dst_last_pkt_time":1639052950309556,"flow_idle_time":200000000,"pkt_caplen":610,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":610,"pkt_l4_len":556,"thread_ts_usec":1639052950737932,"pkt":"AAAAAAAAAAQAC1O2ht1gD4GkAiwRLyovhQkcskZt7L9p1hCcBgg5kQctM25l7MW\/pfqDrSPe8xUa4QIs+v4BAO\/LwN+MDcifX1YAEAAAXBVdZi\/V2y3F0i\/gGuHF0kBGGuHF0kDiGuHF0kFlrr\/F0kGGGuHF0kGlUlDF0kHNB+7F0kHoXwHF0kHs2H\/I17UBGuHUXXqZGuE4OmRyb3BwZWQ2NDUwOiABBxgABwIEZcdtGPiejOga4SABRFER3pwAIJ6pxVllU3Ea4SQEAMCEEAay+ca3SimFiVcAASQEAMCEEEQLtCIhl9BSfQ8a4SQEAMCEESK9EP3Rl8Q0ALQa4SQEAMCEESK9tCIhl9BSfQ8a4SQJimIEicMAbKmgRMkqff0a4SYAbFhOf28zAAAAAAAAF3Ea4SYFogCVALspGek\/Xi35jv8a4SgAAEAANxn7ZHlYzG5oPMYa4SgEAU1M0YqqAhyz\/\/50+vYa4SgEDUG\/HW0AVFhkdrZ+ftQa4SgEFFyETAAAiatQfV2Vbk0a4SoD7ACxghkcDGWqGhivX2sAASoD7ACxghkcpK1UO7U\/SOga4SoD7ACxgxTXvYdxG04A6z0a4SoD7ACxhgG68A3JgJPtC3Qa4SoD7ACxhiZNgbIwZSMmHFYa4SoD7ACxhzqaGGYVTl+foEwAASoD7ACxijPImdiKdGh3xIIa4SoD7ACxjwkRCKsdudTdrRga4SoD7ACxkDqEkGAXfkr1QLgAASoD7ACxkRiYpQNcDvEFsIIa4SoD7ACxlgU0GCe3Tmg4KLDSNSoD7ACxpDY4AEJfkg=="}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1639052951148900,"flow_dst_last_pkt_time":1639052950309556,"flow_idle_time":200000000,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_usec":1639052951148900,"pkt":"AAAAAAAAAAQAC1O2ht1gD4GkACMRLyovhQkcskZt7L9p1hCcBgg5kQctM25l7MW\/pfqDrSPe8xUa4QAj2c4BAO\/LwOXno8ifSXsAEAAAXBZdZg72txwa4WU="}
+00816{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052951219984,"flow_src_last_pkt_time":1639052951219984,"flow_dst_last_pkt_time":1639052951219984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052951219984,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"38b2:46b7:27a4:94c3:c134:948:e069:d71f","src_port":6881,"dst_port":1,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1639052951219984,"flow_dst_last_pkt_time":1639052951219984,"flow_idle_time":200000000,"pkt_caplen":166,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":166,"pkt_l4_len":112,"thread_ts_usec":1639052951219984,"pkt":"AAAAAAAAAAgAVrKUht1gDr4pAHARPzmRBy0zbmXsxb+l+oOtI944ska3J6SUw8E0CUjgadcfGuEAAQBw4FxkMTphZDI6aWQyMDrlXFuiZTjDuuw6Y5fpKld4tI\/Cxjk6aW5mb19oYXNoMjA65VwBHqHGiWSoFxPVm8S45ot6GsxlMTpxOTpnZXRfcGVlcnMxOnQyOmr7MTp2NDpMVAECMTp5MTpxZQ=="}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1639052952496260,"flow_dst_last_pkt_time":1639052948897167,"flow_idle_time":200000000,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"thread_ts_usec":1639052952496260,"pkt":"AAAAAAAAAAgAVrKUht1gCDfFACIRPzmRBy0zbmXsxb+l+oOtI94wJOXurC\/Ndl3Wp6Hxf1wnGuHsWgAioDQBAKzS+GDlrbrw6y8AEAAA1ElsRgAAAV8UAQ=="}
+00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1639052959035612,"flow_dst_last_pkt_time":1639052950545675,"flow_idle_time":200000000,"pkt_caplen":166,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":166,"pkt_l4_len":112,"thread_ts_usec":1639052959035612,"pkt":"AAAAAAAAAAgAVrKUht1gCe0yAHARPzmRBy0zbmXsxb+l+oOtI94v2h+KwQeIpOUJ0uFEX\/NMGuEa4QBw7ZJkMTphZDI6aWQyMDrlXFuiZTjDuuw6Y5fpKld4tI\/Cxjk6aW5mb19oYXNoMjA65VxdggPDJDvaNdNt\/L2j+bkuqMllMTpxOTpnZXRfcGVlcnMxOnQyOiVoMTp2NDpMVAECMTp5MTpxZQ=="}
+00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961890141,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052961890141,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgABwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgAcBsoIAQAAIRKkQkNDRkplV05Uc1dQcw=="}
+00721{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1639052961892484,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052961892484,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAKARPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCgpJ0AAwCEIRKkQlM3RnRRL3Y2ay9PMkAAAGYJEFPqNE7VJH5jscfXNsYhb98E3U++3ioUwgZB8WeSBCDE8Hv0qlQ7VYtVkKskkvqRH1iLwzoIGi7Dz\/tzqvCpnwhdkVyqhKbzd8NfXZRNbjB3f0ByPdFFironKHaSXUOOxWFCn10AAAAIABS86wFVtBJv5aANWhLlzvJVsxeNfg=="}
+01064{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961892484,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961892484,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}}
+00721{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1639052962142439,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052962142439,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAKARPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCgpJ0AAwCEIRKkQlM3RnRRL3Y2ay9PMkAAAGYJEFPqNE7VJH5jscfXNsYhb98E3U++3ioUwgZB8WeSBCDE8Hv0qlQ7VYtVkKskkvqRH1iLwzoIGi7Dz\/tzqvCpnwhdkVyqhKbzd8NfXZRNbjB3f0ByPdFFironKHaSXUOOxWFCn10AAAAIABS86wFVtBJv5aANWhLlzvJVsxeNfg=="}
+00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1639052962191138,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052962191138,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgABwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgAcBsoIAQAAIRKkQkNDRkplV05Uc1dQcw=="}
+00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1639052963579689,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_caplen":210,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":210,"pkt_l4_len":156,"thread_ts_usec":1639052963579689,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAJwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCcOP4AAQCAIRKkQlUyZXJ1M05HdUpPbgAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAA2roABAAAAALAVwAEAAMACoAqAAhYlWblH2D7mAAlAAAAJAAEbn8o\/wAIABQ5szu0z17I9YE5t42kszUxGI8nq4AoAAQ7B4OH"}
+00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052969360318,"flow_src_last_pkt_time":1639052969360318,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969360318,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1639052969360318,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1639052969360318,"pkt":"AAAAAAAAAAgAKih5ht1gChT5ACAGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbuscESWy8wKP2CEgBL\/\/+ibAAACBAVQAQEEAgEDAwo="}
+02356{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1639052969517969,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":3285032704,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052969517969,"pkt":"AAAAAAAAAAgAKih5ht1gChT5BWQGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbuscESWy80KP2KJUBAAQlzUAAAWAwMAUAIAAEwDA2Gx9qmsk0SkPB6KDAiZvXlLcIQwNUuS8UsCtY0L22BDAMArAAAkAAAAAAAXAAD\/AQABAAALAAIBAAAjAAAAEAAFAAMCaDIABQAAFgMDCRMLAAkPAAkMAAU1MIIFMTCCBNegAwIBAgIQARkfjV3L9r9HIyjCQZoh1zAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMXQ2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwNjI5MDAwMDAwWhcNMjIwNjI4MjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEeMBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgC1s4G\/NmWra3EB1ViB4aiWbMPL7u1IoIlMpgn5kNUKgNwoi39Y6LTb+Bl8CrmpOOliciecDhWGPcHTDWIAx2KOCA3IwggNuMB8GA1UdIwQYMBaAFKXON+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBQZ22ajXmjoPgEhYrj\/45kMwDYdJjA6BgNVHREEMzAxggwqLmJpa3JveS5jb22CFXNuaS5jbG91ZGZsYXJlc3NsLmNvbYIKYmlrcm95LmNvbTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NBLTMuY3J0MAwGA1UdEwEB\/wQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw\/m1HAAABelhQNzEAAAQDAEYwRAIgYeZpP+\/pPAjfswX1ISGsnmjFB4TkAWSbMt3y7HyRMywCIBC7D68n+qN3I9heI3yRIJz4gDyP6KV6L+SpG416yJboAHYAIkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt\/XcaDXG7iDwIAAAF6WFA3EAAABAMARzBFAiBp6pKbAs2el1rhPRfScrzqYQmiOgnwezpUPc0Pt5jtXgIhAPhl0sVfcRlm\/W6Vcy5oIjTXFIQwT\/VRTjwXP2LNU411AHUAUaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN\/tSLBeUAAAF6WFA3JwAABAMARjBEAiBlw+pxlBqLJzpdOZ7QjnSDhXse\/VYyQs1QYcV8iP2Y6wIgOH2yamb7OYhqD3TT8HEY+GUOcPF4S5oYacz\/IatUT+4wCgYIKoZIzj0EAwID"}
+01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052969360318,"flow_src_last_pkt_time":1639052969517969,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969517969,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44144,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2"}}}
+02354{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1639052969517992,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":3285032704,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052969517992,"pkt":"AAAAAAAAAAgAKih5ht1gChT5BWQGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbuscESW0R0KP2KJUBAAQnUtAABIADBFAiEA7RxPNj701c+7QX2jNqNJVJvfkrXXaQDkvfvj7eI9lQ0CIDfTeyI6EWEnoww8vKA3dIR\/D36WveN3dOnMT0w6Q1zHAAPRMIIDzTCCArWgAwIBAgIQCjeHZF5ftIwiTv0b7RQMPDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIwMDEyNzEyNDgwOFoXDTI0MTIzMTIzNTk1OVowSjELMAkGA1UEBhMCVVMxGTAXBgNVBAoTEENsb3VkZmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkZmxhcmUgSW5jIEVDQyBDQS0zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEua1NZpkUC0bsH4HRKlAenQMVLzQSfS2WuIg4m4Vfj7+7Te9hRsTJc9QkT+DuHM5ss1FxL2ruTAUJd9NyYqSb16OCAWgwggFkMB0GA1UdDgQWBBSlzjfq67B1DpRniLRF+tkkEIeWHzAfBgNVHSMEGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwbQYDVR0gBGYwZDA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIwCAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEBAAUkHd0bsCrrmNaF4zlNXmtXnYJX\/OvoMaJXkGUFvhZEOFp3ArnPEELG4ZKk40Un+ABHLGioVplTVI+tnkDB0A+21w0LOEhsUCxJkAZbZB2LzEgwLt4I4ptJIsCSDBFelpKU1fwg3FZs5ZKTv3ocwDfjhUkV+ivhdDkYD7fa86JXWGBPzI6UAPxGezQxPk1HgoE6y\/SJXQ7vTQ1unBuCJN0yJV0ReFEQPaA1IwQvZW+cwdFD19Ae8zFnWSfda9J1CZMRJCQUzym+5iPDuI9yP+kHyCREU3qzuWFloUwOxkgAyXVjBYdwRVKD05WdRerw6DEdfgkfCv4+3ao8XnTSrLEWAwMBHxYAARsBAAEXMIIBEwoBAKCCAQwwggEIBgkrBgEFBQcwAQEEgfowgfcwgZ6iFgQUpc436uuwdQ6UZ4i0RfrZJBCHlh8YDzIwMjExMjA4MDcwNjQzWjBzMHEwSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEAEZH41dy\/a\/RyMowkGaIdeAABgPMjAyMTEyMDgwNjUxMDJaoBEYDzIwMjExMjE1MDYwNjAyWjAKBggqhkjOPQQDAgNIADBFAiA\/Ba4a+oKzM0DIq\/Ym9c2jm9PFFlvn1dBsVLW+3hQ6dgIhAM3JC7lV\/o\/6R7VZrtvaUv0LauAeiJjucdYshTXHExh8FgMDAHIMAABuAwAdIDwd"}
+01459{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052969360318,"flow_src_last_pkt_time":1639052969517992,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969517992,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44144,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","notafter":"2022-06-28 23:59:59","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0"}}}
+00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052969585053,"flow_src_last_pkt_time":1639052969585053,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969585053,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44150,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1639052969585053,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1639052969585053,"pkt":"AAAAAAAAAAgAKih5ht1gAPBzACAGMyABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusdiq5T1XdwhBagBL\/\/\/uQAAACBAVQAQEEAgEDAwo="}
+02357{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":3285032704,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052969733805,"pkt":"AAAAAAAAAAgAKih5ht1gAPBzBWQGMyABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusdiq5T1bdwhJfUBAAQnm1AAAWAwMAUAIAAEwDA2Gx9qme4uujwv1+7XVRUWnJHpI6\/iAaaJ7rvPDDXG+vAMArAAAkAAAAAAAXAAD\/AQABAAALAAIBAAAjAAAAEAAFAAMCaDIABQAAFgMDCRMLAAkPAAkMAAU1MIIFMTCCBNegAwIBAgIQARkfjV3L9r9HIyjCQZoh1zAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMXQ2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwNjI5MDAwMDAwWhcNMjIwNjI4MjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEeMBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgC1s4G\/NmWra3EB1ViB4aiWbMPL7u1IoIlMpgn5kNUKgNwoi39Y6LTb+Bl8CrmpOOliciecDhWGPcHTDWIAx2KOCA3IwggNuMB8GA1UdIwQYMBaAFKXON+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBQZ22ajXmjoPgEhYrj\/45kMwDYdJjA6BgNVHREEMzAxggwqLmJpa3JveS5jb22CFXNuaS5jbG91ZGZsYXJlc3NsLmNvbYIKYmlrcm95LmNvbTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NBLTMuY3J0MAwGA1UdEwEB\/wQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw\/m1HAAABelhQNzEAAAQDAEYwRAIgYeZpP+\/pPAjfswX1ISGsnmjFB4TkAWSbMt3y7HyRMywCIBC7D68n+qN3I9heI3yRIJz4gDyP6KV6L+SpG416yJboAHYAIkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt\/XcaDXG7iDwIAAAF6WFA3EAAABAMARzBFAiBp6pKbAs2el1rhPRfScrzqYQmiOgnwezpUPc0Pt5jtXgIhAPhl0sVfcRlm\/W6Vcy5oIjTXFIQwT\/VRTjwXP2LNU411AHUAUaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN\/tSLBeUAAAF6WFA3JwAABAMARjBEAiBlw+pxlBqLJzpdOZ7QjnSDhXse\/VYyQs1QYcV8iP2Y6wIgOH2yamb7OYhqD3TT8HEY+GUOcPF4S5oYacz\/IatUT+4wCgYIKoZIzj0EAwID"}
+01124{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052969585053,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969733805,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44150,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2"}}}
+02354{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":3285032704,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052969733805,"pkt":"AAAAAAAAAAgAKih5ht1gAPBzBWQGMyABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusdiq5VKbdwhJfUBAAQpK1AABIADBFAiEA7RxPNj701c+7QX2jNqNJVJvfkrXXaQDkvfvj7eI9lQ0CIDfTeyI6EWEnoww8vKA3dIR\/D36WveN3dOnMT0w6Q1zHAAPRMIIDzTCCArWgAwIBAgIQCjeHZF5ftIwiTv0b7RQMPDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIwMDEyNzEyNDgwOFoXDTI0MTIzMTIzNTk1OVowSjELMAkGA1UEBhMCVVMxGTAXBgNVBAoTEENsb3VkZmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkZmxhcmUgSW5jIEVDQyBDQS0zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEua1NZpkUC0bsH4HRKlAenQMVLzQSfS2WuIg4m4Vfj7+7Te9hRsTJc9QkT+DuHM5ss1FxL2ruTAUJd9NyYqSb16OCAWgwggFkMB0GA1UdDgQWBBSlzjfq67B1DpRniLRF+tkkEIeWHzAfBgNVHSMEGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwbQYDVR0gBGYwZDA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIwCAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEBAAUkHd0bsCrrmNaF4zlNXmtXnYJX\/OvoMaJXkGUFvhZEOFp3ArnPEELG4ZKk40Un+ABHLGioVplTVI+tnkDB0A+21w0LOEhsUCxJkAZbZB2LzEgwLt4I4ptJIsCSDBFelpKU1fwg3FZs5ZKTv3ocwDfjhUkV+ivhdDkYD7fa86JXWGBPzI6UAPxGezQxPk1HgoE6y\/SJXQ7vTQ1unBuCJN0yJV0ReFEQPaA1IwQvZW+cwdFD19Ae8zFnWSfda9J1CZMRJCQUzym+5iPDuI9yP+kHyCREU3qzuWFloUwOxkgAyXVjBYdwRVKD05WdRerw6DEdfgkfCv4+3ao8XnTSrLEWAwMBHxYAARsBAAEXMIIBEwoBAKCCAQwwggEIBgkrBgEFBQcwAQEEgfowgfcwgZ6iFgQUpc436uuwdQ6UZ4i0RfrZJBCHlh8YDzIwMjExMjA4MDcwNjQzWjBzMHEwSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEAEZH41dy\/a\/RyMowkGaIdeAABgPMjAyMTEyMDgwNjUxMDJaoBEYDzIwMjExMjE1MDYwNjAyWjAKBggqhkjOPQQDAgNIADBFAiA\/Ba4a+oKzM0DIq\/Ym9c2jm9PFFlvn1dBsVLW+3hQ6dgIhAM3JC7lV\/o\/6R7VZrtvaUv0LauAeiJjucdYshTXHExh8FgMDAHMMAABvAwAdIDGI"}
+01467{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052969585053,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969733805,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44150,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","notafter":"2022-06-28 23:59:59","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0"}}}
+00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1639052971296401,"flow_dst_last_pkt_time":1639052951219984,"flow_idle_time":200000000,"pkt_caplen":166,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":166,"pkt_l4_len":112,"thread_ts_usec":1639052971296401,"pkt":"AAAAAAAAAAgAVrKUht1gDJJRAHARPzmRBy0zbmXsxb+l+oOtI944ska3J6SUw8E0CUjgadcfGuEAAQBwt+hkMTphZDI6aWQyMDrlXFuiZTjDuuw6Y5fpKld4tI\/Cxjk6aW5mb19oYXNoMjA65VxCYpebxBOzZP3H84ohCF\/4mXRlMTpxOTpnZXRfcGVlcnMxOnQyOhlZMTp2NDpMVAECMTp5MTpxZQ=="}
+00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974554138,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052974554138,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1639052974554138,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1639052974554138,"pkt":"AAAAAAAAAAgAKih5ht1gBA3VACAGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusoI2aK1YLBRqPgBL\/\/4UNAAACBAVQAQEEAgEDAwo="}
+02358{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1639052974704392,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":3285032704,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052974704392,"pkt":"AAAAAAAAAAgAKih5ht1gBA3VBWQGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusoI2aK1cLBRtIUBAAQtsqAAAWAwMAUAIAAEwDA2Gx9q7NW\/InZk3e9l0G3VMCEwBfKMJf26DLOUsrrRkmAMArAAAkAAAAAAAXAAD\/AQABAAALAAIBAAAjAAAAEAAFAAMCaDIABQAAFgMDCRMLAAkPAAkMAAU1MIIFMTCCBNegAwIBAgIQARkfjV3L9r9HIyjCQZoh1zAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMXQ2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwNjI5MDAwMDAwWhcNMjIwNjI4MjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEeMBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgC1s4G\/NmWra3EB1ViB4aiWbMPL7u1IoIlMpgn5kNUKgNwoi39Y6LTb+Bl8CrmpOOliciecDhWGPcHTDWIAx2KOCA3IwggNuMB8GA1UdIwQYMBaAFKXON+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBQZ22ajXmjoPgEhYrj\/45kMwDYdJjA6BgNVHREEMzAxggwqLmJpa3JveS5jb22CFXNuaS5jbG91ZGZsYXJlc3NsLmNvbYIKYmlrcm95LmNvbTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NBLTMuY3J0MAwGA1UdEwEB\/wQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw\/m1HAAABelhQNzEAAAQDAEYwRAIgYeZpP+\/pPAjfswX1ISGsnmjFB4TkAWSbMt3y7HyRMywCIBC7D68n+qN3I9heI3yRIJz4gDyP6KV6L+SpG416yJboAHYAIkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt\/XcaDXG7iDwIAAAF6WFA3EAAABAMARzBFAiBp6pKbAs2el1rhPRfScrzqYQmiOgnwezpUPc0Pt5jtXgIhAPhl0sVfcRlm\/W6Vcy5oIjTXFIQwT\/VRTjwXP2LNU411AHUAUaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN\/tSLBeUAAAF6WFA3JwAABAMARjBEAiBlw+pxlBqLJzpdOZ7QjnSDhXse\/VYyQs1QYcV8iP2Y6wIgOH2yamb7OYhqD3TT8HEY+GUOcPF4S5oYacz\/IatUT+4wCgYIKoZIzj0EAwID"}
+01125{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974704392,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052974704392,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2"}}}
+02355{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1639052974704415,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":3285032704,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052974704415,"pkt":"AAAAAAAAAAgAKih5ht1gBA3VBWQGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusoI2aMKcLBRtIUBAAQgdNAABIADBFAiEA7RxPNj701c+7QX2jNqNJVJvfkrXXaQDkvfvj7eI9lQ0CIDfTeyI6EWEnoww8vKA3dIR\/D36WveN3dOnMT0w6Q1zHAAPRMIIDzTCCArWgAwIBAgIQCjeHZF5ftIwiTv0b7RQMPDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIwMDEyNzEyNDgwOFoXDTI0MTIzMTIzNTk1OVowSjELMAkGA1UEBhMCVVMxGTAXBgNVBAoTEENsb3VkZmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkZmxhcmUgSW5jIEVDQyBDQS0zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEua1NZpkUC0bsH4HRKlAenQMVLzQSfS2WuIg4m4Vfj7+7Te9hRsTJc9QkT+DuHM5ss1FxL2ruTAUJd9NyYqSb16OCAWgwggFkMB0GA1UdDgQWBBSlzjfq67B1DpRniLRF+tkkEIeWHzAfBgNVHSMEGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwbQYDVR0gBGYwZDA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIwCAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEBAAUkHd0bsCrrmNaF4zlNXmtXnYJX\/OvoMaJXkGUFvhZEOFp3ArnPEELG4ZKk40Un+ABHLGioVplTVI+tnkDB0A+21w0LOEhsUCxJkAZbZB2LzEgwLt4I4ptJIsCSDBFelpKU1fwg3FZs5ZKTv3ocwDfjhUkV+ivhdDkYD7fa86JXWGBPzI6UAPxGezQxPk1HgoE6y\/SJXQ7vTQ1unBuCJN0yJV0ReFEQPaA1IwQvZW+cwdFD19Ae8zFnWSfda9J1CZMRJCQUzym+5iPDuI9yP+kHyCREU3qzuWFloUwOxkgAyXVjBYdwRVKD05WdRerw6DEdfgkfCv4+3ao8XnTSrLEWAwMBHxYAARsBAAEXMIIBEwoBAKCCAQwwggEIBgkrBgEFBQcwAQEEgfowgfcwgZ6iFgQUpc436uuwdQ6UZ4i0RfrZJBCHlh8YDzIwMjExMjA4MDcwNjQzWjBzMHEwSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEAEZH41dy\/a\/RyMowkGaIdeAABgPMjAyMTEyMDgwNjUxMDJaoBEYDzIwMjExMjE1MDYwNjAyWjAKBggqhkjOPQQDAgNIADBFAiA\/Ba4a+oKzM0DIq\/Ym9c2jm9PFFlvn1dBsVLW+3hQ6dgIhAM3JC7lV\/o\/6R7VZrtvaUv0LauAeiJjucdYshTXHExh8FgMDAHMMAABvAwAdIEe5"}
+01468{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":75,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974704415,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052974704415,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","notafter":"2022-06-28 23:59:59","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0"}}}
+00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978452441,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052978452441,"pkt":"AAAAAAAAAAcAaiX8ht1gC8SvABwRPzKXoa9RIQz8NgsuB4cvHqAy+\/lnaB7pa\/rOsAwAAHT9q1kNlgAcl50IAQAAIRKkQlo5L3NwNkJKYzZoYw=="}
+00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052978709090,"pkt":"AAAAAAAAAAcAaiX8ht1gC8SvAKARPzKXoa9RIQz8NgsuB4cvHqAy+\/lnaB7pa\/rOsAwAAHT9q1kNlgCgYyEAAwCEIRKkQk1ENkhOcE43bVdyN0AAAGYJEB5qy\/i6apiRZvn3XMXkctbCLKVSgdE+etIaSO7JbOt8VgBwQ6PpOhc8GnE1mfqvDmlkq2e8sWOF\/9QSZ9+\/3ZsaHutXU4\/yA\/LvUyR73PqXq7vvVwk5ZocXkuyrjHvs93CEXbgAAAAIABTHiAxW9AnRlqecEToF0hfWjRUykA=="}
+01064{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978709090,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
+00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210381,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052979210381,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yABwRPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgAc0j0IAQAAIRKkQk5zWlZOMGtRWWlzeg=="}
+00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1639052979210765,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052979210765,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAKARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCgt74AAwCEIRKkQkhCZVJqYUhKN2FOWUAAAGYJEMzluAd5ZUXHIG6GisEWroK42o70dYdL4WqSdPq9VYO3OjGxFI7w7pBgN3c6YR8KjSMY+2Ef8toiPPzGNZ6A1i89fknsYqJ9SYub5TFTaEnS4NE02DKCNshJ0L2AWj8kO7uEBsUAAAAIABTng0rXsLYilkJ4duCqCg2pGBOUjQ=="}
+01064{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210765,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210765,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
+00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1639052979218699,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979218699,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQ\/5MAAQB0IRKkQkJ5RTBTMEFLcS8yZQAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABTKxPaKL217enpIf2AGYjmMTGV454AoAATAmK\/f"}
+00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1639052979381748,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979381748,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQrREAAQB0IRKkQjY4V3ltQWRhSzZoTAAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABQoQCd0hET\/ud5uUOzbGiF4yVYzZoAoAASXw0bX"}
+00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1639052979556213,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979556213,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQ97wAAQB0IRKkQldMcmpoVTNGUFVyagAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABS74KJfCrW2wh1E6b3fJs\/qV0yS0oAoAASJhjGh"}
+00773{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052969360318,"flow_src_last_pkt_time":1639052969517992,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00773{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052969585053,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44150,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00774{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974704415,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00905{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":88,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052950583119,"flow_src_last_pkt_time":1639052950583119,"flow_dst_last_pkt_time":1639052950583119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83","src_port":6881,"dst_port":1,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
+00818{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052950583119,"flow_src_last_pkt_time":1639052950583119,"flow_dst_last_pkt_time":1639052950583119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83","src_port":6881,"dst_port":1,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00909{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":88,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1639052948897167,"flow_src_last_pkt_time":1639052954929738,"flow_dst_last_pkt_time":1639052948897167,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":369,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":637,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27","src_port":6881,"dst_port":60506,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
+00822{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1639052948897167,"flow_src_last_pkt_time":1639052954929738,"flow_dst_last_pkt_time":1639052948897167,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":369,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":637,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27","src_port":6881,"dst_port":60506,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052950545675,"flow_src_last_pkt_time":1639052959035612,"flow_dst_last_pkt_time":1639052950545675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c","src_port":6881,"dst_port":6881,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00904{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":88,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052951219984,"flow_src_last_pkt_time":1639052971296401,"flow_dst_last_pkt_time":1639052951219984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"38b2:46b7:27a4:94c3:c134:948:e069:d71f","src_port":6881,"dst_port":1,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
+00817{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052951219984,"flow_src_last_pkt_time":1639052971296401,"flow_dst_last_pkt_time":1639052951219984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"38b2:46b7:27a4:94c3:c134:948:e069:d71f","src_port":6881,"dst_port":1,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052964857829,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1060,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":16,"flow_first_seen":1639052947835473,"flow_src_last_pkt_time":1639052950067975,"flow_dst_last_pkt_time":1639052950546662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":144,"flow_src_tot_l4_payload_len":744,"flow_dst_tot_l4_payload_len":846,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"32fb:f967:681e:e96b:face:b00c::74fd","dst_ip":"20ed:470f:6f73:ce60:60be:8b4f:df37:b080","src_port":3478,"dst_port":45658,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052981556623,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1276,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00908{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":88,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1639052950309556,"flow_src_last_pkt_time":1639052960302401,"flow_dst_last_pkt_time":1639052950309556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1839,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"2a2f:8509:1cb2:466d:ecbf:69d6:109c:608","dst_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","src_port":62229,"dst_port":6881,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
+00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1639052950309556,"flow_src_last_pkt_time":1639052960302401,"flow_dst_last_pkt_time":1639052950309556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1839,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"2a2f:8509:1cb2:466d:ecbf:69d6:109c:608","dst_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","src_port":62229,"dst_port":6881,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"lru_ipv6_caches.pcapng","alias":"nDPId-test","packets-captured":88,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":15254,"total-not-detected-flows":4,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":83,"global_ts_usec":1639052981556623}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 88/88
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 15254 bytes
+~~ total detected protocols..: 8
+~~ total active/idle flows...: 12/12
+~~ total timeout flows.......: 0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 6453842 bytes
+~~ total memory freed........: 6453842 bytes
+~~ total allocations/frees...: 122679/122679
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ json string min len.......: 502 chars
+~~ json string max len.......: 2363 chars
+~~ json string avg len.......: 1431 chars
diff --git a/test/results/malformed_dns.pcap.out b/test/results/malformed_dns.pcap.out
index 4c4e7e646..9971b797a 100644
--- a/test/results/malformed_dns.pcap.out
+++ b/test/results/malformed_dns.pcap.out
@@ -4,7 +4,7 @@
 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1591551760342902,"flow_dst_last_pkt_time":1591551760342902,"flow_idle_time":200000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1591551760342902,"pkt":"AAAAAAAAAAAAAAAACABFAAA4nToAAEAR33h\/AAABfwAAAcUDADUAJP43hLQBAAABAAAAAAAAA3d3dwJ4dANjb20AAAEAAQ=="}
 01028{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591551760342902,"flow_src_last_pkt_time":1591551760342902,"flow_dst_last_pkt_time":1591551760342902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591551760342902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.xt.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 02688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1591551760342902,"flow_dst_last_pkt_time":1591551760357435,"flow_idle_time":200000000,"pkt_caplen":1430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1430,"pkt_l4_len":1396,"thread_ts_usec":1591551760357435,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAACABFAAWIAAEAAEARd2J\/AAABfwAAAQA1xQMFdLSchLSBAAACAAIAAAAAA3d3dwJ4dANjb20AAAEAASJBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBPwAAAAA\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AQD0+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wEHAQjs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/P8BDwETARcBGNzg5Ojs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AR8BIwEnASsBLwEzATcBOLzAxMjM0NTY3ODk6Ozw9Pj8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wE\/AUMBRwFLAU8BUwFXAVsBXwFjAWcBawFvAXMBdwF4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9PsBfwGDAYcBiwGPAZMBlwGbAZ8BowGnAasBrwGzAbcBuwG\/AcMBxwHLAc8B0wHXAdsB3wHjAecB6wHvAfMB9wH4AAQABwAwAAQABAAAAAAAEQkJCQsAMAAUAAQAAAAAATANBQUE\/MDAwMDEwMDAyMDAxMTAwMTIwMDIxMDAyMjAxMDEwMjAxMTEwMTEyMDEyMTAxMjIwMjAyMTEwMjEyMDIyMTAyBQAAAAAAwP8="}
-01160{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1591551760342902,"flow_src_last_pkt_time":1591551760342902,"flow_dst_last_pkt_time":1591551760357435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1591551760357435,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.xt.com","dns": {"num_queries":2,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"0.0.0.0"}}}
+01164{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1591551760342902,"flow_src_last_pkt_time":1591551760342902,"flow_dst_last_pkt_time":1591551760357435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1591551760357435,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.xt.com","dns": {"num_queries":2,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"66.66.66.66"}}}
 02688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1591551760342902,"flow_dst_last_pkt_time":1591551760372114,"flow_idle_time":200000000,"pkt_caplen":1430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1430,"pkt_l4_len":1396,"thread_ts_usec":1591551760372114,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAACABFAAWIAAEAAEARd2J\/AAABfwAAAQA1xQMFdLSchLSBAAACAAIAAAAAA3d3dwJ4dANjb20AAAEAASJBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBPwAAAAA\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AQD0+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wEHAQjs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/P8BDwETARcBGNzg5Ojs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AR8BIwEnASsBLwEzATcBOLzAxMjM0NTY3ODk6Ozw9Pj8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wE\/AUMBRwFLAU8BUwFXAVsBXwFjAWcBawFvAXMBdwF4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9PsBfwGDAYcBiwGPAZMBlwGbAZ8BowGnAasBrwGzAbcBuwG\/AcMBxwHLAc8B0wHXAdsB3wHjAecB6wHvAfMB9wH4AAQABwAwAAQABAAAAAAAEQkJCQsAMAAUAAQAAAAAATANBQUE\/MDAwMDEwMDAyMDAxMTAwMTIwMDIxMDAyMjAxMDEwMjAxMTEwMTEyMDEyMTAxMjIwMjAyMTEwMjEyMDIyMTAyBQAAAAAAwP8="}
 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1591551765342879,"flow_dst_last_pkt_time":1591551760372114,"flow_idle_time":200000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1591551765342879,"pkt":"AAAAAAAAAAAAAAAACABFAAA4ny8AAEAR3YN\/AAABfwAAAcUDADUAJP43hLQBAAABAAAAAAAAA3d3dwJ4dANjb20AAAEAAQ=="}
 02688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1591551765342879,"flow_dst_last_pkt_time":1591551765355529,"flow_idle_time":200000000,"pkt_caplen":1430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1430,"pkt_l4_len":1396,"thread_ts_usec":1591551765355529,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAACABFAAWIAAEAAEARd2J\/AAABfwAAAQA1xQMFdLSchLSBAAACAAIAAAAAA3d3dwJ4dANjb20AAAEAASJBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBPwAAAAA\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AQD0+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wEHAQjs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/P8BDwETARcBGNzg5Ojs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AR8BIwEnASsBLwEzATcBOLzAxMjM0NTY3ODk6Ozw9Pj8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wE\/AUMBRwFLAU8BUwFXAVsBXwFjAWcBawFvAXMBdwF4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9PsBfwGDAYcBiwGPAZMBlwGbAZ8BowGnAasBrwGzAbcBuwG\/AcMBxwHLAc8B0wHXAdsB3wHjAecB6wHvAfMB9wH4AAQABwAwAAQABAAAAAAAEQkJCQsAMAAUAAQAAAAAATANBQUE\/MDAwMDEwMDAyMDAxMTAwMTIwMDIxMDAyMjAxMDEwMjAxMTEwMTEyMDEyMTAxMjIwMjAyMTEwMjEyMDIyMTAyBQAAAAAAwP8="}
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411967 bytes
-~~ total memory freed........: 6411967 bytes
-~~ total allocations/frees...: 122444/122444
+~~ total memory allocated....: 6416897 bytes
+~~ total memory freed........: 6416897 bytes
+~~ total allocations/frees...: 122455/122455
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 498 chars
 ~~ json string max len.......: 2693 chars
diff --git a/test/results/malformed_icmp.pcap.out b/test/results/malformed_icmp.pcap.out
index 38f14f193..8b2936ace 100644
--- a/test/results/malformed_icmp.pcap.out
+++ b/test/results/malformed_icmp.pcap.out
@@ -13,9 +13,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411775 bytes
-~~ total memory freed........: 6411775 bytes
-~~ total allocations/frees...: 122437/122437
+~~ total memory allocated....: 6416680 bytes
+~~ total memory freed........: 6416680 bytes
+~~ total allocations/frees...: 122447/122447
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 481 chars
 ~~ json string max len.......: 1042 chars
diff --git a/test/results/malware.pcap.out b/test/results/malware.pcap.out
index 885d7a7f9..ba0af7f56 100644
--- a/test/results/malware.pcap.out
+++ b/test/results/malware.pcap.out
@@ -39,9 +39,9 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6461092 bytes
-~~ total memory freed........: 6461092 bytes
-~~ total allocations/frees...: 122570/122570
+~~ total memory allocated....: 6466029 bytes
+~~ total memory freed........: 6466029 bytes
+~~ total allocations/frees...: 122580/122580
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 2733 chars
diff --git a/test/results/memcached.cap.out b/test/results/memcached.cap.out
index cd166a002..0037571e6 100644
--- a/test/results/memcached.cap.out
+++ b/test/results/memcached.cap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414084 bytes
-~~ total memory freed........: 6414084 bytes
-~~ total allocations/frees...: 122447/122447
+~~ total memory allocated....: 6418989 bytes
+~~ total memory freed........: 6418989 bytes
+~~ total allocations/frees...: 122457/122457
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 493 chars
 ~~ json string max len.......: 952 chars
diff --git a/test/results/mgcp.pcapng.out b/test/results/mgcp.pcapng.out
index 2d9094617..e86372ddf 100644
--- a/test/results/mgcp.pcapng.out
+++ b/test/results/mgcp.pcapng.out
@@ -27,9 +27,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414126 bytes
-~~ total memory freed........: 6414126 bytes
-~~ total allocations/frees...: 122467/122467
+~~ total memory allocated....: 6419039 bytes
+~~ total memory freed........: 6419039 bytes
+~~ total allocations/frees...: 122477/122477
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 949 chars
diff --git a/test/results/modbus.pcap.out b/test/results/modbus.pcap.out
index d7028889d..868e675d9 100644
--- a/test/results/modbus.pcap.out
+++ b/test/results/modbus.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414704 bytes
-~~ total memory freed........: 6414704 bytes
-~~ total allocations/frees...: 122538/122538
+~~ total memory allocated....: 6419609 bytes
+~~ total memory freed........: 6419609 bytes
+~~ total allocations/frees...: 122548/122548
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 2164 chars
diff --git a/test/results/monero.pcap.out b/test/results/monero.pcap.out
index 36ca05bc8..f22dc112b 100644
--- a/test/results/monero.pcap.out
+++ b/test/results/monero.pcap.out
@@ -28,9 +28,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6426893 bytes
-~~ total memory freed........: 6426893 bytes
-~~ total allocations/frees...: 122768/122768
+~~ total memory allocated....: 6431806 bytes
+~~ total memory freed........: 6431806 bytes
+~~ total allocations/frees...: 122778/122778
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 2478 chars
diff --git a/test/results/mongo_false_positive.pcapng.out b/test/results/mongo_false_positive.pcapng.out
index 89a71cfdb..62e1fe211 100644
--- a/test/results/mongo_false_positive.pcapng.out
+++ b/test/results/mongo_false_positive.pcapng.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414520 bytes
-~~ total memory freed........: 6414520 bytes
-~~ total allocations/frees...: 122462/122462
+~~ total memory allocated....: 6419425 bytes
+~~ total memory freed........: 6419425 bytes
+~~ total allocations/frees...: 122472/122472
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 507 chars
 ~~ json string max len.......: 2123 chars
diff --git a/test/results/mongodb.pcap.out b/test/results/mongodb.pcap.out
index 3c927dcdd..200f44a21 100644
--- a/test/results/mongodb.pcap.out
+++ b/test/results/mongodb.pcap.out
@@ -51,9 +51,9 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6421861 bytes
-~~ total memory freed........: 6421861 bytes
-~~ total allocations/frees...: 122511/122511
+~~ total memory allocated....: 6426798 bytes
+~~ total memory freed........: 6426798 bytes
+~~ total allocations/frees...: 122521/122521
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 1083 chars
diff --git a/test/results/mpeg-dash.pcap.out b/test/results/mpeg-dash.pcap.out
index 0cc331494..765812d54 100644
--- a/test/results/mpeg-dash.pcap.out
+++ b/test/results/mpeg-dash.pcap.out
@@ -15,10 +15,10 @@
 01137{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1652784807797513,"flow_src_last_pkt_time":1652784807901836,"flow_dst_last_pkt_time":1652784807901734,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1652784807901836,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59142,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"livesim.dashif.org","http": {"url":"livesim.dashif.org\/livesim\/sts_1652783809\/sid_40c11e12\/chunkdur_1\/ato_7\/testpic4_8s\/A48\/init.mp4","code":0,"content_type":"","user_agent":"VLC\/3.0.16 LibVLC\/3.0.16"}}}
 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1652784808500848,"flow_src_last_pkt_time":1652784808500848,"flow_dst_last_pkt_time":1652784808500848,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1652784808500848,"l3_proto":"ip4","src_ip":"54.161.101.85","dst_ip":"192.168.2.105","src_port":80,"dst_port":59144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 02438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1652784808500848,"flow_dst_last_pkt_time":1652784808500848,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1652784808500848,"pkt":"wDiWIaSptKXvZygQCABFAAXUcu5AAOwGty02oWVVwKgCaQBQ5wi4j+HSMIk\/coAQANuo3AAAAQEICq8dXZ\/GziZPSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUdWUsIDE3IE1heSAyMDIyIDEwOjUzOjI4IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjUzICgpIE9wZW5TU0wvMS4wLjJrLWZpcHMgbW9kX3dzZ2kvNC43LjEgUHl0aG9uLzMuNw0KVXBncmFkZTogaDIsaDJjDQpDb25uZWN0aW9uOiBVcGdyYWRlDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkV4cGlyZXM6IC0xDQpEQVNILUxpdmUtU2ltdWxhdG9yOiBEQVNILUlGIGxpdmUgREFTSCBzaW11bGF0b3IgMi4wLjENCkFjY2Vzcy1Db250cm9sLUFsbG93LUhlYWRlcnM6IG9yaWdpbixyYW5nZSxhY2NlcHQtZW5jb2RpbmcscmVmZXJlcg0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctTWV0aG9kczogR0VULEhFQUQsT1BUSU9OUw0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpBY2Nlc3MtQ29udHJvbC1FeHBvc2UtSGVhZGVyczogU2VydmVyLHJhbmdlLENvbnRlbnQtTGVuZ3RoLENvbnRlbnQtUmFuZ2UsRGF0ZQ0KQ29udGVudC1MZW5ndGg6IDk0NA0KQ29udGVudC1UeXBlOiB2aWRlby9tcDQNCg0KAAAAHGZ0eXBpc281AAAAAWF2YzFpc281ZGFzaAAAAAhmcmVlAAAAYGZyZWVJc29NZWRpYSBGaWxlIFByb2R1Y2VkIHdpdGggR1BBQyAwLjUuMi1ERVYtcmV2VmVyc2lvbjogMC41LjItNDI2LWdjNWFkNGU0K2Rmc2c1LTFidWlsZDEAAAADLG1vb3YAAABsbXZoZAAAAAAAAAAAAAAAAAAAA+gAAAAAAAEAAAEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAABIbXZleAAAABBtZWhkAAAAAAA27oAAAAAgdHJleAAAAAAAAAABAAAAAQAAAgAAAAAAAAEAAAAAABB0cmVwAAAAAAAAAAEAAAIOdHJhawAAAFx0a2hkAAAAAwAAAADVk9GpAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAQAAAAAUAAAAC0AAAAAAAJGVkdHMAAAAcZWxzdAAAAAAAAAABAAAAAAAABAAAAQAAAAABhm1kaWEAAAAgbWRoZAAAAAAAAAAAAAAAAAAAPAAAAAAAFccAAAAAAC1oZGxyAAAAAAAAAAB2aWRlAAAAAAAAAAAAAAAAVmlkZW9IYW5kbGVyAAAAATFtaW5mAAAAFHZtaGQAAAABAAAAAAAAAAAAAAAkZGluZgAAABxkcmVmAAAAAAAAAAEAAAAMdXJsIAAAAAEAAADxc3RibAAAAKVzdHNkAAAAAAAAAAEAAACVYXZjMQAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAUAAtAASAAAAEgAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABj\/\/wAAAD9hdmNDAWQAH\/\/hACNnZAAfrNlAUAW6EAAAAwAQAAADA8ZKAAknwAEk\/mkwB4wYywEABWjr7LIs\/Pj4AAAAABBzdHRzAAAAAAAAAAAAAAAQc3RzYwAAAAAAAAAAAAAAFHN0c3oAAAAAAAAAAAAAAAAAAAAQc3RjbwAAAAAAAAAAAAAAYnVkdGEAAABabWV0YQAAAAAA"}
-00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1652784808500848,"flow_src_last_pkt_time":1652784808500848,"flow_dst_last_pkt_time":1652784808500848,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1652784808500848,"l3_proto":"ip4","src_ip":"54.161.101.85","dst_ip":"192.168.2.105","src_port":80,"dst_port":59144,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"","http": {}}}
+01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1652784808500848,"flow_src_last_pkt_time":1652784808500848,"flow_dst_last_pkt_time":1652784808500848,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1652784808500848,"l3_proto":"ip4","src_ip":"54.161.101.85","dst_ip":"192.168.2.105","src_port":80,"dst_port":59144,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"","http": {}}}
 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1652784808500848,"flow_dst_last_pkt_time":1652784808500868,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1652784808500868,"pkt":"tKXvZygQwDiWIaSpCABFAAA0NqpAAEAGpRLAqAJpNqFlVecIAFAwiT9yuI\/ncoAQAfUkJQAAAQEICsbOJrmvHV2f"}
 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1652784808501352,"flow_dst_last_pkt_time":1652784808500868,"flow_idle_time":3285032704,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":1652784808501352,"pkt":"wDiWIaSptKXvZygQCABFAACBcu9AAOwGvH82oWVVwKgCaQBQ5wi4j+dyMIk\/coAYANvyTQAAAQEICq8dXZ\/GziZPAAAhaGRscgAAAAAAAAAAbWRpcmFwcGwAAAAAAAAAAAAAAAAtaWxzdAAAACWpdG9vAAAAHWRhdGEAAAABAAAAAExhdmY1Ni40MC4xMDE="}
-00950{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1652784808500848,"flow_src_last_pkt_time":1652784808501352,"flow_dst_last_pkt_time":1652784808500868,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1652784808501352,"l3_proto":"ip4","src_ip":"54.161.101.85","dst_ip":"192.168.2.105","src_port":80,"dst_port":59144,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"","http": {}}}
+01080{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1652784808500848,"flow_src_last_pkt_time":1652784808501352,"flow_dst_last_pkt_time":1652784808500868,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1652784808501352,"l3_proto":"ip4","src_ip":"54.161.101.85","dst_ip":"192.168.2.105","src_port":80,"dst_port":59144,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"","http": {}}}
 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1652784808501352,"flow_dst_last_pkt_time":1652784808514677,"flow_idle_time":3285032704,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"thread_ts_usec":1652784808514677,"pkt":"tKXvZygQwDiWIaSpCABFAADzNqxAAEAGpFHAqAJpNqFlVecIAFAwiT9yuI\/nv4AYAfXebgAAAQEICsbOJsevHV2fR0VUIC9saXZlc2ltL3N0c18xNjUyNzgzODA5L3NpZF80MGMxMWUxMi9jaHVua2R1cl8xL2F0b183L3Rlc3RwaWM0XzhzL1YyNDAwLzIwNjU5ODA5OC5tNHMgSFRUUC8xLjENCkhvc3Q6IGxpdmVzaW0uZGFzaGlmLm9yZw0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNClVzZXItQWdlbnQ6IFZMQy8zLjAuMTYgTGliVkxDLzMuMC4xNg0KDQo="}
 00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1652784814543352,"flow_src_last_pkt_time":1652784814543352,"flow_dst_last_pkt_time":1652784814543352,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":191,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":191,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1652784814543352,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59146,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1652784814543352,"flow_dst_last_pkt_time":1652784814543352,"flow_idle_time":3285032704,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"thread_ts_usec":1652784814543352,"pkt":"tKXvZygQwDiWIaSpCABFAADzRtZAAEAGlCfAqAJpNqFlVecKAFBASLN\/hVfSJoAYAfZzRwAAAQEICsbOPlSvHXU7R0VUIC9saXZlc2ltL3N0c18xNjUyNzgzODA5L3NpZF80MGMxMWUxMi9jaHVua2R1cl8xL2F0b183L3Rlc3RwaWM0XzhzL1YyNDAwLzIwNjU5ODA5OS5tNHMgSFRUUC8xLjENCkhvc3Q6IGxpdmVzaW0uZGFzaGlmLm9yZw0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNClVzZXItQWdlbnQ6IFZMQy8zLjAuMTYgTGliVkxDLzMuMC4xNg0KDQo="}
@@ -36,9 +36,9 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6418028 bytes
-~~ total memory freed........: 6418028 bytes
-~~ total allocations/frees...: 122491/122491
+~~ total memory allocated....: 6423048 bytes
+~~ total memory freed........: 6423048 bytes
+~~ total allocations/frees...: 122503/122503
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 494 chars
 ~~ json string max len.......: 2443 chars
diff --git a/test/results/mpeg.pcap.out b/test/results/mpeg.pcap.out
index 17dcef49b..f2fcc3f5c 100644
--- a/test/results/mpeg.pcap.out
+++ b/test/results/mpeg.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412355 bytes
-~~ total memory freed........: 6412355 bytes
-~~ total allocations/frees...: 122458/122458
+~~ total memory allocated....: 6417282 bytes
+~~ total memory freed........: 6417282 bytes
+~~ total allocations/frees...: 122469/122469
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 1070 chars
diff --git a/test/results/mpegts.pcap.out b/test/results/mpegts.pcap.out
index 17f9305ae..273fad7e6 100644
--- a/test/results/mpegts.pcap.out
+++ b/test/results/mpegts.pcap.out
@@ -13,9 +13,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411747 bytes
-~~ total memory freed........: 6411747 bytes
-~~ total allocations/frees...: 122436/122436
+~~ total memory allocated....: 6416652 bytes
+~~ total memory freed........: 6416652 bytes
+~~ total allocations/frees...: 122446/122446
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 2760 chars
diff --git a/test/results/mqtt.pcap.out b/test/results/mqtt.pcap.out
index f1c272883..ce4abb766 100644
--- a/test/results/mqtt.pcap.out
+++ b/test/results/mqtt.pcap.out
@@ -21,9 +21,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6413807 bytes
-~~ total memory freed........: 6413807 bytes
-~~ total allocations/frees...: 122456/122456
+~~ total memory allocated....: 6418720 bytes
+~~ total memory freed........: 6418720 bytes
+~~ total allocations/frees...: 122466/122466
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 947 chars
diff --git a/test/results/mssql_tds.pcap.out b/test/results/mssql_tds.pcap.out
index f3c292138..007b7cf3c 100644
--- a/test/results/mssql_tds.pcap.out
+++ b/test/results/mssql_tds.pcap.out
@@ -71,9 +71,9 @@
 ~~ total active/idle flows...: 12/12
 ~~ total timeout flows.......: 1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6434696 bytes
-~~ total memory freed........: 6434696 bytes
-~~ total allocations/frees...: 122596/122596
+~~ total memory allocated....: 6439689 bytes
+~~ total memory freed........: 6439689 bytes
+~~ total allocations/frees...: 122606/122606
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 494 chars
 ~~ json string max len.......: 2455 chars
diff --git a/test/results/munin.pcap.out b/test/results/munin.pcap.out
index 800f8ba89..ceeb73250 100644
--- a/test/results/munin.pcap.out
+++ b/test/results/munin.pcap.out
@@ -44,9 +44,9 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6418886 bytes
-~~ total memory freed........: 6418886 bytes
-~~ total allocations/frees...: 122529/122529
+~~ total memory allocated....: 6423815 bytes
+~~ total memory freed........: 6423815 bytes
+~~ total allocations/frees...: 122539/122539
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 953 chars
diff --git a/test/results/mysql-8.pcap.out b/test/results/mysql-8.pcap.out
index b3ae76679..f996b6556 100644
--- a/test/results/mysql-8.pcap.out
+++ b/test/results/mysql-8.pcap.out
@@ -16,9 +16,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411862 bytes
-~~ total memory freed........: 6411862 bytes
-~~ total allocations/frees...: 122440/122440
+~~ total memory allocated....: 6416767 bytes
+~~ total memory freed........: 6416767 bytes
+~~ total allocations/frees...: 122450/122450
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 945 chars
diff --git a/test/results/natpmp.pcap.out b/test/results/natpmp.pcap.out
index e01ee3621..b81e133e0 100644
--- a/test/results/natpmp.pcap.out
+++ b/test/results/natpmp.pcap.out
@@ -35,9 +35,9 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6417465 bytes
-~~ total memory freed........: 6417465 bytes
-~~ total allocations/frees...: 122480/122480
+~~ total memory allocated....: 6422394 bytes
+~~ total memory freed........: 6422394 bytes
+~~ total allocations/frees...: 122490/122490
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 478 chars
 ~~ json string max len.......: 1025 chars
diff --git a/test/results/nats.pcap.out b/test/results/nats.pcap.out
index c344d0bc5..afeb4f1f3 100644
--- a/test/results/nats.pcap.out
+++ b/test/results/nats.pcap.out
@@ -25,9 +25,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6418425 bytes
-~~ total memory freed........: 6418425 bytes
-~~ total allocations/frees...: 122476/122476
+~~ total memory allocated....: 6423338 bytes
+~~ total memory freed........: 6423338 bytes
+~~ total allocations/frees...: 122486/122486
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 941 chars
diff --git a/test/results/ndpi_match_string_subprotocol__error.pcapng.out b/test/results/ndpi_match_string_subprotocol__error.pcapng.out
index 65440190d..07df2416e 100644
--- a/test/results/ndpi_match_string_subprotocol__error.pcapng.out
+++ b/test/results/ndpi_match_string_subprotocol__error.pcapng.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412268 bytes
-~~ total memory freed........: 6412268 bytes
-~~ total allocations/frees...: 122454/122454
+~~ total memory allocated....: 6417173 bytes
+~~ total memory freed........: 6417173 bytes
+~~ total allocations/frees...: 122464/122464
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 522 chars
 ~~ json string max len.......: 2032 chars
diff --git a/test/results/nest_log_sink.pcap.out b/test/results/nest_log_sink.pcap.out
index e1144ffcb..70895b6af 100644
--- a/test/results/nest_log_sink.pcap.out
+++ b/test/results/nest_log_sink.pcap.out
@@ -174,9 +174,9 @@
 ~~ total active/idle flows...: 17/17
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6487568 bytes
-~~ total memory freed........: 6487568 bytes
-~~ total allocations/frees...: 123398/123398
+~~ total memory allocated....: 6492601 bytes
+~~ total memory freed........: 6492601 bytes
+~~ total allocations/frees...: 123408/123408
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 498 chars
 ~~ json string max len.......: 2242 chars
diff --git a/test/results/netbios.pcap.out b/test/results/netbios.pcap.out
index bb6b8ee7c..7f9d05b05 100644
--- a/test/results/netbios.pcap.out
+++ b/test/results/netbios.pcap.out
@@ -89,9 +89,9 @@
 ~~ total active/idle flows...: 15/15
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6446282 bytes
-~~ total memory freed........: 6446282 bytes
-~~ total allocations/frees...: 122842/122842
+~~ total memory allocated....: 6451299 bytes
+~~ total memory freed........: 6451299 bytes
+~~ total allocations/frees...: 122852/122852
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 2192 chars
diff --git a/test/results/netbios_wildcard_dns_query.pcap.out b/test/results/netbios_wildcard_dns_query.pcap.out
index d427652ef..d30cf4795 100644
--- a/test/results/netbios_wildcard_dns_query.pcap.out
+++ b/test/results/netbios_wildcard_dns_query.pcap.out
@@ -13,9 +13,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411775 bytes
-~~ total memory freed........: 6411775 bytes
-~~ total allocations/frees...: 122437/122437
+~~ total memory allocated....: 6416680 bytes
+~~ total memory freed........: 6416680 bytes
+~~ total allocations/frees...: 122447/122447
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 511 chars
 ~~ json string max len.......: 1072 chars
diff --git a/test/results/netflix.pcap.out b/test/results/netflix.pcap.out
index 59495d46f..2a8be81ac 100644
--- a/test/results/netflix.pcap.out
+++ b/test/results/netflix.pcap.out
@@ -136,438 +136,433 @@
 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1484319036870445,"flow_dst_last_pkt_time":1484319036886851,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319036886851,"pkt":"5JjWH70UgCqoTGHMCABFIAA0fX9AADwGNWxoVmGzwKgBBwG7z5WR\/xaYFztWZ4AQA6urGQAAAQEICgIza+cfZMc2"}
 01226{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036870445,"flow_dst_last_pkt_time":1484319036889708,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319036889708,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-s.nflximg.net","tls": {"version":"TLSv1.2","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2"}}}
 01656{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":333,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036894463,"flow_dst_last_pkt_time":1484319036900382,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":3414,"midstream":0,"thread_ts_usec":1484319036900382,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-s.nflximg.net","tls": {"version":"TLSv1.2","server_names":"secure.cdn.nflximg.net,*.nflxext.com,*.nflxvideo.net,*.nflxsearch.net,*.nrd.nflximg.net,*.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=Los Gatos, O=Netflix, Inc., OU=Content Delivery Operations, CN=secure.cdn.nflximg.net","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","fingerprint":"0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26"}}}
-02146{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":356,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036983563,"flow_dst_last_pkt_time":1484319036982334,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1128,"flow_dst_tot_l4_payload_len":5359,"midstream":0,"thread_ts_usec":1484319036983563,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":142,"avg":8297.1,"max":40245,"stddev":10476.7,"var":109761248.0,"ent":3.9,"data": [11378,14427,1674,21129,2857,316,24018,10358,7406,16914,385,833,30795,4734,18083,26013,249,318,147,231,142,435,4518,193,40245,7107,5353,4161,461,364,1965]},"pktlen": {"min":52,"avg":255.3,"max":1500,"stddev":414.2,"var":171525.6,"ent":3.9,"data": [64,60,52,279,52,1500,1500,52,570,52,127,58,97,52,103,52,105,102,94,200,141,141,141,141,140,120,52,90,90,392,1500,52]},"bins": {"c_to_s": [8,5,6,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,2,1,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0],"entropies": [4.555036545,5.323234081,5.207947731,5.708015442,5.315825462,7.096366405,7.275357246,5.207947731,7.575589180,5.169486046,6.308334827,5.148305416,5.977168083,5.315825462,5.945915222,5.169486046,6.131762028,6.032381535,6.018351078,6.868569851,6.437176704,6.436284542,6.462777138,6.552643299,6.572731972,6.440443993,5.193430901,5.968302250,5.976224422,7.489761353,7.869163990,5.284871101]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
-00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1484319037897807,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_usec":1484319037897807,"pkt":"AQBef\/\/65JjWH70UCABFAACWcF0AAAERl1DAqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="}
-01978{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":596,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319042786338,"flow_dst_last_pkt_time":1484319042922798,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4576,"flow_dst_tot_l4_payload_len":5220,"midstream":0,"thread_ts_usec":1484319042922798,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":147,"avg":501615.3,"max":7507819,"stddev":1826252.6,"var":3335198867456.0,"ent":1.4,"data": [49499,50871,4368,54319,2439,996,53513,42973,42827,12725,273,205,57417,5098,49336,4198,388,49955,75766,32147,2030,911,5107,4712,147,7402221,150,7507819,929,35745,990]},"pktlen": {"min":52,"avg":358.8,"max":1500,"stddev":520.7,"var":271128.8,"ent":3.8,"data": [64,60,52,260,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,661,52,52,184,96,86,52,52,52,1500,789,52,52,1500,474]},"bins": {"c_to_s": [10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [6,3,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,0,1,1,1,0,0,0,0,0,1,1,1,1],"entropies": [4.566831589,5.335815907,5.094483852,6.025682926,5.169486523,7.256491661,7.325493813,5.092563152,7.129077435,5.092563152,6.393805504,5.100806713,6.014647961,5.169486523,5.965332508,5.169486523,7.872792244,7.651345730,5.207947731,5.207948208,6.796521664,6.094137192,5.926040173,5.169486523,5.207948208,5.169486046,7.868273258,7.747731686,5.169486046,5.169486523,7.861037254,7.536938190]}}
-01738{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":596,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319042786338,"flow_dst_last_pkt_time":1484319042922798,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4576,"flow_dst_tot_l4_payload_len":5220,"midstream":0,"thread_ts_usec":1484319042922798,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}}
-00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":604,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319042988806,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319042988806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319042988806,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319042988806,"flow_idle_time":200000000,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1484319042988806,"pkt":"gCqoTGHM5JjWH70UCABFAABGkh4AAP8Rpi\/AqAEHwKgBAecsADUAMtLh8roBAAABAAAAAAAAB2FydHdvcmsEYWthbQduZmx4aW1nA25ldAAAAQAB"}
-01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319042988806,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319042988806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319042988806,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"artwork.akam.nflximg.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319043002781,"flow_idle_time":200000000,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"thread_ts_usec":1484319043002781,"pkt":"5JjWH70UgCqoTGHMCABFAACG4UVAAEAR1cjAqAEBwKgBBwA15ywAct6B8rqBgAABAAMAAAAAB2FydHdvcmsEYWthbQduZmx4aW1nA25ldAAAAQABwAwABQABAAAAUwAUBWExOTA3BGRzY2cGYWthbWFpwCHANgABAAEAAAAHAAS4GcwZwDYAAQABAAAABwAEuBnMCg=="}
-01066{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":609,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319042988806,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319043002781,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":106,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":106,"midstream":0,"thread_ts_usec":1484319043002781,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"artwork.akam.nflximg.net","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.25"}}}
-00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":610,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319043012652,"flow_src_last_pkt_time":1484319043012652,"flow_dst_last_pkt_time":1484319043012652,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043012652,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":610,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1484319043012652,"flow_dst_last_pkt_time":1484319043012652,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319043012652,"pkt":"gCqoTGHM5JjWH70UCABFAABA10xAAEAGHYnAqAEHuBnMGc+cAFC2IFmCAAAAALAC\/\/8TjwAAAgQFtAEDAwUBAQgKH2TelwAAAAAEAgAA"}
-00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319043013015,"flow_src_last_pkt_time":1484319043013015,"flow_dst_last_pkt_time":1484319043013015,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043013015,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1484319043013015,"flow_dst_last_pkt_time":1484319043013015,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319043013015,"pkt":"gCqoTGHM5JjWH70UCABFAABAkrpAAEAGYhvAqAEHuBnMGc+dAFDU44WRAAAAALAC\/\/\/IugAAAgQFtAEDAwUBAQgKH2TemAAAAAAEAgAA"}
-00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1484319043012652,"flow_dst_last_pkt_time":1484319043035100,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319043035100,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lm4GcwZwKgBBwBQz5xwDCo3tiBZg6AScSDeBAAAAgQFtAQCCAr\/\/DsdH2TelwEDAwU="}
-00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1484319043013015,"flow_dst_last_pkt_time":1484319043035720,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319043035720,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lm4GcwZwKgBBwBQz53Qk2dE1OOFkqAScSD1lgAAAgQFtAQCCAr\/\/DsiH2TemAEDAwU="}
-00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1484319043041595,"flow_dst_last_pkt_time":1484319043035100,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319043041595,"pkt":"gCqoTGHM5JjWH70UCABFAAA0zhNAAEAGJs7AqAEHuBnMGc+cAFC2IFmDcAwqOIAQEBVtuwAAAQEICh9k3rb\/\/Dsd"}
-00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1484319043042140,"flow_dst_last_pkt_time":1484319043035720,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319043042140,"pkt":"gCqoTGHM5JjWH70UCABFAAA0UPZAAEAGo+vAqAEHuBnMGc+dAFDU44WS0JNnRYAQEBWFTgAAAQEICh9k3rb\/\/Dsi"}
-00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1484319043068353,"flow_dst_last_pkt_time":1484319043035100,"flow_idle_time":3285032704,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1484319043068353,"pkt":"gCqoTGHM5JjWH70UCABFAAEq43RAAEAGEHfAqAEHuBnMGc+cAFC2IFmDcAwqOIAYEBUNzAAAAQEICh9k3rv\/\/DsdR0VUIC9hZjdhNS8zNjI2NDM0MjRlNzc1ZDAzOTNkZGI0NmUxNDVjMjM3NTM2N2FmN2E1LndlYnAgSFRUUC8xLjENCkhvc3Q6IGFydC0yLm5mbHhpbWcubmV0DQpBY2NlcHQ6ICovKg0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUztxPTENCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogQXJnby85LjEuMCAoaVBob25lOyBpT1MgMTAuMjsgU2NhbGUvMi4wMCkNCg0K"}
-01115{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319043012652,"flow_src_last_pkt_time":1484319043068353,"flow_dst_last_pkt_time":1484319043035100,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043068353,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net","http": {"url":"art-2.nflximg.net\/af7a5\/362643424e775d0393ddb46e145c2375367af7a5.webp","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}}
-00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1484319043078953,"flow_dst_last_pkt_time":1484319043035720,"flow_idle_time":3285032704,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"thread_ts_usec":1484319043078953,"pkt":"gCqoTGHM5JjWH70UCABFAAEp\/qdAAEAG9UTAqAEHuBnMGc+dAFDU44WS0JNnRYAYEBWe1gAAAQEICh9k3rz\/\/DsiR0VUIC81NzU4Yy9iYjYzNmU0NGI4N2VmODU0YzMzMWVkN2I3YjZlMTU3ZTQ5NDU3NThjLmpwZyBIVFRQLzEuMQ0KSG9zdDogYXJ0LTIubmZseGltZy5uZXQNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTO3E9MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBBcmdvLzkuMS4wIChpUGhvbmU7IGlPUyAxMC4yOyBTY2FsZS8yLjAwKQ0KDQo="}
-01114{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319043013015,"flow_src_last_pkt_time":1484319043078953,"flow_dst_last_pkt_time":1484319043035720,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043078953,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net","http": {"url":"art-2.nflximg.net\/5758c\/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}}
-00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1484319043068353,"flow_dst_last_pkt_time":1484319043092808,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319043092808,"pkt":"5JjWH70UgCqoTGHMCABFIAA0EWZAADwG51u4GcwZwKgBBwBQz5xwDCo4tiBaeYAQA6t46QAAAQEICv\/8O14fZN67"}
-00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1484319043078953,"flow_dst_last_pkt_time":1484319043106058,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319043106058,"pkt":"5JjWH70UgCqoTGHMCABFIAA0XCxAADwGnJW4GcwZwKgBBwBQz53Qk2dF1OOGh4AQA6uQdgAAAQEICv\/8O2kfZN68"}
-00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319043665565,"flow_src_last_pkt_time":1484319043665565,"flow_dst_last_pkt_time":1484319043665565,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043665565,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1484319043665565,"flow_dst_last_pkt_time":1484319043665565,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319043665565,"pkt":"gCqoTGHM5JjWH70UCABFAABAaV9AAEAGi3bAqAEHuBnMGc+eAFByPGEHAAAAALAC\/\/9NegAAAgQFtAEDAwUBAQgKH2ThCQAAAAAEAgAA"}
-00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1484319043665565,"flow_dst_last_pkt_time":1484319043688511,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319043688511,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lm4GcwZwKgBBwBQz57u7DQucjxhCKAScSCMigAAAgQFtAQCCAr\/\/D2rH2ThCQEDAwU="}
-00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1484319043689999,"flow_dst_last_pkt_time":1484319043688511,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319043689999,"pkt":"gCqoTGHM5JjWH70UCABFAAA0VAZAAEAGoNvAqAEHuBnMGc+eAFByPGEI7uw0L4AQEBUcSAAAAQEICh9k4SH\/\/D2r"}
-00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1484319043691581,"flow_dst_last_pkt_time":1484319043688511,"flow_idle_time":3285032704,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"thread_ts_usec":1484319043691581,"pkt":"gCqoTGHM5JjWH70UCABFAAEpIqVAAEAG0UfAqAEHuBnMGc+eAFByPGEI7uw0L4AYEBW0VgAAAQEICh9k4SL\/\/D2rR0VUIC84N2IzMy9iZWQxMjIzYTAwNDBmZGM5N2JhYzRlOTA2MzMyZTQ2MmM2ZTg3YjMzLmpwZyBIVFRQLzEuMQ0KSG9zdDogYXJ0LTIubmZseGltZy5uZXQNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTO3E9MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBBcmdvLzkuMS4wIChpUGhvbmU7IGlPUyAxMC4yOyBTY2FsZS8yLjAwKQ0KDQo="}
-01114{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":671,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319043665565,"flow_src_last_pkt_time":1484319043691581,"flow_dst_last_pkt_time":1484319043688511,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043691581,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net","http": {"url":"art-2.nflximg.net\/87b33\/bed1223a0040fdc97bac4e906332e462c6e87b33.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}}
-00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1484319043691581,"flow_dst_last_pkt_time":1484319043731268,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319043731268,"pkt":"5JjWH70UgCqoTGHMCABFIAA0CfxAADwG7sW4GcwZwKgBBwBQz57u7DQvcjxh\/YAQA6snlAAAAQEICv\/8PdMfZOEi"}
-02218{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":694,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":25,"flow_first_seen":1484319043013015,"flow_src_last_pkt_time":1484319044532732,"flow_dst_last_pkt_time":1484319044504314,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":33304,"midstream":0,"thread_ts_usec":1484319044532732,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6882,"avg":97129.5,"max":1300093,"stddev":229777.6,"var":52797755392.0,"ent":3.4,"data": [22705,29125,36813,70338,13255,32378,25989,101810,6882,28009,25233,44994,56409,27146,27165,53793,54320,26078,52109,80662,53766,398536,54325,39942,109640,40469,26128,51507,108074,13323,1300093]},"pktlen": {"min":52,"avg":1101.9,"max":1500,"stddev":637.7,"var":406609.6,"ent":4.6,"data": [64,60,52,297,52,1500,1500,1500,52,52,1500,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,80]},"bins": {"c_to_s": [6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0],"entropies": [4.538909912,5.312702179,5.079966545,5.942044735,5.308815479,7.330718994,7.743900776,7.712044239,5.233813286,5.000318527,7.842275620,7.821234226,5.156889915,7.816409111,7.847937107,7.841120243,7.664994240,7.793088913,7.822535038,7.766201496,7.754564285,7.803048134,7.810695171,7.784301758,7.848053455,7.850491524,7.814136028,7.845249176,7.833446503,7.828612804,7.832110882,5.393421650]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1484319044993872,"flow_dst_last_pkt_time":1484319030789585,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1484319044993872,"pkt":"gCqoTGHM5JjWH70UCABFAAAoz5tAAEAGHmfAqAEHNBhXBs7BAbvkIOdlTYzTZlAUEACWDAAAAAAAAAAA"}
-00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":795,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319048757894,"flow_src_last_pkt_time":1484319048757894,"flow_dst_last_pkt_time":1484319048757894,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319048757894,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1484319048757894,"flow_dst_last_pkt_time":1484319048757894,"flow_idle_time":200000000,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1484319048757894,"pkt":"gCqoTGHM5JjWH70UCABFAABBS2MAAP8R7O\/AqAEHwKgBAeL2ADUALZ5c\/mQBAAABAAAAAAAAB2FwcGJvb3QHbmV0ZmxpeANjb20AAAEAAQ=="}
-01043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319048757894,"flow_src_last_pkt_time":1484319048757894,"flow_dst_last_pkt_time":1484319048757894,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319048757894,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"appboot.netflix.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1484319048757894,"flow_dst_last_pkt_time":1484319048776187,"flow_idle_time":200000000,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_usec":1484319048776187,"pkt":"5JjWH70UgCqoTGHMCABFAACy4UZAAEAR1ZvAqAEBwKgBBwA14vYAnkKZ\/mSBgAABAAUAAAAAB2FwcGJvb3QHbmV0ZmxpeANjb20AAAEAAcAMAAUAAQAAAG0ADgdhcHBib290A2dlb8AUwDEABQABAAABawAbB2FwcGJvb3QJdXMtd2VzdC0yBnByb2RhYcAUwEsAAQABAAAACwAENsm\/hMBLAAEAAQAAAAsABDQr9VrASwABAAEAAAALAAQ0GfQx"}
-01062{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":796,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319048757894,"flow_src_last_pkt_time":1484319048757894,"flow_dst_last_pkt_time":1484319048776187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":150,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":150,"midstream":0,"thread_ts_usec":1484319048776187,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"appboot.netflix.com","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.201.191.132"}}}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":797,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319048780859,"flow_src_last_pkt_time":1484319048780859,"flow_dst_last_pkt_time":1484319048780859,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319048780859,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1484319048780859,"flow_dst_last_pkt_time":1484319048780859,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319048780859,"pkt":"gCqoTGHM5JjWH70UCABFAABAtrNAAEAGzAfAqAEHNsm\/hM+fAFA6e8d6AAAAALAC\/\/+ZMQAAAgQFtAEDAwUBAQgKH2T0hAAAAAAEAgAA"}
-00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":798,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1484319048780859,"flow_dst_last_pkt_time":1484319048824981,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319048824981,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGmJ82yb+EwKgBBwBQz59tgW\/FOnvHe6ASRep1DwAAAgQFtAQCCApXXrqDH2T0hAEDAwg="}
-00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1484319048826457,"flow_dst_last_pkt_time":1484319048824981,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319048826457,"pkt":"gCqoTGHM5JjWH70UCABFAAA0VQxAAEAGLbvAqAEHNsm\/hM+fAFA6e8d7bYFvxoAQEBXZhAAAAQEICh9k9LFXXrqD"}
-00929{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":800,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1484319048830359,"flow_dst_last_pkt_time":1484319048824981,"flow_idle_time":3285032704,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_usec":1484319048830359,"pkt":"gCqoTGHM5JjWH70UCABFAAFtxNtAAEAGvLLAqAEHNsm\/hM+fAFA6e8d7bYFvxoAYEBUtNAAAAQEICh9k9LRXXrqDUE9TVCAvYXBwYm9vdC9ORkFQUEwtMDItIEhUVFAvMS4xDQpIb3N0OiBhcHBib290Lm5ldGZsaXguY29tDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogQXJnby85MDAgQ0ZOZXR3b3JrLzgwOC4yLjE2IERhcndpbi8xNi4zLjANCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdDogKi8qDQpYLU5ldGZsaXguQVBJQWN0aW9uOiBhcHBib290DQpDb250ZW50LUxlbmd0aDogMjI5OQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQoNCg=="}
-01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":800,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319048780859,"flow_src_last_pkt_time":1484319048830359,"flow_dst_last_pkt_time":1484319048824981,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":313,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":313,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319048830359,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"appboot.netflix.com","http": {"url":"appboot.netflix.com\/appboot\/NFAPPL-02-","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0","request_content_type":"application\/x-www-form-urlencoded"}}}
-02444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1484319048841019,"flow_dst_last_pkt_time":1484319048824981,"flow_idle_time":3285032704,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1484319048841019,"pkt":"gCqoTGHM5JjWH70UCABFAAXc5GhAAEAGmLbAqAEHNsm\/hM+fAFA6e8i0bYFvxoAQEBWdRQAAAQEICh9k9LVXXrqDeyJlbnRpdHlhdXRoZGF0YSI6eyJhdXRoZGF0YSI6eyJpZGVudGl0eSI6Ik5GQVBQTC0wMi1JUEhPTkU2PTEtODc1OUZDM0NFMDgzNjA2M0MyMTA3RDZBMDM1QUY3M0QyMzU2NzlBQ0Q2OUNBOTg4N0JGNjQ1NzBFQTJERkQ5OCJ9LCJzY2hlbWUiOiJNR0sifSwiaGVhZGVyZGF0YSI6ImV5SmphWEJvWlhKMFpYaDBJam9pVUVkVlp6Rk1OazE0TldkVlpXeDRhM2QxU2tkRFpUSmxObFY2Y0N0NUswWjNkVU41WVVKbVJHTnllblZZTVdkTldXcENTVEJ2U2xWVFRUVXZOamM0UldGcWJXVTRUelY0U21oQ01ubE9PWGcwTTJaTlQwNVJSRUkxYzAwME9IUlBRbU5KU2xab1dFWktORFl4TlZsclNsZGtlRVZaVFhSblNVcGtVVm9yWmtaMWQxcHpjek5JTTFJeFREYzRjWGcxU2s5d09IZFVORGRZWjFJMFIyb3lWVVJGZUZObVozRk9TalkwVHpKSE9IRktSVFJaYldGUmFGVnZkbTB4VGxremEyTnVPU3QyVnpGT0t6QjZVR1p1V2pCR1kwdEpSbkZSYjBKVmJDdGlWSFJaTms5dE55dDBRV3cxYUd0SE4xaFNVak5oUldsYVltSm5kMmMyUlhVd1JteHBSSHB2U0U5WFlYVmlkRGdyUmtnMlYyb3phWHBDYVc5bVYwRmhTREI0VkRJNGRuSkJXbW8zTlRsM1dHZHhWamhVVDFndmNFRXZObWtyZEZoSWQwOVpPVlZHUW14UVkxVlRaSFZXU3l0VWQzSTNVMGRqVVRkT1owZE1lRVp5YjFoQ1dHbzRibEl6ZVRGbFYzZHhVMlJVTm0xWllWUkJSbEZRVG1GaGVETmpiM0pSVGxoUFl6ZEtNbVV6VTJwdGVrbElhRlJ6YTBacldsSlNZa1p6ZWxCSFRFNWhMMVZZYnpGWWRtdGxjRnBhWTBzNFEyNHpaVzVCYlVGdk5EWjRMM1ZDYWxoUU5qZFFlR3RpVWtjMmJVOVJSMDlIVVdsSlZqSlRWbHBWTDFkS1NEUk1TbXRyZG1Wd2QwUXZhRmc0ZURKaFVFeDBRVkZPVDFBMVFtNUdiR2d4WmpOWVlVbG1OWG95U0VkRFFUTjVOMDVoYUVaNVZFWjZkV3RhU2tSYVZHc3pSME5KV21wamJrVkNkekJXZUZsbFVETjJhVWh3UzBwT1JTdHhiMWhFVFROb2VFMXdNalIwV25kRk0xbHdSSE42WTA5bWRIWlNOMnMxVTFoalVFZFFjV3ROY1c5YVIyVkNkM2hrVkRCWlNXVnlhR0ZFVEhsRFltRnROa3htTkhKTWVrbFdVbFZhU3pWYVpHWjFSbWMwY1d4dE9VRTlQU0lzSW1sMklqb2laWEZvVFZaak5VaFFiV1ZSZFZSUFYxZHJZemwxZHowOUlpd2lhMlY1YVdRaU9pSk9Sa0ZRVUV3dE1ESXRTVkJJVDA1Rk5qMHhMVGczTlRsR1F6TkRSVEE0TXpZd05qTkRNakV3TjBRMlFUQXpOVUZHTnpORU1qTTFOamM1UVVORU5qbERRVGs0T0RkQ1JqWTBOVGN3UlVFeVJFWkVPVGdpTENKemFHRXlOVFlpT2lKQlFUMDlJbjA9Iiwic2lnbmF0dXJlIjoieWZ5ZkVRQjVpTjVkeCttb1YyU0FhWnliK1NLMDdPVDVjazhPNE9VdjlZWT0ifXsicGF5bG9hZCI6ImV5SmphWEJvWlhKMFpYaDBJam9pUWpSS056SjFXRzQ1VUhRNVJqUmtRbk5ETUhsWVdWVlVRV3hYUVZwb1ptOURURWRETmpWMmJEaFNhbXhhTVZOUGMycDVhVGwwTmxaNVJsVXlNVUZOTWxOVGRVMVlWVXQ="}
-02196{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":839,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1484319048780859,"flow_src_last_pkt_time":1484319049236027,"flow_dst_last_pkt_time":1484319049229808,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2612,"flow_dst_tot_l4_payload_len":21687,"midstream":0,"thread_ts_usec":1484319049236027,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":193,"avg":29165.1,"max":187154,"stddev":42322.7,"var":1791214592.0,"ent":4.0,"data": [44122,45598,3902,10660,193,60003,5736,990,135055,302,187154,5655,5706,13881,14022,13277,14383,27821,13324,13128,9212,13280,22521,13399,39251,13309,13303,13855,13324,13288,124463]},"pktlen": {"min":52,"avg":812.3,"max":1500,"stddev":674.9,"var":455511.9,"ent":4.4,"data": [64,60,52,365,1500,903,52,52,52,714,1500,52,1500,52,1500,52,1500,1500,52,1012,52,1500,1293,52,1500,1500,1500,1500,1500,1500,1500,64]},"bins": {"c_to_s": [9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,13,0,0]},"directions": [0,1,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,0],"entropies": [4.538909912,5.279368401,5.156889915,5.705281258,5.964499474,6.056532860,5.272274971,5.272274494,5.310736179,6.005652428,5.696421623,5.094483852,6.091891766,5.233812809,5.866946220,5.038780212,5.796521664,5.782927513,5.195351601,5.831374168,5.233812809,5.802160263,5.817751884,5.195351124,5.813166142,5.771504402,5.781269550,5.780963898,5.817500591,5.785477638,5.779314995,5.163660049]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":861,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049465573,"flow_src_last_pkt_time":1484319049465573,"flow_dst_last_pkt_time":1484319049465573,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049465573,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1484319049465573,"flow_dst_last_pkt_time":1484319049465573,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319049465573,"pkt":"gCqoTGHM5JjWH70UCABFAABAjtZAAEAGjk7AqAEHNFkni8+gAFCVL\/AiAAAAALAC\/\/+toQAAAgQFtAEDAwUBAQgKH2T3IAAAAAAEAgAA"}
-00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1484319049465573,"flow_dst_last_pkt_time":1484319049510947,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319049510947,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGMwk0WSeLwKgBBwBQz6CC\/YxQlS\/wI6ASRerkyQAAAgQFtAQCCAqtiNcHH2T3IAEDAwg="}
-00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1484319049516159,"flow_dst_last_pkt_time":1484319049510947,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319049516159,"pkt":"gCqoTGHM5JjWH70UCABFAAA0TN5AAEAG0FLAqAEHNFkni8+gAFCVL\/Ajgv2MUYAQEBVJOgAAAQEICh9k91KtiNcH"}
-01377{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1484319049518619,"flow_dst_last_pkt_time":1484319049510947,"flow_idle_time":3285032704,"pkt_caplen":715,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":715,"pkt_l4_len":681,"thread_ts_usec":1484319049518619,"pkt":"gCqoTGHM5JjWH70UCABFAAK9sclAAEAGaN7AqAEHNFkni8+gAFCVL\/Ajgv2MUYAYEBXtIwAAAQEICh9k91StiNcHUE9TVCAvbXNsL25yZGpzLzIuMS4yIEhUVFAvMS4xDQpIb3N0OiBhcGktZ2xvYmFsLm5ldGZsaXguY29tDQpYLUdpYmJvbi1DYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQWNjZXB0OiAqLyoNClgtTmV0ZmxpeC5yZXF1ZXN0LmV4cGlyeS50aW1lb3V0OiAxNTAwMA0KWC1BbGxvd0NvbXByZXNzaW9uOiBmYWxzZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KWC1OZXRmbGl4LnJlcXVlc3QuYXR0ZW1wdDogMQ0KQ29udGVudC1MZW5ndGg6IDg0MTYNClgtQ2xpZW50LVJlcXVlc3QtSWQ6IDE4NDQ2MzU2MTMzMDg2MjYxNjEyDQpVc2VyLUFnZW50OiBBcmdvLzkwMCBDRk5ldHdvcmsvODA4LjIuMTYgRGFyd2luLzE2LjMuMA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ29va2llOiBtZW1jbGlkPTcwMWFkMzEyLTQ4MDEtNDdlNy1hYzAwLWNiMzdhZTJmNGFmZjsgbmZ2ZGlkPUJRRm1BQUVCRUpYJTJGOEFodHlLbFRicmt0TUhUSWRITkFYbUJNMFpuUEY2NDJwZW5HVEhPaXQzeDlyVTBwTG0wS0s3ZDhtb0J5ZDFROW9Fc2FRT1UwNXkxJTJGT1RRWWRPODZVVDFZVlVOTGpxVUR1WEU2V3MzVTdRJTNEJTNEDQoNCg=="}
-01154{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319049465573,"flow_src_last_pkt_time":1484319049518619,"flow_dst_last_pkt_time":1484319049510947,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":649,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":649,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049518619,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","http": {"url":"api-global.netflix.com\/msl\/nrdjs\/2.1.2","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0","request_content_type":"application\/x-www-form-urlencoded"}}}
-02445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1484319049529760,"flow_dst_last_pkt_time":1484319049510947,"flow_idle_time":3285032704,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1484319049529760,"pkt":"gCqoTGHM5JjWH70UCABFAAXcGHxAAEAG\/wzAqAEHNFkni8+gAFCVL\/Ksgv2MUYAQEBU48AAAAQEICh9k91StiNcHeyJoZWFkZXJkYXRhIjoiZXlKamFYQm9aWEowWlhoMElqb2labkJwTWprNE1IVlpRbThyZDNkSlNYQnNjMWhMS3paQ1ZFaERhM2RrYTFOU09XbFVUbWx3TVVZMU9XVlRiV3BUYVd4VVRta3ZORlJQYnpSeFFsUk1ZVmh4VlZkUmFFNUtjQ3RaUzA5VVkyVlJVVkJVYVZWbmFVOVRaM1F5YmpjeWNFOVdhRlZhVW5GMWJuVm9TMmRZVHpaSWRqVkJWamR0ZVRZcmFWUnROVUZvU2t4TFZsTmtWMDFYVkd3eGRTOUJjbTR4ZUdSTFZtaHBjSGsxT0hSeVdrRnZlaXRDY3pKSVR6ZFJWVEJvZW0xWk9ERnRjR1JNZUcxYWFUSjZWSGhNYzNWd0wxWlVTRWhNT0hNNGIwNDJjVkpwWW5sWGNuVk9kRkV4Y21adVNsTndlbkp1UzJSck1VdHBLMWxVYmxOMFNqWTVkMEk1VUhBd2RpdHVObmhKZW5wRlMwTlRaRkpHVVdwNE56ZFZVbGRWYTI1VVZGUTBjWFpEY25BMlUwNXFOMGhaTjB0YWVpOTFUV3BKT1ZscU4xSlJZMWx3T0hKMU0xUTRjMDFEY2pCU2EzRm1SVVV2VHpCVU5VWlRPRFpyUTJkcVJXZFNSVlJFV1d0UmMzZE1jSGxCYW5ZdlYxZEtNazl3U0U5eE9HRk5iM3BMZERRd1Rqa3JaMnhyTnpSTU1UbGtkbUpQTXpOdlRFWnNNRUpEU1hadU5ISnhhaXRST1VGb1VtWndaMFZqWldoRFZWTllPV3RVZUZsMlduRmhTMHBzUkdVNFFUSjFUV0UwYjNaNlkwMWxhMEozWlRkc1JIazFNa042ZDBGR1NtWlhlbVl6YWxWUlZVMXllalZFUjJkWWVXRlJhVlp5UjFOaGREVnRSek4xUmtVMksyeHhaVEEwT1ZSUFVqaEZLMGRRV1d4eFptcGFiRTl5Vm0xQk1sTldlVWhLZGpkMVYwVkVNV1lyTTFWa00wNVBXamQzTVZWV2NYTTNaaTlpUTNnNWRuRjVVbGhWV0M4cmMwRjJNMUp1TkRNM2IzZHdlV0phY2pWSFFWZFRNRWhTYUhGemNtSXpURGxSY0VjNFIyNXFSamxOWTBwT1owMU9aVEZvSzNSb1JtcElaRzVZT0hsb1VrNXlVVmhDUWxoRFZXUk1aVnByU1dkR01qUkJia3RDUlc1RWFtazVWRTF6YTBwalpuUldWMWhOYUVWVlprdFZNV0o1ZGk5RFdXTlhVWFpEWVdSNFUzQlJOR1JQY2tkV1NVMUhWME4xWm5SalVrOTJWV1pPZFZRM01taG1SMFZ3UldaVVJrc3JaV3d5VkRoTFVFcHliMWRNYlVoeVVrdE5SM0ZYZGxSV1REaHdabGhrZG1OcGFVSldRMmhOZDNGTWEzRm5PV1UyVjNsWVZWRXJibWs1T1hGc2NHWkZkbWMyYXl0MUsyeDZjRXcxWVVOcFUwZHlaMHgwV0VkNlNXVk9OMWt2V1Vwc01VeFJhMWhYYW5oTlkzRXZNMFkyUlV0eE9GTnFkakJ6UzJkMWVuaG1URkJpWVVkd1FuSmFXV1pKZFZGWmR6RXlVMlJVU1dsNFZHSmtjbEZaWVVsRk9HMVlXRE5rTXk5UFNVcEZSM2xxZVRaeE9FVkdXWHBIS3pkM2NVODVZa1F5YkdkSlNEQnVXV3hEYm01MmIyWnZlamsxYzNBek9WUnRXbnAwZGpsMFRFbzNPVWRTTjNCeWJYTlpZemhRVGpseWJHNTZPRWgzVGpKMGRUZzNhVmhsZDFWbU1qQjBkRVJVU1ZWNFF6WnVTMWRIVEZBcmVrSmxPRUoxVjFVMU1VTjNjbE5DYjBseFp6RnRPVU12WVhkaVZXRmhUVlE1ZGtseFltRlpjR1V3Um5sRlE="}
-01164{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":878,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":2,"flow_first_seen":1484319049465573,"flow_src_last_pkt_time":1484319049580164,"flow_dst_last_pkt_time":1484319049578403,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4993,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049580164,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","http": {"url":"api-global.netflix.com\/msl\/nrdjs\/2.1.2","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0","request_content_type":"application\/x-www-form-urlencoded"}}}
-00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":886,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049641053,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049641053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049641053,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049641053,"flow_idle_time":200000000,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1484319049641053,"pkt":"gCqoTGHM5JjWH70UCABFAABCJHQAAP8RE97AqAEHwKgBAcoQADUALkrZBBoBAAABAAAAAAAABGE4MDMEZHNjZwZha2FtYWkDbmV0AAABAAE="}
-01039{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":886,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049641053,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049641053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049641053,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a803.dscg.akamai.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":887,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049645637,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049645637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049645637,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049645637,"flow_idle_time":200000000,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1484319049645637,"pkt":"gCqoTGHM5JjWH70UCABFAABCunsAAEARPNfAqAEHwKgBAcx7ADUALmwlX+cBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAE="}
-01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":887,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049645637,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049645637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049645637,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"ios.nccp.netflix.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-02209{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":889,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1484319043012652,"flow_src_last_pkt_time":1484319049640319,"flow_dst_last_pkt_time":1484319049653906,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":491,"flow_dst_tot_l4_payload_len":23168,"midstream":0,"thread_ts_usec":1484319049653906,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":590,"avg":428029.7,"max":6030936,"stddev":1231580.9,"var":1516791529472.0,"ent":2.3,"data": [22448,28943,26758,57708,590,13165,40076,31828,42757,26526,25526,50240,53221,30909,25521,54871,53768,27167,52693,79537,53772,544724,1519985,11557,27351,27280,28765,635381,3643850,6030936,1068]},"pktlen": {"min":52,"avg":795.6,"max":1500,"stddev":706.6,"var":499284.2,"ent":4.3,"data": [64,60,52,298,52,1500,1500,52,1500,52,1500,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,80,80,80,72,64,52,52,297,1500,1500]},"bins": {"c_to_s": [12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1],"entropies": [4.570159912,5.187539101,5.118428230,5.866323471,5.308815956,7.539054394,7.823310852,5.094483852,7.811959267,5.038779736,7.799767494,7.796337128,5.156889439,7.762200832,7.778352737,7.834424973,7.823929787,7.799146652,7.830269337,7.869925976,7.880800724,7.877037048,5.357215405,5.224027157,5.307214737,5.376956940,5.259624004,5.233813286,5.195351601,5.825244904,7.190491676,7.824782848]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":891,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049665892,"flow_idle_time":200000000,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1484319049665892,"pkt":"5JjWH70UgCqoTGHMCABFAABi4UdAAEAR1erAqAEBwKgBBwA1yhAATkFkBBqBgAABAAIAAAAABGE4MDMEZHNjZwZha2FtYWkDbmV0AAABAAHADAABAAEAAAAMAAS4GcwYwAwAAQABAAAADAAEuBnMKA=="}
-01055{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":891,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319049641053,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049665892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1484319049665892,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a803.dscg.akamai.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.24"}}}
-00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":895,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319049672494,"flow_dst_last_pkt_time":1484319049672494,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049672494,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":895,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1484319049672494,"flow_dst_last_pkt_time":1484319049672494,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319049672494,"pkt":"gCqoTGHM5JjWH70UCABFAABAS8NAAEAGqRPAqAEHuBnMGM+hAFBgKjK0AAAAALAC\/\/92\/gAAAgQFtAEDAwUBAQgKH2T36AAAAAAEAgAA"}
-00916{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":896,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049681348,"flow_idle_time":200000000,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"thread_ts_usec":1484319049681348,"pkt":"5JjWH70UgCqoTGHMCABFAAFl4UhAAEAR1ObAqAEBwKgBBwA1zHsBUaLnX+eBgAABAAoAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAHADAAFAAEAAABiAA8DaW9zBG5jY3ADZ2VvwBXAMgAFAAEAAAFYABwDaW9zBG5jY3AJdXMtd2VzdC0yBnByb2RhYcAVwE0AHAABAAAAFwAQJiABCHAPAAAAAAAANChyo8BNABwAAQAAABcAECYgAQhwDwAAAAAAADQoMS\/ATQAcAAEAAAAXABAmIAEIcA8AAAAAAAA0KQT4wE0AHAABAAAAFwAQJiABCHAPAAAAAAAANCk7ncBNABwAAQAAABcAECYgAQhwDwAAAAAAADQnRIjATQAcAAEAAAAXABAmIAEIcA8AAAAAAAA0KBwAwE0AHAABAAAAFwAQJiABCHAPAAAAAAAANCh7ccBNABwAAQAAABcAECYgAQhwDwAAAAAAADQoNhw="}
-01061{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":896,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319049645637,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049681348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":329,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":329,"midstream":0,"thread_ts_usec":1484319049681348,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"ios.nccp.netflix.com","dns": {"num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.32.1.8"}}}
-00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":897,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049684933,"flow_dst_last_pkt_time":1484319049684933,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049684933,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":897,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1484319049684933,"flow_dst_last_pkt_time":1484319049684933,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319049684933,"pkt":"gCqoTGHM5JjWH70UCABFAABAHF1AAEAGFLrAqAEHNr8RM8+qAbupwyRaAAAAALAC\/\/92fwAAAgQFtAEDAwUBAQgKH2T39AAAAAAEAgAA"}
-00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":898,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1484319049672494,"flow_dst_last_pkt_time":1484319049697401,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319049697401,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lq4GcwYwKgBBwBQz6GV0BcIYCoytaAScSDlwwAAAgQFtAQCCAr\/\/IQ4H2T36AEDAwU="}
-00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1484319049700208,"flow_dst_last_pkt_time":1484319049697401,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319049700208,"pkt":"gCqoTGHM5JjWH70UCABFAAA0bmdAAEAGhnvAqAEHuBnMGM+hAFBgKjK1ldAXCYAQEBV1gAAAAQEICh9k+AH\/\/IQ4"}
-00798{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1484319049703194,"flow_dst_last_pkt_time":1484319049697401,"flow_idle_time":3285032704,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_usec":1484319049703194,"pkt":"gCqoTGHM5JjWH70UCABFAAEMARZAAEAG8vTAqAEHuBnMGM+hAFBgKjK1ldAXCYAYEBWbUgAAAQEICh9k+AP\/\/IQ4R0VUIC90cGEzLzYxNi8yMDQxNzc5NjE2LmJpZiBIVFRQLzEuMQ0KSG9zdDogdHAuYWthbS5uZmx4aW1nLmNvbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogZW4tdXMNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogQXJnby85MDAgQ0ZOZXR3b3JrLzgwOC4yLjE2IERhcndpbi8xNi4zLjANCg0K"}
-01093{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":902,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319049703194,"flow_dst_last_pkt_time":1484319049697401,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049703194,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"tp.akam.nflximg.com","http": {"url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}}
-00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":905,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1484319049703194,"flow_dst_last_pkt_time":1484319049725869,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319049725869,"pkt":"5JjWH70UgCqoTGHMCABFIAA0k1dAADwGZWu4GcwYwKgBBwBQz6GV0BcJYCozjYAQA6uA6gAAAQEICv\/8hF4fZPgD"}
-00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1484319049684933,"flow_dst_last_pkt_time":1484319049740377,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319049740377,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGRvs2vxEzwKgBBwG7z6pwpjzKqcMkW6ASOJCp2gAAAgQFtAQCCAqtikoKH2T39AEDAwg="}
-00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":910,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1484319049743556,"flow_dst_last_pkt_time":1484319049740377,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319049743556,"pkt":"gCqoTGHM5JjWH70UCABFAAA0ddRAAEAGu07AqAEHNr8RM8+qAbupwyRbcKY8y4AQEBUA7QAAAQEICh9k+CqtikoK"}
-01204{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":912,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049740377,"flow_idle_time":3285032704,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319049748048,"pkt":"gCqoTGHM5JjWH70UCABFAAI5KeBAAEAGBT7AqAEHNr8RM8+qAbupwyRbcKY8y4AYEBVJ9gAAAQEICh9k+C6tikoKFgMBAgABAAH8AwPYXvBe7OTKRo\/HluRIJZi3JSt\/Gg\/Ui4yLFjBV5BYvDAAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":912,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049740377,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049748048,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-01247{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":913,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319049703194,"flow_dst_last_pkt_time":1484319049753726,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319049753726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"tp.akam.nflximg.com","http": {"url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":200,"content_type":"text\/plain","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}}
-00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":919,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049807153,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319049807153,"pkt":"5JjWH70UgCqoTGHMCABFIAA0dtFAACoG0DE2vxEzwKgBBwG7z6pwpjzLqcMmYIAQAD0OrAAAAQEICq2KShofZPgu"}
-01275{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":920,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049807663,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319049807663,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}}
-01615{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":923,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049850914,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319049850914,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}}
-00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":968,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319050652467,"flow_src_last_pkt_time":1484319050652467,"flow_dst_last_pkt_time":1484319050652467,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319050652467,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":968,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1484319050652467,"flow_dst_last_pkt_time":1484319050652467,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319050652467,"pkt":"gCqoTGHM5JjWH70UCABFAABA2xBAAEAGenHAqAEHF\/YLkc+rAFC8XkCtAAAAALAC\/\/9pzAAAAgQFtAEDAwUBAQgKH2T7jgAAAAAEAgAA"}
-00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1484319050652467,"flow_dst_last_pkt_time":1484319050677236,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319050677236,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmYX9guRwKgBBwBQz6susPTdvF5ArqAS\/\/\/2WQAAAgQFtAEDAwkEAggKRVwbeB9k+44="}
-00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":971,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1484319050678757,"flow_dst_last_pkt_time":1484319050677236,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319050678757,"pkt":"gCqoTGHM5JjWH70UCABFAAA0kSxAAEAGxGHAqAEHF\/YLkc+rAFC8XkCuLrD03oAQEBUU+gAAAQEICh9k+6dFXBt4"}
-00987{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":972,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1484319050682551,"flow_dst_last_pkt_time":1484319050677236,"flow_idle_time":3285032704,"pkt_caplen":422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":422,"pkt_l4_len":388,"thread_ts_usec":1484319050682551,"pkt":"gCqoTGHM5JjWH70UCABFAAGY\/5JAAEAGVJfAqAEHF\/YLkc+rAFC8XkCuLrD03oAYEBUr\/wAAAQEICh9k+6pFXBt4R0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMLXAtVmVJWjZXS1JxLVg2TE12YUxxZ3hXQkN1RmJoMDlNcHJlT1JVVU9PNVR4MTY4M0hQbkxZNkJQak5fOW1sRHVZaWhHWm9YdTl1MG96SDhSRmlvQk5fSkROaVJzY2lkanZvU2RXbWx5WmdQTmFuc1cwbGtCcjRYODFIdmxvT2k4QlNfZXhWU1BoTXlKUVRCNWJnJnY9MyZlPTE0ODQzNDc4NTAmdD01eGZZVnRuYTNHZFlYTDcxdU5zNkRaLVg4NFkmcmFuZG9tPTM5MzA3MDgyMjQgSFRUUC8xLjENCkhvc3Q6IDIzLjI0Ni4xMS4xNDUNCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGRlZmxhdGUsIGd6aXANClVzZXItQWdlbnQ6IG5ldGZsaXgtaW9zLWFwcA0KDQo="}
-01391{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":972,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319050652467,"flow_src_last_pkt_time":1484319050682551,"flow_dst_last_pkt_time":1484319050677236,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319050682551,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.145","http": {"url":"23.246.11.145\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=3930708224","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
-01196{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":978,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1484319050682551,"flow_dst_last_pkt_time":1484319050719721,"flow_idle_time":3285032704,"pkt_caplen":581,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":581,"pkt_l4_len":547,"thread_ts_usec":1484319050719721,"pkt":"5JjWH70UgCqoTGHMCABFIAI3AABAADsGWGsX9guRwKgBBwBQz6susPTevF5CEoAQCAIpPgAAAQEICkVcG6AfZPuqSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjUwIEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogV2VkLCAwOSBNYXIgMjAxNiAxMjoxNDoxNSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0yMjIxNjM3NTg4O2gxPTM4MzU3MzQ4NDM7aDI9OTA1OTYwMTAyO2gzPTE4OTE3NzkxNTQ7aDQ9MTIzNDk0MDsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE2MzthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
-02328{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1008,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":21,"flow_first_seen":1484319050652467,"flow_src_last_pkt_time":1484319051912595,"flow_dst_last_pkt_time":1484319051940613,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":28027,"midstream":0,"thread_ts_usec":1484319051940613,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3794,"avg":82202.4,"max":651024,"stddev":153564.6,"var":23582076928.0,"ent":3.6,"data": [24769,26290,3794,42485,4828,43771,27157,40474,69366,43854,44827,78254,38808,79815,102619,28781,14718,354324,85041,14066,12423,12747,651024,22850,582496,8619,27490,16417,16392,14698,15077]},"pktlen": {"min":52,"avg":940.8,"max":1500,"stddev":683.5,"var":467159.1,"ent":4.5,"data": [64,60,52,408,567,1500,52,1500,1500,52,1500,52,1500,1500,1500,1500,1500,1500,80,1500,1500,1500,1500,64,52,1500,1500,52,1500,52,1500,1500]},"bins": {"c_to_s": [10,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,1,0,1,1,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,0,1,1],"entropies": [4.550704956,5.312702179,5.103910923,6.388577938,5.862974167,3.576230049,5.195351124,2.528419971,2.540967226,5.077241421,2.547356844,5.115703106,2.543488026,2.552008152,2.558917999,3.816826105,3.805565357,3.816280365,5.256690979,3.890866995,3.462315798,3.461706400,3.458227158,5.071470261,5.154164314,3.470844507,3.517976761,5.154164314,3.546975851,4.955154419,3.560742617,3.579237461]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1027,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319052216458,"flow_src_last_pkt_time":1484319052216458,"flow_dst_last_pkt_time":1484319052216458,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319052216458,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1484319052216458,"flow_dst_last_pkt_time":1484319052216458,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319052216458,"pkt":"gCqoTGHM5JjWH70UCABFAABAN3hAAEAGHxDAqAEHF\/YKi8+sAFBgdy0VAAAAALAC\/\/\/UZQAAAgQFtAEDAwUBAQgKH2UBeQAAAAAEAgAA"}
-00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1484319052216458,"flow_dst_last_pkt_time":1484319052235250,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319052235250,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGW2wX9gqLwKgBBwBQz6xlmlqWYHctFqAS\/\/8JBgAAAgQFtAEDAwkEAggKQI7bkB9lAXk="}
-00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_src_last_pkt_time":1484319052237833,"flow_dst_last_pkt_time":1484319052235250,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319052237833,"pkt":"gCqoTGHM5JjWH70UCABFAAA0JFZAAEAGMj7AqAEHF\/YKi8+sAFBgdy0WZZpal4AQEBUnrAAAAQEICh9lAYxAjtuQ"}
-00987{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_src_last_pkt_time":1484319052242977,"flow_dst_last_pkt_time":1484319052235250,"flow_idle_time":3285032704,"pkt_caplen":422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":422,"pkt_l4_len":388,"thread_ts_usec":1484319052242977,"pkt":"gCqoTGHM5JjWH70UCABFAAGYZXBAAEAG77\/AqAEHF\/YKi8+sAFBgdy0WZZpal4AYEBXLwAAAAQEICh9lAZFAjtuQR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMLXAtVmVJWjZXS1JxLVg2TE12YUxxZ3hXQkN1RmJoMDlNcHJlT1JVVU9PNVR4MTY4M0hQbkxZNkJQak5fOW1sRHVZaWhHWm9YdTl1MG96SDhSRmlvQk5fSkROaVJzY2lkanZvU2RXbWx5WmdQTmFuc1cwbGtCcjRYODFIdmxvT2k4QlNfZXhWU1BoTXlKUVRCNWJnJnY9MyZlPTE0ODQzNDc4NTAmdD0tZGpHWEljYkZCTnp5ZnVncUVXY3JndENweVkmcmFuZG9tPTM0MDczNjA3NzYgSFRUUC8xLjENCkhvc3Q6IDIzLjI0Ni4xMC4xMzkNCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGRlZmxhdGUsIGd6aXANClVzZXItQWdlbnQ6IG5ldGZsaXgtaW9zLWFwcA0KDQo="}
-01392{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319052216458,"flow_src_last_pkt_time":1484319052242977,"flow_dst_last_pkt_time":1484319052235250,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319052242977,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.10.139","http": {"url":"23.246.10.139\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=3407360776","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
-01197{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1034,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_src_last_pkt_time":1484319052242977,"flow_dst_last_pkt_time":1484319052270991,"flow_idle_time":3285032704,"pkt_caplen":582,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":582,"pkt_l4_len":548,"thread_ts_usec":1484319052270991,"pkt":"5JjWH70UgCqoTGHMCABFIAI4AABAADsGWXAX9gqLwKgBBwBQz6xlmlqXYHcueoAQCAJ9jgAAAQEICkCO27MfZQGRSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjUyIEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogV2VkLCAwMiBEZWMgMjAxNSAxMTo1NjoxMSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0xNjkxOTM1MzA7aDE9MzQ4NzI0MzI0ODtoMj0zNzE0MjA4Mzg0O2gzPTY2MDIzMTMzO2g0PTE4NTY2Mzk4ODk7DQpYLVNlc3Npb24tSW5mbzogYWRkcj03My4yMDMuMTA3LjIzO3BvcnQ9NTMxNjQ7YXJncD02LnNOYzBEWFNmOFRIRTNmNHk4VnVObGtUSExzRW5RMUNLY2tDN3VzdzJ2YkENCg0K"}
-02328{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1073,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1484319052216458,"flow_src_last_pkt_time":1484319053577715,"flow_dst_last_pkt_time":1484319053589492,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":25132,"midstream":0,"thread_ts_usec":1484319053589492,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1043,"avg":88202.9,"max":638852,"stddev":151898.7,"var":23073200128.0,"ent":3.7,"data": [18792,21375,5144,35741,1043,5439,35508,13242,13983,20324,20435,13235,116191,170244,28107,56564,51631,31663,27571,12760,327583,131379,638852,579987,19881,15021,30035,13582,42286,118688,118005]},"pktlen": {"min":52,"avg":851.9,"max":1500,"stddev":697.4,"var":486427.5,"ent":4.4,"data": [64,60,52,408,568,1500,1500,52,1500,52,1500,52,1500,52,1500,1500,1500,1500,1500,1500,1500,80,1500,80,1500,72,1500,64,52,1500,52,1500]},"bins": {"c_to_s": [12,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,1,0,1,1,1,1,1,1,1,0,1,0,1,0,1,0,0,1,0,1],"entropies": [4.451259136,5.200120449,5.003043175,6.363925457,5.826877117,3.573564768,2.540809155,5.079966545,2.553215742,4.950064659,2.546205282,4.961856842,2.557531357,4.985801220,2.554388523,2.558952808,3.302551985,3.777240515,3.820478201,3.802512646,3.817392588,5.302858829,3.877096891,5.277858257,3.521096945,5.267232895,3.547756672,5.124750137,4.947339535,3.545200109,4.894361019,3.575657606]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1100,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319054101585,"flow_src_last_pkt_time":1484319054101585,"flow_dst_last_pkt_time":1484319054101585,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319054101585,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1100,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1484319054101585,"flow_dst_last_pkt_time":1484319054101585,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319054101585,"pkt":"gCqoTGHM5JjWH70UCABFAABA9bFAAEAGZ9XAqAEHF\/YDjM+zAFBtwXYMAAAAALAC\/\/99\/AAAAgQFtAEDAwUBAQgKH2UImQAAAAAEAgAA"}
-00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1101,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1484319054101585,"flow_dst_last_pkt_time":1484319054132376,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319054132376,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADgGZWsX9gOMwKgBBwBQz7OFwt93bcF2DaAS\/\/\/aJAAAAgQFtAEDAwkEAggKhKDK7B9lCJk="}
-00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1102,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1484319054134077,"flow_dst_last_pkt_time":1484319054132376,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319054134077,"pkt":"gCqoTGHM5JjWH70UCABFAAA0mQ1AAEAGxIXAqAEHF\/YDjM+zAFBtwXYNhcLfeIAQEBX4vQAAAQEICh9lCLmEoMrs"}
-00982{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1103,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1484319054139605,"flow_dst_last_pkt_time":1484319054132376,"flow_idle_time":3285032704,"pkt_caplen":420,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":420,"pkt_l4_len":386,"thread_ts_usec":1484319054139605,"pkt":"gCqoTGHM5JjWH70UCABFAAGW+VhAAEAGYtjAqAEHF\/YDjM+zAFBtwXYNhcLfeIAYEBWMVgAAAQEICh9lCL6EoMrsR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMLXAtVmVJWjZXS1JxLVg2TE12YUxxZ3hXQkN1RmJoMDlNcHJlT1JVVU9PNVR4MTY4M0hQbkxZNkJQak5fOW1sRHVZaWhHWm9YdTl1MG96SDhSRmlvQk5fSkROaVJzY2lkanZvU2RXbWx5WmdQTmFuc1cwbGtCcjRYODFIdmxvT2k4QlNfZXhWU1BoTXlKUVRCNWJnJnY9MyZlPTE0ODQzNDc4NTAmdD0tOHU0dmxjUHVGcWNPTG5MeWI5RER0Sy1iQjQmcmFuZG9tPTM1NzUwOTY1NyBIVFRQLzEuMQ0KSG9zdDogMjMuMjQ2LjMuMTQwDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlLCBnemlwDQpVc2VyLUFnZW50OiBuZXRmbGl4LWlvcy1hcHANCg0K"}
-01388{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1103,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319054101585,"flow_src_last_pkt_time":1484319054139605,"flow_dst_last_pkt_time":1484319054132376,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":354,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":354,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319054139605,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.3.140","http": {"url":"23.246.3.140\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
-01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1104,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1484319054139605,"flow_dst_last_pkt_time":1484319054176709,"flow_idle_time":3285032704,"pkt_caplen":585,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":585,"pkt_l4_len":551,"thread_ts_usec":1484319054176709,"pkt":"5JjWH70UgCqoTGHMCABFIAI7AABAADgGY2wX9gOMwKgBBwBQz7OFwt94bcF3b4AQCAIFOAAAAQEICoSgyxgfZQi+SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU0IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogV2VkLCAwMiBEZWMgMjAxNSAxMzowNDo1NCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0xMzQ4NjUzMDQ1O2gxPTI5MjU4ODY1MDk7aDI9MzMxMjc0NzM0OTtoMz0zNTU2NzU4MDYwO2g0PTI0NjkwOTU0ODI7DQpYLVNlc3Npb24tSW5mbzogYWRkcj03My4yMDMuMTA3LjIzO3BvcnQ9NTMxNzE7YXJncD02LnNOYzBEWFNmOFRIRTNmNHk4VnVObGtUSExzRW5RMUNLY2tDN3VzdzJ2YkENCg0K"}
-02320{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1132,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":22,"flow_first_seen":1484319054101585,"flow_src_last_pkt_time":1484319054294236,"flow_dst_last_pkt_time":1484319054480080,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":354,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":354,"flow_dst_tot_l4_payload_len":29479,"midstream":0,"thread_ts_usec":1484319054480080,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2187,"avg":18424.1,"max":44333,"stddev":10032.7,"var":100655136.0,"ent":4.7,"data": [30791,32492,5528,44333,2187,41107,2921,12763,15575,14938,14982,12802,12713,26425,12767,11943,13284,17180,31033,13321,13566,25571,14329,13905,26660,13805,13288,27210,13255,13305,27167]},"pktlen": {"min":52,"avg":984.9,"max":1500,"stddev":672.7,"var":452466.1,"ent":4.5,"data": [64,60,52,406,571,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500]},"bins": {"c_to_s": [9,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,1,1,1,1,1,1,1,1],"entropies": [4.527114868,5.266787052,5.118428230,6.362258911,5.831311226,3.571949720,5.233812809,2.540643215,2.558721066,5.195351124,2.550262213,5.038779736,2.557194710,2.582848072,5.195351124,2.547422886,5.038780212,2.553757429,2.570932388,5.195351124,2.541049719,5.115703106,3.780845165,3.769821644,3.779848337,3.819229603,3.784283876,3.803048134,3.786687374,3.790169001,3.883657932,3.464622736]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-02331{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1140,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319054604684,"flow_dst_last_pkt_time":1484319054632485,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":17376,"midstream":0,"thread_ts_usec":1484319054632485,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2986,"avg":319102.6,"max":4093620,"stddev":811857.0,"var":659111739392.0,"ent":2.8,"data": [24907,27714,2986,28468,27857,27840,80258,56838,56993,49295,90365,82473,40903,66540,53920,192092,80506,134732,711253,22984,31289,47833,1645394,40376,54849,160828,1864439,25699,40451,28479,4093620]},"pktlen": {"min":52,"avg":611.1,"max":1500,"stddev":689.4,"var":475329.8,"ent":4.0,"data": [64,60,52,268,52,1500,1500,52,1500,52,1500,64,1500,1500,1500,1500,1500,1500,1500,80,80,80,80,80,80,80,80,72,64,64,52,1500]},"bins": {"c_to_s": [17,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1],"entropies": [4.570159912,5.312702179,5.132945538,5.890671253,5.308815479,5.345861435,5.004974365,5.272274494,6.923064709,5.053297043,7.872980118,5.163660049,7.695485115,7.810632706,7.851381779,7.826048851,7.839385986,7.837315559,7.867424488,5.267898560,5.317898273,5.317898273,5.283462048,5.393421650,5.418421745,5.418421268,5.387294292,5.247972012,5.216578960,5.247828960,5.156889915,7.848117828]},"ndpi": {"flow_risk": {"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1231,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056204111,"flow_src_last_pkt_time":1484319056204111,"flow_dst_last_pkt_time":1484319056204111,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056204111,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1484319056204111,"flow_dst_last_pkt_time":1484319056204111,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319056204111,"pkt":"gCqoTGHM5JjWH70UCABFAABAfy9AAEAG1l7AqAEHF\/YLhc+0AFDwxwoWAAAAALAC\/\/9XEAAAAgQFtAEDAwUBAQgKH2UQewAAAAAEAgAA"}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1232,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056210218,"flow_src_last_pkt_time":1484319056210218,"flow_dst_last_pkt_time":1484319056210218,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056210218,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1232,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1484319056210218,"flow_dst_last_pkt_time":1484319056210218,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319056210218,"pkt":"gCqoTGHM5JjWH70UCABFAABAc11AAEAG4jDAqAEHF\/YLhc+1AFCjZhjfAAAAALAC\/\/+VoQAAAgQFtAEDAwUBAQgKH2UQgQAAAAAEAgAA"}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1233,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056214323,"flow_src_last_pkt_time":1484319056214323,"flow_dst_last_pkt_time":1484319056214323,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056214323,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1233,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1484319056214323,"flow_dst_last_pkt_time":1484319056214323,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319056214323,"pkt":"gCqoTGHM5JjWH70UCABFAABAlQtAAEAGwHrAqAEHF\/YLjc+2AFBDrGT6AAAAALAC\/\/+pMwAAAgQFtAEDAwUBAQgKH2UQhQAAAAAEAgAA"}
-00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1234,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056204111,"flow_dst_last_pkt_time":1484319056215779,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056215779,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWnIX9guFwKgBBwBQz7RnATKV8McKF6AS\/\/8JWwAAAgQFtAEDAwkEAggKNWmPpR9lEHs="}
-00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056219771,"flow_dst_last_pkt_time":1484319056215779,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056219771,"pkt":"gCqoTGHM5JjWH70UCABFAAA0oIhAAEAGtRHAqAEHF\/YLhc+0AFDwxwoXZwEyloAQEBUoBwAAAQEICh9lEIg1aY+l"}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1236,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056221799,"flow_src_last_pkt_time":1484319056221799,"flow_dst_last_pkt_time":1484319056221799,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056221799,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1484319056221799,"flow_dst_last_pkt_time":1484319056221799,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319056221799,"pkt":"gCqoTGHM5JjWH70UCABFAABAtyBAAEAGnmXAqAEHF\/YLjc+3AFC7qylgAAAAALAC\/\/9syQAAAgQFtAEDAwUBAQgKH2UQiQAAAAAEAgAA"}
-00990{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056222173,"flow_dst_last_pkt_time":1484319056215779,"flow_idle_time":3285032704,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"thread_ts_usec":1484319056222173,"pkt":"gCqoTGHM5JjWH70UCABFAAGaDOxAAEAGR0jAqAEHF\/YLhc+0AFDwxwoXZwEyloAYEBXItgAAAQEICh9lEIo1aY+lR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMW91VmFKcGVRTEJXakdMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwXzdsSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PUpmRWVmODBLMDJ5bklqTExvaS1IWkIxdVExMCZyYW5kb209MjQ3MzMzNjUxMyBIVFRQLzEuMQ0KSG9zdDogMjMuMjQ2LjExLjEzMw0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZSwgZ3ppcA0KVXNlci1BZ2VudDogbmV0ZmxpeC1pb3MtYXBwDQoNCg=="}
-01394{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1237,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056204111,"flow_src_last_pkt_time":1484319056222173,"flow_dst_last_pkt_time":1484319056215779,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056222173,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.133","http": {"url":"23.246.11.133\/range\/0-65535?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10&random=2473336513","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1238,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056232857,"flow_src_last_pkt_time":1484319056232857,"flow_dst_last_pkt_time":1484319056232857,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056232857,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1484319056232857,"flow_dst_last_pkt_time":1484319056232857,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319056232857,"pkt":"gCqoTGHM5JjWH70UCABFAABA7BpAAEAGaWvAqAEHF\/YLjc+4AFBql8CVAAAAALAC\/\/8mpAAAAgQFtAEDAwUBAQgKH2UQjAAAAAAEAgAA"}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1239,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056233255,"flow_src_last_pkt_time":1484319056233255,"flow_dst_last_pkt_time":1484319056233255,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056233255,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1484319056233255,"flow_dst_last_pkt_time":1484319056233255,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319056233255,"pkt":"gCqoTGHM5JjWH70UCABFAABALEhAAEAGKT7AqAEHF\/YLjc+5AFBMFfUEAAAAALAC\/\/8QsgAAAgQFtAEDAwUBAQgKH2UQkAAAAAAEAgAA"}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1240,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056233602,"flow_src_last_pkt_time":1484319056233602,"flow_dst_last_pkt_time":1484319056233602,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056233602,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1484319056233602,"flow_dst_last_pkt_time":1484319056233602,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319056233602,"pkt":"gCqoTGHM5JjWH70UCABFAABACXBAAEAGTBbAqAEHF\/YLjc+6AFDVkM0AAAAAALAC\/\/+vNgAAAgQFtAEDAwUBAQgKH2UQkwAAAAAEAgAA"}
-00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1241,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056210218,"flow_dst_last_pkt_time":1484319056234132,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056234132,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWnIX9guFwKgBBwBQz7VYH\/mqo2YY4KAS\/\/\/lFwAAAgQFtAEDAwkEAggKL5BAHx9lEIE="}
-00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1242,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056214323,"flow_dst_last_pkt_time":1484319056234316,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056234316,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7YrOmTYQ6xk+6AS\/\/\/4+gAAAgQFtAEDAwkEAggKJ9gJPh9lEIU="}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1243,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056234960,"flow_src_last_pkt_time":1484319056234960,"flow_dst_last_pkt_time":1484319056234960,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056234960,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1484319056234960,"flow_dst_last_pkt_time":1484319056234960,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319056234960,"pkt":"gCqoTGHM5JjWH70UCABFAABATZFAAEAGB\/XAqAEHF\/YLjc+7AFDfu3VVAAAAALAC\/\/\/8sgAAAgQFtAEDAwUBAQgKH2UQlgAAAAAEAgAA"}
-00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1244,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056235335,"flow_dst_last_pkt_time":1484319056234132,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056235335,"pkt":"gCqoTGHM5JjWH70UCABFAAA09NVAAEAGYMTAqAEHF\/YLhc+1AFCjZhjgWB\/5q4AQEBUDvAAAAQEICh9lEJYvkEAf"}
-00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1245,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056236474,"flow_dst_last_pkt_time":1484319056234316,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056236474,"pkt":"gCqoTGHM5JjWH70UCABFAAA0j6xAAEAGxeXAqAEHF\/YLjc+2AFBDrGT7Kzpk2YAQEBUXoQAAAQEICh9lEJgn2Ak+"}
-00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1246,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056221799,"flow_dst_last_pkt_time":1484319056237886,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056237886,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7dWBL6lu6spYaAS\/\/\/t4QAAAgQFtAEDAwkEAggKuIfCpR9lEIk="}
-00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056241221,"flow_dst_last_pkt_time":1484319056237886,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056241221,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Xt9AAEAG9rLAqAEHF\/YLjc+3AFC7qylhVgS+poAQEBUMigAAAQEICh9lEJq4h8Kl"}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056241489,"flow_src_last_pkt_time":1484319056241489,"flow_dst_last_pkt_time":1484319056241489,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056241489,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1484319056241489,"flow_dst_last_pkt_time":1484319056241489,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319056241489,"pkt":"gCqoTGHM5JjWH70UCABFAABAWzRAAEAG+lHAqAEHF\/YLjc+8AFAt4\/K3AAAAALAC\/\/8xJAAAAgQFtAEDAwUBAQgKH2UQmgAAAAAEAgAA"}
-00990{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056241806,"flow_dst_last_pkt_time":1484319056234316,"flow_idle_time":3285032704,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"thread_ts_usec":1484319056241806,"pkt":"gCqoTGHM5JjWH70UCABFAAGaBJdAAEAGT5XAqAEHF\/YLjc+2AFBDrGT7Kzpk2YAYEBUtTQAAAQEICh9lEJsn2Ak+R0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFKcG1RSVJla0dMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhydm5sSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PW1RZk9mOTAtUlkyR2QyaWkyMEtKcENjWVFWayZyYW5kb209MTM0NTY0NjIyOSBIVFRQLzEuMQ0KSG9zdDogMjMuMjQ2LjExLjE0MQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZSwgZ3ppcA0KVXNlci1BZ2VudDogbmV0ZmxpeC1pb3MtYXBwDQoNCg=="}
-01394{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1249,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056214323,"flow_src_last_pkt_time":1484319056241806,"flow_dst_last_pkt_time":1484319056234316,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056241806,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJpmQIRekGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThrvnlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=mQfOf90-RY2Gd2ii20KJpCcYQVk&random=1345646229","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
-00987{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056253583,"flow_dst_last_pkt_time":1484319056234132,"flow_idle_time":3285032704,"pkt_caplen":423,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":423,"pkt_l4_len":389,"thread_ts_usec":1484319056253583,"pkt":"gCqoTGHM5JjWH70UCABFAAGZsodAAEAGoa3AqAEHF\/YLhc+1AFCjZhjgWB\/5q4AYEBXhqgAAAQEICh9lEJsvkEAfR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMW91VmFKWjJiTEJDaEdMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwX25nSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PVNpeEtRbUxMSk52U2hqLXBmTUwtMmg0UWFxUSZyYW5kb209NzI3NjY2MTA0IEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTMzDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlLCBnemlwDQpVc2VyLUFnZW50OiBuZXRmbGl4LWlvcy1hcHANCg0K"}
-01393{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056210218,"flow_src_last_pkt_time":1484319056253583,"flow_dst_last_pkt_time":1484319056234132,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056253583,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.133","http": {"url":"23.246.11.133\/range\/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666104","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1251,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056264215,"flow_src_last_pkt_time":1484319056264215,"flow_dst_last_pkt_time":1484319056264215,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056264215,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1484319056264215,"flow_dst_last_pkt_time":1484319056264215,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319056264215,"pkt":"gCqoTGHM5JjWH70UCABFAABAgCRAAEAG1WHAqAEHF\/YLjc+9AFCAerrsAAAAALAC\/\/8WUwAAAgQFtAEDAwUBAQgKH2UQngAAAAAEAgAA"}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1252,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056264541,"flow_src_last_pkt_time":1484319056264541,"flow_dst_last_pkt_time":1484319056264541,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056264541,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1252,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1484319056264541,"flow_dst_last_pkt_time":1484319056264541,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319056264541,"pkt":"gCqoTGHM5JjWH70UCABFAABA6tRAAEAGarHAqAEHF\/YLjc++AFBtOQm6AAAAALAC\/\/\/axQAAAgQFtAEDAwUBAQgKH2UQngAAAAAEAgAA"}
-00986{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1253,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056264843,"flow_dst_last_pkt_time":1484319056237886,"flow_idle_time":3285032704,"pkt_caplen":423,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":423,"pkt_l4_len":389,"thread_ts_usec":1484319056264843,"pkt":"gCqoTGHM5JjWH70UCABFAAGZg0NAAEAG0OnAqAEHF\/YLjc+3AFC7qylhVgS+poAYEBUzwQAAAQEICh9lEJ64h8KlR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFKSjJUTGh1aUdMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwUDdsSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PURoMjc4dTJVcEFwT0NHVWo1UnhWOGF6TldYOCZyYW5kb209MzIzNzY1OTUwIEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTQxDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlLCBnemlwDQpVc2VyLUFnZW50OiBuZXRmbGl4LWlvcy1hcHANCg0K"}
-01393{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1253,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056221799,"flow_src_last_pkt_time":1484319056264843,"flow_dst_last_pkt_time":1484319056237886,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056264843,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765950","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
-01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1254,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056222173,"flow_dst_last_pkt_time":1484319056276003,"flow_idle_time":3285032704,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1484319056276003,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWHQX9guFwKgBBwBQz7RnATKW8McLfYAQCAIfuQAAAQEICjVpj8IfZRCKSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogVGh1LCAwNiBBdWcgMjAxNSAwODo0OTozMiBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0xMDQzNTI1NDU2O2gxPTM4NjQ4OTgwMTg7aDI9MjgzOTU3NTcwNDtoMz0yMjk3OTE3MjM0O2g0PTEzMDQzMDA3NDsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE3MjthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
-00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1255,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056234960,"flow_dst_last_pkt_time":1484319056276405,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056276405,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7vga1YT37t1VqAS\/\/\/ATQAAAgQFtAEDAwkEAggKs1tjeh9lEJY="}
-00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1256,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056232857,"flow_dst_last_pkt_time":1484319056276713,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056276713,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7h\/u26MapfAlqAS\/\/8KPAAAAgQFtAEDAwkEAggKFFAqwB9lEIw="}
-00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1257,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056233602,"flow_dst_last_pkt_time":1484319056276849,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056276849,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7qJ1p961ZDNAaAS\/\/87aAAAAgQFtAEDAwkEAggKTYEN7B9lEJM="}
-00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1258,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056233255,"flow_dst_last_pkt_time":1484319056276985,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056276985,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7nPaH08TBX1BaAS\/\/\/55gAAAgQFtAEDAwkEAggKNK+mZh9lEJA="}
-00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1261,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056278412,"flow_dst_last_pkt_time":1484319056276405,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056278412,"pkt":"gCqoTGHM5JjWH70UCABFAAA0QtJAAEAGEsDAqAEHF\/YLjc+7AFDfu3VW4GtWFIAQEBXe3gAAAQEICh9lEL6zW2N6"}
-00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1262,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056278683,"flow_dst_last_pkt_time":1484319056276713,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056278683,"pkt":"gCqoTGHM5JjWH70UCABFAAA0gLJAAEAG1N\/AqAEHF\/YLjc+4AFBql8CWf7tujYAQEBUowwAAAQEICh9lEL4UUCrA"}
-00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1263,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056278896,"flow_dst_last_pkt_time":1484319056276849,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056278896,"pkt":"gCqoTGHM5JjWH70UCABFAAA0s8BAAEAGodHAqAEHF\/YLjc+6AFDVkM0Bidafe4AQEBVZ9gAAAQEICh9lEL5NgQ3s"}
-00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1264,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056279100,"flow_dst_last_pkt_time":1484319056276985,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056279100,"pkt":"gCqoTGHM5JjWH70UCABFAAA0AZpAAEAGU\/jAqAEHF\/YLjc+5AFBMFfUFz2h9PYAQEBUYcgAAAQEICh9lEL40r6Zm"}
-00990{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056281344,"flow_dst_last_pkt_time":1484319056276405,"flow_idle_time":3285032704,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"thread_ts_usec":1484319056281344,"pkt":"gCqoTGHM5JjWH70UCABFAAGaF7lAAEAGPHPAqAEHF\/YLjc+7AFDfu3VW4GtWFIAYEBXHgQAAAQEICh9lEMGzW2N6R0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFKSmlYTEJ1Z0dMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwUGZsSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PUpxVGcwTmlBTkluNC1hUnduM3VLdFdkb1E3TSZyYW5kb209MTE0ODk3MDExNSBIVFRQLzEuMQ0KSG9zdDogMjMuMjQ2LjExLjE0MQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZSwgZ3ppcA0KVXNlci1BZ2VudDogbmV0ZmxpeC1pb3MtYXBwDQoNCg=="}
-01394{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1266,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056234960,"flow_src_last_pkt_time":1484319056281344,"flow_dst_last_pkt_time":1484319056276405,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056281344,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=1148970115","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
-00986{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056292083,"flow_dst_last_pkt_time":1484319056276849,"flow_idle_time":3285032704,"pkt_caplen":423,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":423,"pkt_l4_len":389,"thread_ts_usec":1484319056292083,"pkt":"gCqoTGHM5JjWH70UCABFAAGZMGVAAEAGI8jAqAEHF\/YLjc+6AFDVkM0Bidafe4AYEBWjdwAAAQEICh9lEMFNgQ3sR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFKSm1VTFJhakdMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwZmJsSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PXplenJESkRRdmdPMlRpWUMxZFQzaW1INFFDOCZyYW5kb209MTY5NDY3MzA0IEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTQxDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlLCBnemlwDQpVc2VyLUFnZW50OiBuZXRmbGl4LWlvcy1hcHANCg0K"}
-01393{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056233602,"flow_src_last_pkt_time":1484319056292083,"flow_dst_last_pkt_time":1484319056276849,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056292083,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJmULRajGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpfblHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=zezrDJDQvgO2TiYC1dT3imH4QC8&random=169467304","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
-00990{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1268,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056292112,"flow_dst_last_pkt_time":1484319056276713,"flow_idle_time":3285032704,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"thread_ts_usec":1484319056292112,"pkt":"gCqoTGHM5JjWH70UCABFAAGa65tAAEAGaJDAqAEHF\/YLjc+4AFBql8CWf7tujYAYEBXPLgAAAQEICh9lEMQUUCrAR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFKSnFUSVJxaEdMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwX3ZsSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PVRuUDU5SkIxd2I1VVRPQ3IwbS1LUVUya0dQbyZyYW5kb209NDEzNDczMTQwMCBIVFRQLzEuMQ0KSG9zdDogMjMuMjQ2LjExLjE0MQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZSwgZ3ppcA0KVXNlci1BZ2VudDogbmV0ZmxpeC1pb3MtYXBwDQoNCg=="}
-01394{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1268,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056232857,"flow_src_last_pkt_time":1484319056292112,"flow_dst_last_pkt_time":1484319056276713,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056292112,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo&random=4134731400","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
-00991{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1269,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056302728,"flow_dst_last_pkt_time":1484319056276985,"flow_idle_time":3285032704,"pkt_caplen":426,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":426,"pkt_l4_len":392,"thread_ts_usec":1484319056302728,"pkt":"gCqoTGHM5JjWH70UCABFAAGcdGpAAEAG37\/AqAEHF\/YLjc+5AFBMFfUFz2h9PYAYEBXR6AAAAQEICh9lEMQ0r6ZmR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFJcHlUSUJHakdMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwX2JpQ0ZyVWpIV3FoNWlwUUN0emY0T1ZXUSZ2PTMmZT0xNDg0MzQ3ODUwJnQ9OFo3OHZMMmk5T3ppaENBM00xTGluTVljTVk0JnJhbmRvbT0yMzg2NDc1ODM2IEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTQxDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlLCBnemlwDQpVc2VyLUFnZW50OiBuZXRmbGl4LWlvcy1hcHANCg0K"}
-01396{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1269,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056233255,"flow_src_last_pkt_time":1484319056302728,"flow_dst_last_pkt_time":1484319056276985,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056302728,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQIpyTIBGjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_biCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=8Z78vL2i9OzihCA3M1LinMYcMY4&random=2386475836","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
-00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1270,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056241489,"flow_dst_last_pkt_time":1484319056303302,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056303302,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7wVYmHmLePyuKAS\/\/9RBgAAAgQFtAEDAwkEAggKED1piB9lEJo="}
-01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056241806,"flow_dst_last_pkt_time":1484319056303461,"flow_idle_time":3285032704,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1484319056303461,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWGwX9guNwKgBBwBQz7YrOmTZQ6xmYYAQCAKWwQAAAQEICifYCWMfZRCbSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNSBGZWIgMjAxNiAxMDo0OTozNCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0xNDM0ODQ5OTY5O2gxPTE2NzkwMzAyNTk7aDI9ODg3ODQzMjA4O2gzPTQwODQyNzcyNzc7aDQ9MzEyNzQ2MDg0NDsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE3NDthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
-01202{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056253583,"flow_dst_last_pkt_time":1484319056306671,"flow_idle_time":3285032704,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1484319056306671,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWHQX9guFwKgBBwBQz7VYH\/mro2YaRYAQCAIXVAAAAQEICi+QQFUfZRCbSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogVGh1LCAwNiBBdWcgMjAxNSAwODo0OTo0MiBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0yMTUyNDYxMTY7aDE9MTQwNDMyNTczMztoMj0xNTU5ODI2NzA0O2gzPTE3MDc5MDAxNTQ7aDQ9MTEwODczNTEzNzsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE3MzthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
-00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056313756,"flow_dst_last_pkt_time":1484319056303302,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056313756,"pkt":"gCqoTGHM5JjWH70UCABFAAA0DEJAAEAGSVDAqAEHF\/YLjc+8AFAt4\/K4FWJh54AQEBVvgQAAAQEICh9lENgQPWmI"}
-00991{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1277,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056314229,"flow_dst_last_pkt_time":1484319056303302,"flow_idle_time":3285032704,"pkt_caplen":426,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":426,"pkt_l4_len":392,"thread_ts_usec":1484319056314229,"pkt":"gCqoTGHM5JjWH70UCABFAAGcJw9AAEAGLRvAqAEHF\/YLjc+8AFAt4\/K4FWJh54AYEBUJcgAAAQEICh9lENoQPWmIR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFKNXlUTEJDa0dMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwXzNtQ0ZyVWpIV3FoNWlwUUN0emY0T1ZXUSZ2PTMmZT0xNDg0MzQ3ODUwJnQ9cjVqdG5uRWNSOGhEQ2tQSW1mRWlXcVdBaktrJnJhbmRvbT0xODQ2MjM0NTI0IEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTQxDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlLCBnemlwDQpVc2VyLUFnZW50OiBuZXRmbGl4LWlvcy1hcHANCg0K"}
-01396{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1277,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056241489,"flow_src_last_pkt_time":1484319056314229,"flow_dst_last_pkt_time":1484319056303302,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056314229,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJ5yTLBCkGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_3mCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=r5jtnnEcR8hDCkPImfEiWqWAjKk&random=1846234524","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
-00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1279,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056264215,"flow_dst_last_pkt_time":1484319056326114,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056326114,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz72N4Tx+gHq67aAS\/\/8YZwAAAgQFtAEDAwkEAggKc9HQqh9lEJ4="}
-00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1280,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056264541,"flow_dst_last_pkt_time":1484319056326288,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056326288,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz749DprObTkJu6AS\/\/9Z3AAAAgQFtAEDAwkEAggKxO\/1DB9lEJ4="}
-01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1281,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056264843,"flow_dst_last_pkt_time":1484319056326471,"flow_idle_time":3285032704,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1484319056326471,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWGwX9guNwKgBBwBQz7dWBL6mu6sqxoAQCAIAPQAAAQEICriHwtgfZRCeSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMDo1OTo1NyBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0zNDEyNDEzNzk2O2gxPTM3MjM0NTkzOTc7aDI9MjEyNTU1Njc3MztoMz0yNTE0MzMyMzA5O2g0PTMwNjc0Mzg0NzsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE3NTthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
-00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056327250,"flow_dst_last_pkt_time":1484319056326114,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056327250,"pkt":"gCqoTGHM5JjWH70UCABFAAA0BrtAAEAGTtfAqAEHF\/YLjc+9AFCAerrtjeE8f4AQEBU20gAAAQEICh9lEOxz0dCq"}
-00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1283,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056327623,"flow_dst_last_pkt_time":1484319056326288,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056327623,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Fj1AAEAGP1XAqAEHF\/YLjc++AFBtOQm7PQ6az4AQEBV4RwAAAQEICh9lEOzE7\/UM"}
-00990{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1285,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056336202,"flow_dst_last_pkt_time":1484319056326114,"flow_idle_time":3285032704,"pkt_caplen":425,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":425,"pkt_l4_len":391,"thread_ts_usec":1484319056336202,"pkt":"gCqoTGHM5JjWH70UCABFAAGbxNdAAEAGj1PAqAEHF\/YLjc+9AFCAerrtjeE8f4AYEBVqrAAAAQEICh9lEO5z0dCqR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFMSjJUSUJlcEdMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwUGJpQ0ZyVWpIV3FoNWlwUUN0emY0T1ZXUSZ2PTMmZT0xNDg0MzQ3ODUwJnQ9dFRYdTNjNkZuSnRmaTZ6MElKcDNodzhlRHY4JnJhbmRvbT0xMjk0NTQwNzYgSFRUUC8xLjENCkhvc3Q6IDIzLjI0Ni4xMS4xNDENCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGRlZmxhdGUsIGd6aXANClVzZXItQWdlbnQ6IG5ldGZsaXgtaW9zLWFwcA0KDQo="}
-01395{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1285,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056264215,"flow_src_last_pkt_time":1484319056336202,"flow_dst_last_pkt_time":1484319056326114,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":359,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056336202,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=129454076","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
-00991{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1286,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056347066,"flow_dst_last_pkt_time":1484319056326288,"flow_idle_time":3285032704,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"thread_ts_usec":1484319056347066,"pkt":"gCqoTGHM5JjWH70UCABFAAGazfdAAEAGhjTAqAEHF\/YLjc++AFBtOQm7PQ6az4AYEBVtUQAAAQEICh9lEPDE7\/UMR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFKWjJWS2hxZ0dMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhvX2ZsSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PUxRN0x5WFNuWmFYS0VIQUhhUlJIay1TN2RLRSZyYW5kb209NDIwOTgxMDYzMyBIVFRQLzEuMQ0KSG9zdDogMjMuMjQ2LjExLjE0MQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZSwgZ3ppcA0KVXNlci1BZ2VudDogbmV0ZmxpeC1pb3MtYXBwDQoNCg=="}
-01394{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1286,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056264541,"flow_src_last_pkt_time":1484319056347066,"flow_dst_last_pkt_time":1484319056326288,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056347066,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=4209810633","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
-01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1288,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056281344,"flow_dst_last_pkt_time":1484319056358487,"flow_idle_time":3285032704,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1484319056358487,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWGwX9guNwKgBBwBQz7vga1YU37t2vIAQCAIEZwAAAQEICrNbY8AfZRDBSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMTowMTozMCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0yODYxMDQyNzU7aDE9MjM5MzA0NTg0MTtoMj00MDM0NTM4MzEwO2gzPTE2NTY5NTYxMjI7aDQ9MjQ5OTU3MjMyOTsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE3OTthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
-01203{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056292112,"flow_dst_last_pkt_time":1484319056365336,"flow_idle_time":3285032704,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319056365336,"pkt":"5JjWH70UgCqoTGHMCABFIAI5AABAADsGWG0X9guNwKgBBwBQz7h\/u26NapfB\/IAQCALntAAAAQEIChRQKwcfZRDESFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMDo1ODozOCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0yNTI3ODc2NzIzO2gxPTE4NTMxMDM2MDtoMj0yNjI2NDM0MjQ5O2gzPTc4MTUxOTY2NTtoND0zNzg0NDkyNzc5Ow0KWC1TZXNzaW9uLUluZm86IGFkZHI9NzMuMjAzLjEwNy4yMztwb3J0PTUzMTc2O2FyZ3A9Ni5zTmMwRFhTZjhUSEUzZjR5OFZ1TmxrVEhMc0VuUTFDS2NrQzd1c3cydmJBDQoNCg=="}
-01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1294,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056292083,"flow_dst_last_pkt_time":1484319056383550,"flow_idle_time":3285032704,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1484319056383550,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWGwX9guNwKgBBwBQz7qJ1p971ZDOZoAQCAJWkwAAAQEICk2BDjMfZRDBSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMDo1ODoyNSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0xMjIzMjI1NzE4O2gxPTIwMzYxMjM3NjI7aDI9MzY2MTI5NzM1NztoMz0xNTYzOTQ3OTU4O2g0PTg2NjYyMTEyMzsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE3ODthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
-01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056302728,"flow_dst_last_pkt_time":1484319056401774,"flow_idle_time":3285032704,"pkt_caplen":585,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":585,"pkt_l4_len":551,"thread_ts_usec":1484319056401774,"pkt":"5JjWH70UgCqoTGHMCABFIAI7AABAADsGWGsX9guNwKgBBwBQz7nPaH09TBX2bYAQCAIuwwAAAQEICjSvprMfZRDESFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMTowMToxMiBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0xNDIzMTMyNTA5O2gxPTEzMzc4NDc0ODI7aDI9MTgyMzk5NjUyNjtoMz0zMDE5NjA2NjE3O2g0PTQxMDM4MzQ5NjY7DQpYLVNlc3Npb24tSW5mbzogYWRkcj03My4yMDMuMTA3LjIzO3BvcnQ9NTMxNzc7YXJncD02LnNOYzBEWFNmOFRIRTNmNHk4VnVObGtUSExzRW5RMUNLY2tDN3VzdzJ2YkENCg0K"}
-01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1302,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056314229,"flow_dst_last_pkt_time":1484319056438162,"flow_idle_time":3285032704,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1484319056438162,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWGwX9guNwKgBBwBQz7wVYmHnLeP0IIAQCAJc5wAAAQEIChA9adofZRDaSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogU3VuLCAyNSBTZXAgMjAxNiAxMDozMzo0MCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0yMDc1MzA1ODc2O2gxPTE4NjI3MjU3Nzk7aDI9Mjg3NzM5ODUyMjtoMz0yODE2OTEyNTI1O2g0PTE5OTg1MTYxNjsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE4MDthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
-01202{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1306,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056336202,"flow_dst_last_pkt_time":1484319056481232,"flow_idle_time":3285032704,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319056481232,"pkt":"5JjWH70UgCqoTGHMCABFIAI5AABAADsGWG0X9guNwKgBBwBQz72N4Tx\/gHq8VIAQCAJ0XQAAAQEICnPR0PkfZRDuSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMDo1NzoxMyBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0zMTQ0MzE0NDtoMT0zNzA4MzgzMjg3O2gyPTM4ODgxMTQyNjc7aDM9MjMzMzc4ODI2NztoND0xODYyMzgzNDIyOw0KWC1TZXNzaW9uLUluZm86IGFkZHI9NzMuMjAzLjEwNy4yMztwb3J0PTUzMTgxO2FyZ3A9Ni5zTmMwRFhTZjhUSEUzZjR5OFZ1TmxrVEhMc0VuUTFDS2NrQzd1c3cydmJBDQoNCg=="}
-01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1309,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056347066,"flow_dst_last_pkt_time":1484319056498941,"flow_idle_time":3285032704,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1484319056498941,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWGwX9guNwKgBBwBQz749DprPbTkLIYAQCAICSgAAAQEICsTv9WUfZRDwSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMDo1NjowNSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0yMTI4ODE4ODczO2gxPTQxNDYxMDk3OTg7aDI9NDY4ODMxMDcxO2gzPTE2MDgwNTYwNzc7aDQ9NDI2NDEzMTg0MDsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE4MjthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
-02317{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1458,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056241489,"flow_src_last_pkt_time":1484319059351882,"flow_dst_last_pkt_time":1484319059371795,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319059371795,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":394,"avg":201312.9,"max":2097549,"stddev":403399.4,"var":162731114496.0,"ent":3.6,"data": [61813,72267,473,134860,394,125851,1162295,73601,899,212949,11519,409208,101075,1892,70852,2097549,79500,52131,129820,120649,42895,59919,67076,69354,174355,284029,29385,65003,252681,150502,125903]},"pktlen": {"min":52,"avg":493.7,"max":1500,"stddev":638.1,"var":407212.3,"ent":3.9,"data": [64,60,52,412,570,1500,52,80,80,80,80,80,80,64,64,52,1500,52,1500,52,1500,1500,52,1500,52,1500,64,52,52,1500,52,1500]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,1,0,1,0,0,0,1,0,1],"entropies": [4.601409912,5.346035957,5.041505337,6.346901894,5.793770790,4.440931797,5.065449238,5.202858448,5.202857018,5.262294292,5.341651440,5.366651535,5.317899227,5.165874004,5.228374004,5.195351601,4.782721043,5.156889915,4.790072441,5.101186275,4.825405598,4.817777157,5.233812809,4.752513409,5.024262905,4.806689262,5.165874004,5.195351124,5.195351124,4.632717133,5.024262905,4.635102272]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-02320{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1536,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1484319056233255,"flow_src_last_pkt_time":1484319060551613,"flow_dst_last_pkt_time":1484319060618267,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":13563,"midstream":0,"thread_ts_usec":1484319060618267,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":135,"avg":280753.9,"max":1046959,"stddev":300914.6,"var":90549583872.0,"ent":4.2,"data": [43730,45845,23628,124789,4917,111637,635898,176069,176,135,41643,37401,940199,857,45449,434520,483806,1046959,74656,202356,418896,472205,955340,169880,525271,694311,167240,252312,98045,326303,148897]},"pktlen": {"min":52,"avg":490.1,"max":1500,"stddev":638.9,"var":408170.9,"ent":3.9,"data": [64,60,52,412,571,1500,52,72,72,64,64,64,52,88,1476,52,52,52,1500,1500,52,52,52,1500,52,52,1500,52,1500,1500,52,1500]},"bins": {"c_to_s": [19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,8,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,0,1,1,0,1],"entropies": [4.527114868,5.312702179,5.003043652,6.355251789,5.803568363,4.440690517,5.118427753,5.277718067,5.249940395,5.146419048,5.208919048,5.134624004,5.056021690,4.908463001,4.253908634,5.156889915,5.156889439,5.118427753,4.918218613,4.902011871,5.000318050,5.118427753,5.118427753,4.876659870,4.985801220,5.017560482,4.758782864,4.961856365,4.610503674,4.658255100,5.118427753,4.789437294]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-02327{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1539,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1484319056221799,"flow_src_last_pkt_time":1484319060594060,"flow_dst_last_pkt_time":1484319060664663,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":14998,"midstream":0,"thread_ts_usec":1484319060664663,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":569,"avg":284358.9,"max":1636184,"stddev":362564.9,"var":131453321216.0,"ent":4.0,"data": [16087,19422,23622,88585,4002,82236,1105315,26930,21843,19608,569,13093,381586,1636184,66410,119030,421421,408128,882662,90167,143374,490378,519431,92259,120978,487097,597701,217631,227512,270000,221864]},"pktlen": {"min":52,"avg":536.6,"max":1500,"stddev":657.9,"var":432827.8,"ent":3.9,"data": [64,60,52,409,570,1500,52,72,72,72,64,64,64,64,1500,1500,52,64,52,1500,1500,52,52,1500,1500,52,52,1500,52,1500,64,1500]},"bins": {"c_to_s": [19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1],"entropies": [4.538909912,5.333454132,5.142372608,6.390935421,5.823237419,4.453172207,5.118427753,5.333272934,5.385473251,5.387441158,5.216578960,5.208919048,5.216578960,5.228374004,3.805912256,4.418298721,5.156889915,5.072124004,5.233813286,4.401393414,4.419836998,5.233812809,5.195351124,4.383244514,4.387027740,5.233812809,5.209868431,4.311857224,5.000318527,4.386717796,5.240169048,4.585660934]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-02340{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1545,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319056210218,"flow_src_last_pkt_time":1484319060695068,"flow_dst_last_pkt_time":1484319060746254,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":20790,"midstream":0,"thread_ts_usec":1484319060746254,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4949,"avg":290996.3,"max":1397235,"stddev":314333.5,"var":98805530624.0,"ent":4.2,"data": [23914,25117,18248,72539,4949,71292,152183,249467,985618,26703,1397235,519076,299466,499851,482346,40528,55620,206768,137068,537495,535230,174291,571825,775969,198842,230534,89909,283953,128056,116304,110490]},"pktlen": {"min":52,"avg":716.2,"max":1500,"stddev":699.0,"var":488561.8,"ent":4.2,"data": [64,60,52,409,570,1500,52,1500,52,80,80,1500,72,1500,64,1500,1500,1500,52,1500,52,1500,52,52,1500,52,1500,1500,52,1500,52,1500]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,0,1,0,1,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,1],"entropies": [4.601409912,5.266787052,5.036415577,6.391139984,5.809580326,4.456539154,5.041504860,4.186237812,4.961856842,5.322779179,5.322779179,4.373055458,5.331886292,4.362320423,5.228374004,4.324150085,4.463343143,4.271175385,5.118428230,4.316685200,5.142372608,4.338371277,5.077241421,5.195351124,4.538278103,5.038779736,4.711270332,4.737337112,5.079966545,4.685406208,5.233812809,4.710971355]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-02322{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1562,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056264541,"flow_src_last_pkt_time":1484319060916913,"flow_dst_last_pkt_time":1484319060915445,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319060916913,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":342,"avg":300105.7,"max":2716440,"stddev":539188.2,"var":290723889152.0,"ent":3.6,"data": [61747,63082,19443,172653,342,153906,1162512,94154,1429,12319,104280,65945,674747,41474,39967,488929,2716440,44869,75746,28743,32797,29468,133613,256105,742961,71312,1131465,569658,135441,73631,104098]},"pktlen": {"min":52,"avg":492.6,"max":1500,"stddev":638.8,"var":408052.9,"ent":3.9,"data": [64,60,52,410,570,1500,52,80,72,72,72,72,72,72,64,52,52,1500,1500,52,1500,52,1500,52,1500,64,52,1500,52,1500,1500,52]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,1,0,1,0,0,1,0,1,1,0],"entropies": [4.601409912,5.379369259,5.103910923,6.382707119,5.801897049,4.439589024,5.156889439,5.282214642,5.359663963,5.304108143,5.359663963,5.304108143,5.263877869,5.293623924,5.290874004,5.156889915,5.038779736,4.572134495,4.543495178,5.115703106,4.553971767,4.993616104,4.540792465,4.955154419,4.553669930,5.177669048,5.079966545,4.316857815,4.961856842,4.387219906,4.488969326,5.079966545]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-02317{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1566,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1484319056214323,"flow_src_last_pkt_time":1484319060947278,"flow_dst_last_pkt_time":1484319060861747,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":12102,"midstream":0,"thread_ts_usec":1484319060947278,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":137,"avg":302592.9,"max":3094333,"stddev":556136.4,"var":309287714816.0,"ent":3.7,"data": [19993,22151,5332,69145,137,72224,626011,606979,26604,520264,51479,55493,593239,41657,80288,418048,3094333,65564,425655,469983,40810,84995,52141,54303,117697,383081,387305,709380,53664,73805,158619]},"pktlen": {"min":52,"avg":447.8,"max":1500,"stddev":616.5,"var":380048.7,"ent":3.8,"data": [64,60,52,410,570,1500,52,72,72,72,72,64,64,72,64,52,52,1500,64,64,1500,1500,52,1500,52,1500,52,64,1500,64,1500,52]},"bins": {"c_to_s": [21,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,1,0,1,0,0,1,0,1,0],"entropies": [4.538909912,5.312702179,5.065449715,6.359480381,5.816523552,4.445319176,5.065449238,5.277717590,5.387441635,5.387441635,5.248553276,5.259624004,5.228374004,5.331886292,5.259624004,5.272274494,5.115703106,4.653451920,5.163660049,5.185328960,4.692939758,4.660350800,5.065449715,4.689436913,5.077241898,4.606202602,5.156889439,5.290874004,4.357360840,5.290874004,4.495481014,5.233812809]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-02314{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1585,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1484319056264215,"flow_src_last_pkt_time":1484319061168059,"flow_dst_last_pkt_time":1484319060482194,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":359,"flow_dst_tot_l4_payload_len":12101,"midstream":0,"thread_ts_usec":1484319061168059,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":266,"avg":294252.3,"max":2608516,"stddev":529173.0,"var":280024055808.0,"ent":3.5,"data": [61899,63035,8952,155118,266,150147,1152400,92133,498,591361,113696,141666,52293,522,39853,381137,2608516,28241,68204,27169,29555,26620,56459,81742,44814,43749,497350,496550,1208877,807442,91559]},"pktlen": {"min":52,"avg":449.2,"max":1500,"stddev":615.6,"var":378913.2,"ent":3.8,"data": [64,60,52,411,569,1500,52,80,80,80,80,72,64,64,64,52,64,1500,1500,52,1500,52,1500,1500,52,1500,52,64,52,1500,72,72]},"bins": {"c_to_s": [21,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,1,1,0,1,0,0,0,1,0,0],"entropies": [4.570159912,5.346035480,5.065449715,6.363940239,5.804843426,4.442625046,5.142372608,5.362294197,5.337294102,5.312294006,5.287294388,5.333272934,5.197124004,5.240169048,5.240169048,5.156889439,5.152518272,4.990313053,4.973003864,5.195351124,4.964061737,5.000318050,4.996945381,4.996238232,5.156889439,4.959667683,5.038779736,5.146419048,5.003043175,4.680668831,5.247971535,5.333272934]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-02317{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1592,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056204111,"flow_src_last_pkt_time":1484319061128980,"flow_dst_last_pkt_time":1484319061270358,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319061270358,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":79,"avg":322294.1,"max":3064500,"stddev":576519.8,"var":332375130112.0,"ent":3.6,"data": [11668,15660,2402,60224,1206,79,57126,107813,316921,313910,536684,811161,71198,122498,693690,84709,585634,3064500,52838,57895,98411,231468,526235,115101,671,585669,117652,1178873,25807,79129,64284]},"pktlen": {"min":52,"avg":495.0,"max":1500,"stddev":637.2,"var":406023.8,"ent":3.9,"data": [64,60,52,410,570,1500,1500,52,52,1500,52,80,80,80,80,72,64,72,1500,72,1500,64,1500,80,64,52,64,52,1500,52,1500,1500]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,0,0,0,1,0,1,0,1,0,0,0,0,0,1,0,1,1],"entropies": [4.507659912,5.233454227,4.964581966,6.333802700,5.821110249,4.461877346,4.201263905,5.132945538,5.014835358,3.777186632,4.976373672,5.144669533,5.135233879,5.169670582,5.169669628,5.192996979,5.140319824,5.248552799,4.282153130,5.248552322,4.242815018,4.995864868,4.290421486,5.085232735,5.140319824,5.132945538,5.140319824,5.056022167,4.478749752,5.053297043,4.467899799,4.518882275]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-02324{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1621,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056233602,"flow_src_last_pkt_time":1484319061706774,"flow_dst_last_pkt_time":1484319061794702,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319061794702,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":240,"avg":355944.2,"max":3546297,"stddev":682699.4,"var":466078498816.0,"ent":3.5,"data": [43247,45294,13187,106701,4927,97880,1317695,102059,98186,240,515839,59813,1148424,57207,54890,165165,3546297,68400,92258,155981,131046,69975,95851,103962,104462,205130,729427,91959,551213,1189389,68168]},"pktlen": {"min":52,"avg":493.2,"max":1500,"stddev":638.4,"var":407523.4,"ent":3.9,"data": [64,60,52,409,570,1500,52,80,80,72,72,72,72,72,64,64,52,1500,52,1500,52,1500,1500,52,1500,52,1500,64,52,52,1500,1500]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,1,0,1,0,0,0,1,1],"entropies": [4.515677452,5.333454132,5.041505337,6.377946854,5.816387177,4.450622082,5.118428230,5.366649628,5.366649628,5.359663963,5.333272934,5.387441635,5.387441635,5.293623924,5.290874004,5.322124004,5.272274494,4.440482140,5.209868431,4.489046574,5.014835358,4.480661392,4.471484184,5.233812809,4.471359730,5.062724590,4.458212852,5.290874004,5.233812809,5.000318527,4.395615101,4.444458961]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-02323{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1694,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1484319056234960,"flow_src_last_pkt_time":1484319062638948,"flow_dst_last_pkt_time":1484319062680623,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":14998,"midstream":0,"thread_ts_usec":1484319062680623,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":72,"avg":414504.9,"max":4457097,"stddev":811357.3,"var":658300731392.0,"ent":3.6,"data": [41445,43452,2932,82082,72,78739,1252127,77707,132171,828,525346,100674,510044,513013,40289,4457097,87034,1392951,522404,574888,39602,91204,57625,58127,138968,449063,380142,69915,139503,473414,516793]},"pktlen": {"min":52,"avg":538.1,"max":1500,"stddev":656.8,"var":431419.8,"ent":3.9,"data": [64,60,52,410,570,1500,52,80,80,72,72,72,72,72,64,64,1500,1500,52,52,1500,1500,52,1500,52,1500,52,1500,1500,52,52,1500]},"bins": {"c_to_s": [19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1],"entropies": [4.538909912,5.312702179,5.026988029,6.353898048,5.812767506,4.447575092,5.118428230,5.316649437,5.391650200,5.387441635,5.387441635,5.361050606,5.333272934,5.331886292,5.228374004,5.228374004,4.410194397,4.460495949,5.079966545,5.195351124,4.415517807,4.454523087,5.195351601,4.441005707,5.077241421,4.548726559,5.156889915,4.299219608,4.319707394,5.195351601,5.156889439,4.440834999]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-02318{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1725,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1484319056232857,"flow_src_last_pkt_time":1484319062946776,"flow_dst_last_pkt_time":1484319063015567,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":10653,"midstream":0,"thread_ts_usec":1484319063015567,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":682,"avg":435375.1,"max":4431980,"stddev":814478.7,"var":663375511552.0,"ent":3.6,"data": [43856,45826,13429,88623,4898,81946,1250769,92472,118428,682,544165,69196,495457,501654,62886,1143862,28583,39116,4431980,82976,87813,169881,586445,795488,292945,509017,501170,1203523,55860,83014,70669]},"pktlen": {"min":52,"avg":404.2,"max":1500,"stddev":589.2,"var":347103.4,"ent":3.7,"data": [64,60,52,410,569,1500,52,80,80,72,72,72,72,72,64,64,64,64,64,1500,52,1500,64,52,1500,64,52,52,1500,1500,52,1500]},"bins": {"c_to_s": [22,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,1,0,0,0,1,1,0,1],"entropies": [4.570159912,5.166786671,4.974009037,6.366189480,5.841994762,4.452114582,5.079966545,5.252857208,5.332214355,5.359663963,5.387441635,5.293623924,5.359663486,5.276330948,5.290874004,5.144205093,5.290874004,5.259624004,5.154078960,4.322241306,5.038779736,4.343337059,5.163660049,5.156889439,4.373079300,5.208919048,5.180834293,5.195351124,4.324346066,4.345085144,5.195351124,4.404635906]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01983{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1851,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319063959877,"flow_dst_last_pkt_time":1484319064010312,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6334,"flow_dst_tot_l4_payload_len":4142,"midstream":0,"thread_ts_usec":1484319064010312,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":136,"avg":1958267.8,"max":30086001,"stddev":7379834.5,"var":54461959503872.0,"ent":1.1,"data": [47011,48359,1676,53080,2562,989,62283,11050,5991,10798,261,350,60341,3416,50128,4429,893,563,55944,50485,306,42722,3984,5077,5232,136,57719,311,30033380,30086001,822]},"pktlen": {"min":52,"avg":380.0,"max":1500,"stddev":556.9,"var":310128.2,"ent":3.8,"data": [64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1402,1500,1500,52,1500,337,52,52,52,993,112,52,52,52,83,52]},"bins": {"c_to_s": [9,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0],"s_to_c": [9,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,1,1,1,1,1,0,0,0,1,1],"entropies": [4.484876633,5.289900780,5.078045845,5.808425426,5.131024837,7.255376339,7.317865372,5.092562675,6.901146412,5.131024361,6.124006748,5.004364967,6.039024830,5.169486046,6.007705688,5.169486046,7.873569965,7.881214619,7.864243507,5.169486046,7.845795155,7.405421257,5.116507530,5.078045845,5.131024361,7.806305885,6.290623188,5.169486046,5.092563152,5.094483852,5.825018406,5.132945538]}}
-01643{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1851,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319063959877,"flow_dst_last_pkt_time":1484319064010312,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6334,"flow_dst_tot_l4_payload_len":4142,"midstream":0,"thread_ts_usec":1484319064010312,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}}
-00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1907,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064590230,"flow_src_last_pkt_time":1484319064590230,"flow_dst_last_pkt_time":1484319064590230,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064590230,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1907,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1484319064590230,"flow_dst_last_pkt_time":1484319064590230,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319064590230,"pkt":"gCqoTGHM5JjWH70UCABFAABAVptAAEAGBuzAqAEHF\/YDjM+\/AFBrAzOSAAAAALAC\/\/+cMAAAAgQFtAEDAwUBAQgKH2UvkQAAAAAEAgAA"}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1909,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064593980,"flow_src_last_pkt_time":1484319064593980,"flow_dst_last_pkt_time":1484319064593980,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064593980,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1909,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1484319064593980,"flow_dst_last_pkt_time":1484319064593980,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319064593980,"pkt":"gCqoTGHM5JjWH70UCABFAABAVrtAAEAG\/srAqAEHF\/YLjc\/AAFDz13keAAAAALAC\/\/\/FywAAAgQFtAEDAwUBAQgKH2UvkwAAAAAEAgAA"}
-00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1911,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1484319064593980,"flow_dst_last_pkt_time":1484319064620050,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319064620050,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz8BQi7Oi89d5H6AS\/\/+uwwAAAgQFtAEDAwkEAggKYvDA2R9lL5M="}
-00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1912,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1484319064590230,"flow_dst_last_pkt_time":1484319064620707,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319064620707,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADgGZWsX9gOMwKgBBwBQz78\/hnHMawMzk6AS\/\/+duQAAAgQFtAEDAwkEAggKbx\/u9B9lL5E="}
-00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1913,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1484319064621471,"flow_dst_last_pkt_time":1484319064620050,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064621471,"pkt":"gCqoTGHM5JjWH70UCABFAAA0SOFAAEAGDLHAqAEHF\/YLjc\/AAFDz13kfUIuzo4AQEBXNXwAAAQEICh9lL7Bi8MDZ"}
-00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1914,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_src_last_pkt_time":1484319064621745,"flow_dst_last_pkt_time":1484319064620707,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064621745,"pkt":"gCqoTGHM5JjWH70UCABFAAA0y1dAAEAGkjvAqAEHF\/YDjM+\/AFBrAzOTP4ZxzYAQEBW8UwAAAQEICh9lL7BvH+70"}
-01193{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1916,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1484319064624064,"flow_dst_last_pkt_time":1484319064620050,"flow_idle_time":3285032704,"pkt_caplen":575,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":575,"pkt_l4_len":541,"thread_ts_usec":1484319064624064,"pkt":"gCqoTGHM5JjWH70UCABFAAIx\/M5AAEAGVsbAqAEHF\/YLjc\/AAFDz13kfUIuzo4AYEBXADAAAAQEICh9lL7Ji8MDZR0VUIC8\/bz1BUUVmS3Eyb01yTFJpV0wycHVOUUpKcVRJUnFoR0xqU3NldTIzVjJIWDZrSWlVOUpwYkNhQnh4YUlvejIxcVFOS3VEVWFPSVp3ZFRseDIzRE1WeGFiYkN3bXZFbHVpcERXMnR2Rk1saE1SdHdkaGhWbGJ2OUtHRmFiaXU1S0gwU2x4MFZqT0tfd3pUaHBfdmxIaFdBNGtXOWdheVlFV3RqTk5LZSZ2PTMmZT0xNDg0MzQ3ODUwJnQ9VG5QNTlKQjF3YjVVVE9DcjBtLUtRVTJrR1BvIEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTQxDQpYLVBsYXliYWNrLVNlc3Npb24tSWQ6IDQzRERBRkI5LUZFMkYtNEM2RS05QjkxLUFCMERDNDY0ODdBMQ0KUmFuZ2U6IGJ5dGVzPTAtMjA1OA0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IEFwcGxlQ29yZU1lZGlhLzEuMC4wLjE0QzkyIChpUGhvbmU7IFU7IENQVSBPUyAxMF8yIGxpa2UgTWFjIE9TIFg7IGVuX3VzKQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cw0KQWNjZXB0LUVuY29kaW5nOiBpZGVudGl0eQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
-01420{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1916,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064593980,"flow_src_last_pkt_time":1484319064624064,"flow_dst_last_pkt_time":1484319064620050,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":509,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":509,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064624064,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}}
-01188{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1917,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_src_last_pkt_time":1484319064634961,"flow_dst_last_pkt_time":1484319064620707,"flow_idle_time":3285032704,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1484319064634961,"pkt":"gCqoTGHM5JjWH70UCABFAAIt069AAEAGh+rAqAEHF\/YDjM+\/AFBrAzOTP4ZxzYAYEBUSvwAAAQEICh9lL7NvH+70R0VUIC8\/bz1BUUVmS3Eyb01yTFJpV0wtcC1WZUlaNldLUnEtWDZMTXZhTHFneFdCQ3VGYmgwOU1wcmVPUlVVT081VHgxNjgzSFBuTFk2QlBqTl85bWxEdVlpaEdab1h1OXUwb3pIOFJGaW9CTl9KRE5pUnNjaWRqdm9TZFdtbHlaZ1BOYW5zVzBsa0JyNFg4MUh2bG9PaThCU19leFZTUGhNeUpRVEI1Ymcmdj0zJmU9MTQ4NDM0Nzg1MCZ0PS04dTR2bGNQdUZxY09Mbkx5YjlERHRLLWJCNCBIVFRQLzEuMQ0KSG9zdDogMjMuMjQ2LjMuMTQwDQpYLVBsYXliYWNrLVNlc3Npb24tSWQ6IDQzRERBRkI5LUZFMkYtNEM2RS05QjkxLUFCMERDNDY0ODdBMQ0KUmFuZ2U6IGJ5dGVzPTAtODk4DQpBY2NlcHQ6ICovKg0KVXNlci1BZ2VudDogQXBwbGVDb3JlTWVkaWEvMS4wLjAuMTRDOTIgKGlQaG9uZTsgVTsgQ1BVIE9TIDEwXzIgbGlrZSBNYWMgT1MgWDsgZW5fdXMpDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzDQpBY2NlcHQtRW5jb2Rpbmc6IGlkZW50aXR5DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-01415{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1917,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064590230,"flow_src_last_pkt_time":1484319064634961,"flow_dst_last_pkt_time":1484319064620707,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":505,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":505,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064634961,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.3.140","http": {"url":"23.246.3.140\/?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}}
-01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1920,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1484319064624064,"flow_dst_last_pkt_time":1484319064666580,"flow_idle_time":3285032704,"pkt_caplen":635,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":635,"pkt_l4_len":601,"thread_ts_usec":1484319064666580,"pkt":"5JjWH70UgCqoTGHMCABFIAJtAABAADsGWDkX9guNwKgBBwBQz8BQi7Oj89d7HIAQCAKAjwAAAQEICmLwwQkfZS+ySFRUUC8xLjEgMjA2IFBhcnRpYWwgQ29udGVudA0KU2VydmVyOiBuZ2lueA0KRGF0ZTogRnJpLCAxMyBKYW4gMjAxNyAxNDo1MTowNCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMjA1OQ0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMDo1ODozOCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0zODc0NDA1MjkxO2gxPTE2OTUxOTc4MzY7aDI9MzkxNzk2ODQ1MztoMz0xNjgzNjM2NjM2O2g0PTEyNTE5MTU3NTQ7DQpYLVNlc3Npb24tSW5mbzogYWRkcj03My4yMDMuMTA3LjIzO3BvcnQ9NTMxODQ7YXJncD02LnNOYzBEWFNmOFRIRTNmNHk4VnVObGtUSExzRW5RMUNLY2tDN3VzdzJ2YkENCkNvbnRlbnQtUmFuZ2U6IGJ5dGVzIDAtMjA1OC81MTgzODA5MA0KDQo="}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1921,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064669455,"flow_dst_last_pkt_time":1484319064669455,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064669455,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1921,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1484319064669455,"flow_dst_last_pkt_time":1484319064669455,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319064669455,"pkt":"gCqoTGHM5JjWH70UCABFAABAhwJAAEAGqhTAqAEHNr8RM8\/JAbsptVYdAAAAALAC\/\/+MwgAAAgQFtAEDAwUBAQgKH2Uv3QAAAAAEAgAA"}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1922,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064671268,"flow_dst_last_pkt_time":1484319064671268,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064671268,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1922,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1484319064671268,"flow_dst_last_pkt_time":1484319064671268,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319064671268,"pkt":"gCqoTGHM5JjWH70UCABFAABAbOBAAEAGxDbAqAEHNr8RM8\/SAbtTxg2UAAAAALAC\/\/+rMAAAAgQFtAEDAwUBAQgKH2Uv3gAAAAAEAgAA"}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1925,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064683828,"flow_src_last_pkt_time":1484319064683828,"flow_dst_last_pkt_time":1484319064683828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064683828,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1925,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1484319064683828,"flow_dst_last_pkt_time":1484319064683828,"flow_idle_time":200000000,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1484319064683828,"pkt":"gCqoTGHM5JjWH70UCABFAABFcJ0AAP8Rx7HAqAEHwKgBAe4iADUAMSObED0BAAABAAAAAAAAB2ljaG5hZWEDZ2VvB25ldGZsaXgDY29tAAABAAE="}
-01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1925,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064683828,"flow_src_last_pkt_time":1484319064683828,"flow_dst_last_pkt_time":1484319064683828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064683828,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"ichnaea.geo.netflix.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1926,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1484319064634961,"flow_dst_last_pkt_time":1484319064684712,"flow_idle_time":3285032704,"pkt_caplen":632,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":632,"pkt_l4_len":598,"thread_ts_usec":1484319064684712,"pkt":"5JjWH70UgCqoTGHMCABFIAJqAABAADgGYz0X9gOMwKgBBwBQz78\/hnHNawM1jIAQCALNywAAAQEICm8f7y8fZS+zSFRUUC8xLjEgMjA2IFBhcnRpYWwgQ29udGVudA0KU2VydmVyOiBuZ2lueA0KRGF0ZTogRnJpLCAxMyBKYW4gMjAxNyAxNDo1MTowNCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogODk5DQpMYXN0LU1vZGlmaWVkOiBXZWQsIDAyIERlYyAyMDE1IDEzOjA0OjU0IEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tc3RvcmUNClByYWdtYTogbm8tY2FjaGUNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQWNjZXNzLUNvbnRyb2wtRXhwb3NlLUhlYWRlcnM6IFgtVENQLUluZm8sWC1TZXNzaW9uLUluZm8NClgtVENQLUluZm86IGgwPTE4NzYyODM3MjU7aDE9NDA2NDkwMzk0NDtoMj00MDQyNzE1Mjg1O2gzPTU1ODU2Mjg0MztoND0zODg1NTExNTIyOw0KWC1TZXNzaW9uLUluZm86IGFkZHI9NzMuMjAzLjEwNy4yMztwb3J0PTUzMTgzO2FyZ3A9Ni5zTmMwRFhTZjhUSEUzZjR5OFZ1TmxrVEhMc0VuUTFDS2NrQzd1c3cydmJBDQpDb250ZW50LVJhbmdlOiBieXRlcyAwLTg5OC8zMjQ2ODMzNQ0KDQo="}
-00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1930,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1484319064683828,"flow_dst_last_pkt_time":1484319064699948,"flow_idle_time":200000000,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_usec":1484319064699948,"pkt":"5JjWH70UgCqoTGHMCABFAADq4UlAAEAR1WDAqAEBwKgBBwA17iIA1plWED2BgAABAAkAAAAAB2ljaG5hZWEDZ2VvB25ldGZsaXgDY29tAAABAAHADAAFAAEAAAAMABkHaWNobmFlYQdsYXRlbmN5BnByb2RhYcAYwDUAAQABAAAAFgAENCUk\/MA1AAEAAQAAABYABDQrZhTANQABAAEAAAAWAAQ0Iv+pwDUAAQABAAAAFgAENBhu0sA1AAEAAQAAABYABDQK7rvANQABAAEAAAAWAAQ2RB9SwDUAAQABAAAAFgAENCdXJMA1AAEAAQAAABYABDQobnM="}
-01065{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1930,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319064683828,"flow_src_last_pkt_time":1484319064683828,"flow_dst_last_pkt_time":1484319064699948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":206,"midstream":0,"thread_ts_usec":1484319064699948,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"ichnaea.geo.netflix.com","dns": {"num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.37.36.252"}}}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1935,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064711690,"flow_dst_last_pkt_time":1484319064711690,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064711690,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1935,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1484319064711690,"flow_dst_last_pkt_time":1484319064711690,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319064711690,"pkt":"gCqoTGHM5JjWH70UCABFAABAfOpAAEAGov3AqAEHNCUk\/M\/TAbvE99WSAAAAALAC\/\/9grAAAAgQFtAEDAwUBAQgKH2UwAgAAAAAEAgAA"}
-01978{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1936,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319064712006,"flow_dst_last_pkt_time":1484319034278653,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6319,"flow_dst_tot_l4_payload_len":4140,"midstream":0,"thread_ts_usec":1484319064712006,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":74,"avg":1003326.9,"max":30431499,"stddev":5372888.5,"var":28867930619904.0,"ent":0.2,"data": [44924,46321,7446,58250,1844,979,55802,12140,9904,9342,287,206,60460,132,50780,11459,460,157,72134,60865,339,50757,444,15673,16944,136,74,82928,303,146,30431499]},"pktlen": {"min":52,"avg":379.5,"max":1500,"stddev":557.0,"var":310204.4,"ent":3.8,"data": [64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1402,1500,1500,52,1500,322,52,52,52,993,107,86,52,52,52,52]},"bins": {"c_to_s": [10,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0],"s_to_c": [7,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,1,1,1,1,1,1,0,0,0,0],"entropies": [4.598081589,5.256567001,5.131024837,5.819132805,5.246409416,7.227420330,7.332920074,5.092563152,6.984497547,5.169486046,6.274277210,5.113821983,5.948767662,5.284871101,6.050486565,5.246409416,7.870395660,7.873335838,7.867392540,5.246409416,7.876014709,7.339691162,5.169486046,5.284871101,5.284871101,7.775086403,6.215628147,5.873826027,5.246409416,5.169486046,5.154969215,5.003043175]}}
-01644{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1936,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319064712006,"flow_dst_last_pkt_time":1484319034278653,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6319,"flow_dst_tot_l4_payload_len":4140,"midstream":0,"thread_ts_usec":1484319064712006,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}}
-00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1937,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1484319064671268,"flow_dst_last_pkt_time":1484319064722112,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319064722112,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGRvs2vxEzwKgBBwG7z9JcNkhzU8YNlaASOJDYrwAAAgQFtAQCCAqtilitH2Uv3gEDAwg="}
-00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1938,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1484319064669455,"flow_dst_last_pkt_time":1484319064722814,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319064722814,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGR\/s2vxEzwKgBBwG7z8mqa43KKbVWHqASOJAmtQAAAgQFtAQCCAqtilitH2Uv3QEDAwg="}
-00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1939,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1484319064723412,"flow_dst_last_pkt_time":1484319064722112,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064723412,"pkt":"gCqoTGHM5JjWH70UCABFAAA06mxAAEAGRrbAqAEHNr8RM8\/SAbtTxg2VXDZIdIAQEBUvyAAAAQEICh9lMA6tilit"}
-00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1940,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1484319064724096,"flow_dst_last_pkt_time":1484319064722814,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064724096,"pkt":"gCqoTGHM5JjWH70UCABFAAA0RtdAAEAG6kvAqAEHNr8RM8\/JAbsptVYeqmuNy4AQEBV9zAAAAQEICh9lMA6tilit"}
-01205{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1942,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064722814,"flow_idle_time":3285032704,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319064728551,"pkt":"gCqoTGHM5JjWH70UCABFAAI52vZAAEAGVCfAqAEHNr8RM8\/JAbsptVYeqmuNy4AYEBU\/AQAAAQEICh9lMBGtilitFgMBAgABAAH8AwOssLX4r6P7GP1cyM+\/QL5jcos5eemrJxEB7qfdYiVRRQAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1942,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064722814,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064728551,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-01204{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1943,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064722112,"flow_idle_time":3285032704,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319064729673,"pkt":"gCqoTGHM5JjWH70UCABFAAI526xAAEAGU3HAqAEHNr8RM8\/SAbtTxg2VXDZIdIAYEBX36QAAAQEICh9lMBOtilitFgMBAgABAAH8AwM\/Ud3IJ+zS9aVmySryI5irQf+M2+tqC0+UPSJWqvpDqAAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1943,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064722112,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064729673,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1950,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1484319064711690,"flow_dst_last_pkt_time":1484319064781140,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319064781140,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGNcw0JST8wKgBBwG7z9NfgzodxPfVk6ASRersYQAAAgQFtAQCCAqFpSALH2UwAgEDAwg="}
-00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1953,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1484319064782652,"flow_dst_last_pkt_time":1484319064781140,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064782652,"pkt":"gCqoTGHM5JjWH70UCABFAAA0MmJAAEAG7ZHAqAEHNCUk\/M\/TAbvE99WTX4M6HoAQEBVQwAAAAQEICh9lMEaFpSAL"}
-00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1954,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064783171,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064783171,"pkt":"5JjWH70UgCqoTGHMCABFIAA0EM5AACoGNjU2vxEzwKgBBwG7z9JcNkh0U8YPmoAQAD09hgAAAQEICq2KWL0fZTAT"}
-00820{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1957,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064781140,"flow_idle_time":3285032704,"pkt_caplen":295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":295,"pkt_l4_len":261,"thread_ts_usec":1484319064785302,"pkt":"gCqoTGHM5JjWH70UCABFAAEZfjdAAEAGoNfAqAEHNCUk\/M\/TAbvE99WTX4M6HoAYEBXgSwAAAQEICh9lMEiFpSALFgMBAOABAADcAwNYeOlYxBLS5gM2ky3bQNFyoxLviT91lQxxEizDalFYdwAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAjQAAABgAFgAAE2ljaG5hZWEubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="}
-01149{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1957,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064781140,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064785302,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
-00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1960,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064796538,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064796538,"pkt":"5JjWH70UgCqoTGHMCABFIAA01XFAACkGcpE2vxEzwKgBBwG7z8mqa43LKbVYI4AQAD2LiwAAAQEICq2KWL4fZTAR"}
-01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1961,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064796989,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319064796989,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}}
-01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1962,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064823890,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319064823890,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}}
-00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1963,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064836708,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064836708,"pkt":"5JjWH70UgCqoTGHMCABFIAA0GgVAACoGG880JST8wKgBBwG7z9NfgzoexPfWeIAQAEtfkAAAAQEICoWlIB4fZTBI"}
-01616{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1964,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064850606,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319064850606,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}}
-01209{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1968,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064885811,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319064885811,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
-01616{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1969,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064898548,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319064898548,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}}
-01639{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1977,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064950196,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319064950196,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}}
-01995{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2040,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319065388464,"flow_dst_last_pkt_time":1484319065423935,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":23355,"flow_dst_tot_l4_payload_len":2633,"midstream":0,"thread_ts_usec":1484319065423935,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":105,"avg":47531.9,"max":266118,"stddev":57373.9,"var":3291763968.0,"ent":4.0,"data": [53359,54641,4455,73724,451,53617,123531,11602,72543,62717,1529,55777,52363,2209,208,426,218,96299,96364,227,131,105,82592,81689,880,205,155,38176,40581,146597,266118]},"pktlen": {"min":52,"avg":865.4,"max":1500,"stddev":680.5,"var":463015.4,"ent":4.4,"data": [64,60,52,569,52,1500,1132,52,178,103,52,1044,106,52,1500,1500,1500,1500,52,1500,1500,1500,1500,52,1500,1500,1500,1500,1500,1500,1500,72]},"bins": {"c_to_s": [5,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0],"s_to_c": [5,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,1],"entropies": [4.578626633,5.335815907,5.207947731,4.350263596,5.169486523,7.184256554,7.647752762,5.207947731,6.566578865,6.006330490,5.169486046,7.810021400,6.234852314,5.215455055,7.860099316,7.858446598,7.850243568,7.875246525,5.284871101,7.867991447,7.875946045,7.875228882,7.851313114,5.246409416,7.892469883,7.867894650,7.855500698,7.875078678,7.889169693,7.874140739,7.858912468,5.388828278]}}
-01620{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2040,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319065388464,"flow_dst_last_pkt_time":1484319065423935,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":23355,"flow_dst_tot_l4_payload_len":2633,"midstream":0,"thread_ts_usec":1484319065423935,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}}
-01992{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2062,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319065492035,"flow_dst_last_pkt_time":1484319065478679,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9240,"flow_dst_tot_l4_payload_len":6755,"midstream":0,"thread_ts_usec":1484319065492035,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":182,"avg":52521.9,"max":282465,"stddev":58168.2,"var":3383536896.0,"ent":4.2,"data": [50844,52144,6261,61059,40719,74658,170395,11813,79420,67625,2032,57431,55801,1745,844,219,182,82546,79700,249,94600,127478,60574,282465,10583,27617,37968,39882,42871,7730,723]},"pktlen": {"min":52,"avg":552.5,"max":1500,"stddev":629.7,"var":396553.7,"ent":4.0,"data": [64,60,52,569,52,1500,1132,52,178,103,52,1043,106,52,1500,1500,1500,1500,52,1500,387,52,52,1243,52,1500,1486,52,101,52,83,52]},"bins": {"c_to_s": [10,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0],"s_to_c": [5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,2,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,1,1,1,0,1,1,0,1,0,0,0],"entropies": [4.598081589,5.369149208,5.169486046,4.365832806,5.154969215,7.171761036,7.662086964,5.169486523,6.518167496,5.984750271,5.100070000,7.782325745,6.202902317,5.246409416,7.867114544,7.871539593,7.857532978,7.870780945,5.078046322,7.856834412,7.434062958,5.154969215,5.154969215,7.833981991,5.246409416,7.884502411,7.878024578,5.246409416,6.160539627,5.207947731,5.791826725,5.094483852]}}
-01620{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2062,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319065492035,"flow_dst_last_pkt_time":1484319065478679,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9240,"flow_dst_tot_l4_payload_len":6755,"midstream":0,"thread_ts_usec":1484319065492035,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}}
-01991{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2094,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319065635020,"flow_dst_last_pkt_time":1484319065630720,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":19082,"flow_dst_tot_l4_payload_len":3110,"midstream":0,"thread_ts_usec":1484319065635020,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":105,"avg":59431.0,"max":332646,"stddev":83335.9,"var":6944879104.0,"ent":3.8,"data": [69450,70962,2650,55568,49103,64385,167918,331939,332646,26549,653,732,87677,534,60709,8817,7117,449,81078,62803,767,160,105,68135,67101,803,163,105,111161,109572,2549]},"pktlen": {"min":52,"avg":746.1,"max":1500,"stddev":703.8,"var":495333.0,"ent":4.2,"data": [64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1403,1500,1500,52,1500,1500,1500,1500,52,1500,1500,1500,1500,52,1500,1500]},"bins": {"c_to_s": [6,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,12,0,0],"s_to_c": [6,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0],"entropies": [4.578626633,5.323234081,5.169486046,5.810972691,5.131024837,7.231025219,7.326107502,5.154969215,6.940334797,5.169486523,6.230382919,5.079339504,6.149899960,5.207948208,5.992234230,5.193430901,7.859437466,7.874912739,7.853219032,5.207947731,7.901949883,7.848706245,7.875315189,7.851129055,5.207947731,7.874441147,7.863263607,7.860793114,7.870314598,5.207947731,7.870880127,7.866354465]}}
-01644{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2094,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319065635020,"flow_dst_last_pkt_time":1484319065630720,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":19082,"flow_dst_tot_l4_payload_len":3110,"midstream":0,"thread_ts_usec":1484319065635020,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}}
-02321{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2131,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319064593980,"flow_src_last_pkt_time":1484319066015206,"flow_dst_last_pkt_time":1484319066064571,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":515,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":19133,"midstream":0,"thread_ts_usec":1484319066064571,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2593,"avg":93284.4,"max":471964,"stddev":119313.2,"var":14235634688.0,"ent":4.1,"data": [26070,27491,2593,46530,5363,49411,29634,29502,8466,38422,5397,39840,38400,39693,140326,138333,356578,206910,471964,29274,417442,40849,81521,44012,43364,83015,187750,28619,25160,184386,25502]},"pktlen": {"min":52,"avg":684.8,"max":1500,"stddev":659.1,"var":434476.8,"ent":4.2,"data": [64,60,52,561,621,1500,52,663,52,567,629,1500,52,1500,52,1500,1500,80,1500,64,52,1500,1500,52,1500,52,1500,72,64,52,1500,1500]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1,1,0,1,0,1,0,0,0,1,1],"entropies": [4.570159912,5.266787052,5.065449715,6.275901794,5.797811985,4.453124046,5.118428230,4.223619461,5.089393616,6.289565086,5.782683849,3.849286318,5.103911400,6.893377781,5.000318050,7.605064869,7.871351719,5.248013020,7.860187054,5.187250137,5.077241421,7.867404461,7.859804153,5.065449238,7.885848045,5.000318527,7.863960743,5.267232895,5.115169048,5.079966545,7.857268333,7.882204533]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-02318{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2195,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319064590230,"flow_src_last_pkt_time":1484319066598421,"flow_dst_last_pkt_time":1484319065741809,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":17969,"midstream":0,"thread_ts_usec":1484319066598421,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5292,"avg":101928.1,"max":730898,"stddev":155663.8,"var":24231225344.0,"ent":4.0,"data": [30477,31515,13216,64005,5292,56409,6142,68156,5406,71534,109518,202677,164827,560321,47319,78954,279545,27696,94465,26601,26144,15824,70512,85885,39451,39774,41592,84438,730898,41457,39720]},"pktlen": {"min":52,"avg":648.3,"max":1500,"stddev":653.4,"var":426995.3,"ent":4.2,"data": [64,60,52,557,618,951,52,564,628,1500,52,1500,1500,1500,72,64,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,64,72,64,52]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,0,1,0,0,0,0],"entropies": [4.476409912,5.212701797,5.156889915,6.230133057,5.778679371,3.867035151,5.079966545,6.195135117,5.745929718,3.167200804,5.094483852,7.856627464,7.824065208,7.816611290,5.331886292,5.165874004,5.118428230,7.781126976,7.831735134,5.118428230,7.778219700,4.961856365,5.882567406,7.827349663,5.103910923,7.794489861,4.961856365,7.814080238,4.958919048,5.244518280,5.083919048,5.079966545]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2494,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319070636683,"flow_src_last_pkt_time":1484319070636683,"flow_dst_last_pkt_time":1484319070636683,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319070636683,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2494,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1484319070636683,"flow_dst_last_pkt_time":1484319070636683,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319070636683,"pkt":"gCqoTGHM5JjWH70UCABFAABAs25AAEAGoh\/AqAEHF\/YLhc\/aAFBx1HGxAAAAALAC\/\/84uwAAAgQFtAEDAwUBAQgKH2VGAgAAAAAEAgAA"}
-00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2497,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1484319070636683,"flow_dst_last_pkt_time":1484319070655089,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319070655089,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWnIX9guFwKgBBwBQz9pdV1SucdRxsqAS\/\/+\/OwAAAgQFtAEDAwkEAggKgYtW3h9lRgI="}
-00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2499,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1484319070656558,"flow_dst_last_pkt_time":1484319070655089,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319070656558,"pkt":"gCqoTGHM5JjWH70UCABFAAA0S\/NAAEAGCafAqAEHF\/YLhc\/aAFBx1HGyXVdUr4AQEBXd4QAAAQEICh9lRhWBi1be"}
-01192{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2501,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1484319070660268,"flow_dst_last_pkt_time":1484319070655089,"flow_idle_time":3285032704,"pkt_caplen":575,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":575,"pkt_l4_len":541,"thread_ts_usec":1484319070660268,"pkt":"gCqoTGHM5JjWH70UCABFAAIxzrJAAEAGhOrAqAEHF\/YLhc\/aAFBx1HGyXVdUr4AYEBUYkAAAAQEICh9lRhiBi1beR0VUIC8\/bz1BUUVmS3Eyb01yTFJpV0wxb3VWYUpwZVFMQldqR0xqU3NldTIzVjJIWDZrSWlVOUpwYkNhQnh4YUlvejIxcVFOS3VEVWFPSVp3ZFRseDIzRE1WeGFiYkN3bXZFbHVpcERXMnR2Rk1saE1SdHdkaGhWbGJ2OUtHRmFiaXU1S0gwU2x4MFZqT0tfd3pUaHBfN2xIaFdBNGtXOWdheVlFV3RqTk5LZSZ2PTMmZT0xNDg0MzQ3ODUwJnQ9SmZFZWY4MEswMnluSWpMTG9pLUhaQjF1UTEwIEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTMzDQpYLVBsYXliYWNrLVNlc3Npb24tSWQ6IDQzRERBRkI5LUZFMkYtNEM2RS05QjkxLUFCMERDNDY0ODdBMQ0KUmFuZ2U6IGJ5dGVzPTAtMjAxNg0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IEFwcGxlQ29yZU1lZGlhLzEuMC4wLjE0QzkyIChpUGhvbmU7IFU7IENQVSBPUyAxMF8yIGxpa2UgTWFjIE9TIFg7IGVuX3VzKQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cw0KQWNjZXB0LUVuY29kaW5nOiBpZGVudGl0eQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
-01420{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2501,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319070636683,"flow_src_last_pkt_time":1484319070660268,"flow_dst_last_pkt_time":1484319070655089,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":509,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":509,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319070660268,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.133","http": {"url":"23.246.11.133\/?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}}
-01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2502,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1484319070660268,"flow_dst_last_pkt_time":1484319070683948,"flow_idle_time":3285032704,"pkt_caplen":634,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":634,"pkt_l4_len":600,"thread_ts_usec":1484319070683948,"pkt":"5JjWH70UgCqoTGHMCABFIAJsAABAADsGWEIX9guFwKgBBwBQz9pdV1SvcdRzr4AQCALHHwAAAQEICoGLVvsfZUYYSFRUUC8xLjEgMjA2IFBhcnRpYWwgQ29udGVudA0KU2VydmVyOiBuZ2lueA0KRGF0ZTogRnJpLCAxMyBKYW4gMjAxNyAxNDo1MToxMCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMjAxNw0KTGFzdC1Nb2RpZmllZDogVGh1LCAwNiBBdWcgMjAxNSAwODo0OTozMiBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD03MjkyMTg0NzU7aDE9MzQ4NTc3ODU3MDtoMj00MTk0MzEzOTQzO2gzPTExOTYyNjI1MTY7aDQ9Mzc5NzQ1MzgwOTsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzIxMDthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KQ29udGVudC1SYW5nZTogYnl0ZXMgMC0yMDE2LzM1MzY4MzQ3DQoNCg=="}
-02326{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2608,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1484319070636683,"flow_src_last_pkt_time":1484319072360005,"flow_dst_last_pkt_time":1484319072357645,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":515,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":21986,"midstream":0,"thread_ts_usec":1484319072360005,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3710,"avg":111105.9,"max":530041,"stddev":160200.4,"var":25664157696.0,"ent":3.9,"data": [18406,19875,3710,28859,18073,45753,41559,39617,18474,45294,5405,31729,29350,29485,41132,41119,82225,87690,42083,64319,51529,299907,159779,515651,435957,526591,530041,39964,69880,40403,40425]},"pktlen": {"min":52,"avg":772.9,"max":1500,"stddev":666.8,"var":444580.8,"ent":4.3,"data": [64,60,52,561,620,1500,52,621,52,567,629,1500,52,1500,52,1500,1500,52,1500,1500,1500,1500,80,1500,64,1500,52,1500,1500,52,1500,52]},"bins": {"c_to_s": [12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,1,1,1,0,1,0,1,0,1,1,0,1,0],"entropies": [4.488204956,5.300120354,5.156889915,6.256848335,5.804110050,4.454978466,5.233812809,4.247903824,5.156889915,6.243398190,5.778408527,3.438887596,5.156889915,7.007576466,5.077241421,6.349354744,3.910008192,5.103911400,7.877290249,7.845316887,7.839955807,7.878695488,5.416651249,7.863180637,5.208919048,7.866981983,5.156889915,7.868912697,7.868783951,5.233812809,7.847263813,5.077241421]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00954{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1484319033886061,"flow_src_last_pkt_time":1484319068012841,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1235,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319080860682,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00950{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1484319032865799,"flow_src_last_pkt_time":1484319032866374,"flow_dst_last_pkt_time":1484319032884052,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":329,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":562,"midstream":0,"thread_ts_usec":1484319080860682,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319035004050,"flow_src_last_pkt_time":1484319035004050,"flow_dst_last_pkt_time":1484319035024355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1484319080860682,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00950{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319032882949,"flow_src_last_pkt_time":1484319032882949,"flow_dst_last_pkt_time":1484319032884500,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":1484319080860682,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4178,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319042988806,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319043002781,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":106,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":106,"midstream":0,"thread_ts_usec":1484319090890868,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00949{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4178,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319036827113,"flow_src_last_pkt_time":1484319036827113,"flow_dst_last_pkt_time":1484319036847572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":95,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":95,"midstream":0,"thread_ts_usec":1484319090890868,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4214,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319091296070,"flow_src_last_pkt_time":1484319091296070,"flow_dst_last_pkt_time":1484319091296070,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319091296070,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4214,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1484319091296070,"flow_dst_last_pkt_time":1484319091296070,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319091296070,"pkt":"gCqoTGHM5JjWH70UCABFAABAakNAAEAG60LAqAEHF\/YLjc\/hAFDAgDYQAAAAALAC\/\/\/YUQAAAgQFtAEDAwUBAQgKH2WTUQAAAAAEAgAA"}
-00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4216,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1484319091296070,"flow_dst_last_pkt_time":1484319091309083,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319091309083,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz+FsswOfwIA2EaAS\/\/85DQAAAgQFtAEDAwkEAggK\/T5Cox9lk1E="}
-00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4217,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1484319091310850,"flow_dst_last_pkt_time":1484319091309083,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319091310850,"pkt":"gCqoTGHM5JjWH70UCABFAAA00UpAAEAGhEfAqAEHF\/YLjc\/hAFDAgDYRbLMDoIAQEBVXuAAAAQEICh9lk1\/9PkKj"}
-01192{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4218,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1484319091314892,"flow_dst_last_pkt_time":1484319091309083,"flow_idle_time":3285032704,"pkt_caplen":575,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":575,"pkt_l4_len":541,"thread_ts_usec":1484319091314892,"pkt":"gCqoTGHM5JjWH70UCABFAAIxbbBAAEAG5eTAqAEHF\/YLjc\/hAFDAgDYRbLMDoIAYEBVzYQAAAQEICh9lk2L9PkKjR0VUIC8\/bz1BUUVmS3Eyb01yTFJpV0wycHVOUUpKMlRMaHVpR0xqU3NldTIzVjJIWDZrSWlVOUpwYkNhQnh4YUlvejIxcVFOS3VEVWFPSVp3ZFRseDIzRE1WeGFiYkN3bXZFbHVpcERXMnR2Rk1saE1SdHdkaGhWbGJ2OUtHRmFiaXU1S0gwU2x4MFZqT0tfd3pUaHBQN2xIaFdBNGtXOWdheVlFV3RqTk5LZSZ2PTMmZT0xNDg0MzQ3ODUwJnQ9RGgyNzh1MlVwQXBPQ0dVajVSeFY4YXpOV1g4IEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTQxDQpYLVBsYXliYWNrLVNlc3Npb24tSWQ6IDQzRERBRkI5LUZFMkYtNEM2RS05QjkxLUFCMERDNDY0ODdBMQ0KUmFuZ2U6IGJ5dGVzPTAtMjA1OA0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IEFwcGxlQ29yZU1lZGlhLzEuMC4wLjE0QzkyIChpUGhvbmU7IFU7IENQVSBPUyAxMF8yIGxpa2UgTWFjIE9TIFg7IGVuX3VzKQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cw0KQWNjZXB0LUVuY29kaW5nOiBpZGVudGl0eQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
-01420{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4218,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319091296070,"flow_src_last_pkt_time":1484319091314892,"flow_dst_last_pkt_time":1484319091309083,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":509,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":509,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319091314892,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}}
-01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4219,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1484319091314892,"flow_dst_last_pkt_time":1484319091339356,"flow_idle_time":3285032704,"pkt_caplen":634,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":634,"pkt_l4_len":600,"thread_ts_usec":1484319091339356,"pkt":"5JjWH70UgCqoTGHMCABFIAJsAABAADsGWDoX9guNwKgBBwBQz+FsswOgwIA4DoAQCAJKIQAAAQEICv0+QsAfZZNiSFRUUC8xLjEgMjA2IFBhcnRpYWwgQ29udGVudA0KU2VydmVyOiBuZ2lueA0KRGF0ZTogRnJpLCAxMyBKYW4gMjAxNyAxNDo1MTozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMjA1OQ0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMDo1OTo1NyBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0yOTgzMTEwNzE7aDE9MzMxNjkzMDExMDtoMj0zNjA3NzYxMjI1O2gzPTE1NTc1ODQyMzk7aDQ9MTcxNjMzNjAwOTsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzIxNzthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KQ29udGVudC1SYW5nZTogYnl0ZXMgMC0yMDU4LzY4Mzk0NTQxDQoNCg=="}
-02312{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":4263,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1484319091296070,"flow_src_last_pkt_time":1484319091784359,"flow_dst_last_pkt_time":1484319091750098,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":518,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1027,"flow_dst_tot_l4_payload_len":23476,"midstream":0,"thread_ts_usec":1484319091784359,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":186,"avg":30397.3,"max":286066,"stddev":49910.1,"var":2491019008.0,"ent":4.0,"data": [13013,14780,4042,30273,839,3652,30261,186,16542,35559,2040,21479,3192,3317,13322,13300,26482,13309,13526,13848,42739,56409,14727,15199,71007,25498,25497,25504,51553,55156,286066]},"pktlen": {"min":52,"avg":819.0,"max":1500,"stddev":665.8,"var":443241.7,"ent":4.4,"data": [64,60,52,561,620,1500,663,52,52,570,629,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,1500,1500,1500,1500,72]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,1,1,1,1,0],"entropies": [4.538909912,5.333454132,5.156889439,6.262038231,5.768496513,4.449262142,4.226318359,5.012470722,5.065449238,6.248849392,5.763326645,4.335525513,5.142372608,7.149711609,4.961856842,7.863347054,7.873285294,5.156889915,7.863232136,5.000318050,7.860691547,7.874946594,5.195351124,7.870134830,5.038779736,7.881839275,7.859775066,7.865787983,7.856745243,7.858184338,7.871532917,5.415219307]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00944{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5060,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319049641053,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049665892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1484319100899313,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5060,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319048757894,"flow_src_last_pkt_time":1484319048757894,"flow_dst_last_pkt_time":1484319048776187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":150,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":150,"midstream":0,"thread_ts_usec":1484319100899313,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5060,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319049645637,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049681348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":329,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":329,"midstream":0,"thread_ts_usec":1484319100899313,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6075,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319064683828,"flow_src_last_pkt_time":1484319064683828,"flow_dst_last_pkt_time":1484319064699948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":206,"midstream":0,"thread_ts_usec":1484319110907560,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6397,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319114365279,"flow_src_last_pkt_time":1484319114365279,"flow_dst_last_pkt_time":1484319114365279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319114365279,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6397,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1484319114365279,"flow_dst_last_pkt_time":1484319114365279,"flow_idle_time":200000000,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1484319114365279,"pkt":"gCqoTGHM5JjWH70UCABFAABCZ6UAAEARj63AqAEHwKgBAcmmADUALqajKFkBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAABAAE="}
-01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6397,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319114365279,"flow_src_last_pkt_time":1484319114365279,"flow_dst_last_pkt_time":1484319114365279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319114365279,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"ios.nccp.netflix.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6398,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1484319114365513,"flow_dst_last_pkt_time":1484319114365279,"flow_idle_time":200000000,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1484319114365513,"pkt":"gCqoTGHM5JjWH70UCABFAABCN7AAAEARv6LAqAEHwKgBAcmmADUALiWYqUkBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAE="}
-01054{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6398,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1484319114365279,"flow_src_last_pkt_time":1484319114365513,"flow_dst_last_pkt_time":1484319114365279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319114365513,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"ios.nccp.netflix.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00788{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6401,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_src_last_pkt_time":1484319114365513,"flow_dst_last_pkt_time":1484319114384308,"flow_idle_time":200000000,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_usec":1484319114384308,"pkt":"5JjWH70UgCqoTGHMCABFAAEF4UpAAEAR1UTAqAEBwKgBBwA1yaYA8aaTKFmBgAABAAoAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAABAAHADAAFAAEAAAAhAA8DaW9zBG5jY3ADZ2VvwBXAMgAFAAEAAAEXABwDaW9zBG5jY3AJdXMtd2VzdC0yBnByb2RhYcAVwE0AAQABAAAALwAENCAW1sBNAAEAAQAAAC8ABDQiMaPATQABAAEAAAAvAAQ0GyTuwE0AAQABAAAALwAENCJwJsBNAAEAAQAAAC8ABDQi04bATQABAAEAAAAvAAQ0GRpcwE0AAQABAAAALwAENCDSq8BNAAEAAQAAAC8ABDQi5lM="}
-01064{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6401,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1484319114365279,"flow_src_last_pkt_time":1484319114365513,"flow_dst_last_pkt_time":1484319114384308,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":233,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":233,"midstream":0,"thread_ts_usec":1484319114384308,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"ios.nccp.netflix.com","dns": {"num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":1,"rsp_addr":"52.32.22.214"}}}
-00916{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6403,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_src_last_pkt_time":1484319114365513,"flow_dst_last_pkt_time":1484319114400480,"flow_idle_time":200000000,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"thread_ts_usec":1484319114400480,"pkt":"5JjWH70UgCqoTGHMCABFAAFl4UtAAEAR1OPAqAEBwKgBBwA1yaYBUaZKqUmBgAABAAoAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAHADAAFAAEAAAAdAA8DaW9zBG5jY3ADZ2VvwBXAMgAFAAEAAAEZABwDaW9zBG5jY3AJdXMtd2VzdC0yBnByb2RhYcAVwE0AHAABAAAALQAQJiABCHAPAAAAAAAANpUfRMBNABwAAQAAAC0AECYgAQhwDwAAAAAAADaVT4rATQAcAAEAAAAtABAmIAEIcA8AAAAAAAA2uidXwE0AHAABAAAALQAQJiABCHAPAAAAAAAANroXx8BNABwAAQAAAC0AECYgAQhwDwAAAAAAADZE0xXATQAcAAEAAAAtABAmIAEIcA8AAAAAAAA2ummQwE0AHAABAAAALQAQJiABCHAPAAAAAAAANkTCZ8BNABwAAQAAAC0AECYgAQhwDwAAAAAAADa6im8="}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6406,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114406347,"flow_dst_last_pkt_time":1484319114406347,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319114406347,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6406,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1484319114406347,"flow_dst_last_pkt_time":1484319114406347,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319114406347,"pkt":"gCqoTGHM5JjWH70UCABFAABAaktAAEAGw8fAqAEHNCAW1s\/2Abt+TgYJAAAAALAC\/\/\/LHgAAAgQFtAEDAwUBAQgKH2XpygAAAAAEAgAA"}
-00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6412,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1484319114406347,"flow_dst_last_pkt_time":1484319114455348,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319114455348,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGRPc0IBbWwKgBBwG7z\/ZJSmsOfk4GCqASOJAVRAAAAgQFtAQCCAq2sSMxH2XpygEDAwg="}
-00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6414,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1484319114457327,"flow_dst_last_pkt_time":1484319114455348,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319114457327,"pkt":"gCqoTGHM5JjWH70UCABFAAA03p5AAEAGT4DAqAEHNCAW1s\/2Abt+TgYKSUprD4AQEBVsWgAAAQEICh9l6fy2sSMx"}
-01204{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6416,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114455348,"flow_idle_time":3285032704,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319114464321,"pkt":"gCqoTGHM5JjWH70UCABFAAI5Y7ZAAEAGyGPAqAEHNCAW1s\/2Abt+TgYKSUprD4AYEBXEQwAAAQEICh9l6gK2sSMxFgMBAgABAAH8AwPYD50dwaa6SBFM+FER3hNsABrlY\/SCFZdiIuSkbU7v5QAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6416,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114455348,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319114464321,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6422,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114523056,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319114523056,"pkt":"5JjWH70UgCqoTGHMCABFIAA0SDFAACkG\/M00IBbWwKgBBwG7z\/ZJSmsPfk4ID4AQAD16GQAAAQEICraxIz8fZeoC"}
-01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6423,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114523585,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319114523585,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}}
-01616{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6425,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114556754,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319114556754,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6721,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319117511945,"flow_src_last_pkt_time":1484319117511945,"flow_dst_last_pkt_time":1484319117511945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117511945,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6721,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1484319117511945,"flow_dst_last_pkt_time":1484319117511945,"flow_idle_time":200000000,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1484319117511945,"pkt":"gCqoTGHM5JjWH70UCABFAABT2RsAAP8RXyXAqAEHwKgBAct\/ADUAP5\/hcXUBAAABAAAAAAAACmFwaS1nbG9iYWwHbGF0ZW5jeQZwcm9kYWEHbmV0ZmxpeANjb20AAAEAAQ=="}
-01062{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6721,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319117511945,"flow_src_last_pkt_time":1484319117511945,"flow_dst_last_pkt_time":1484319117511945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117511945,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"api-global.latency.prodaa.netflix.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6726,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":1484319117511945,"flow_dst_last_pkt_time":1484319117538934,"flow_idle_time":200000000,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_usec":1484319117538934,"pkt":"5JjWH70UgCqoTGHMCABFAADT4UxAAEAR1XTAqAEBwKgBBwA1y38Av8eGcXWBgAABAAgAAAAACmFwaS1nbG9iYWwHbGF0ZW5jeQZwcm9kYWEHbmV0ZmxpeANjb20AAAEAAcAMAAEAAQAAACsABDQpHgXADAABAAEAAAArAAQ0KVZPwAwAAQABAAAAKwAENCnkd8AMAAEAAQAAACsABDQpn7bADAABAAEAAAArAAQ0J+8jwAwAAQABAAAAKwAENCc7i8AMAAEAAQAAACsABDQo+f3ADAABAAEAAAArAAQ0KRH0"}
-01077{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6726,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319117511945,"flow_src_last_pkt_time":1484319117511945,"flow_dst_last_pkt_time":1484319117538934,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1484319117538934,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"api-global.latency.prodaa.netflix.com","dns": {"num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.41.30.5"}}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6744,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117605859,"flow_dst_last_pkt_time":1484319117605859,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117605859,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6744,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1484319117605859,"flow_dst_last_pkt_time":1484319117605859,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319117605859,"pkt":"gCqoTGHM5JjWH70UCABFAABArFRAAEAGeobAqAEHNCkeBc\/3Abv7qhZTAAAAALAC\/\/8qUQAAAgQFtAEDAwUBAQgKH2X1uAAAAAAEAgAA"}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6755,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117651396,"flow_dst_last_pkt_time":1484319117651396,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117651396,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6755,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1484319117651396,"flow_dst_last_pkt_time":1484319117651396,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319117651396,"pkt":"gCqoTGHM5JjWH70UCABFAABAO7RAAEAG8l7AqAEHNCAW1tAAAbtmeMEgAAAAALAC\/\/8btwAAAgQFtAEDAwUBAQgKH2X15gAAAAAEAgAA"}
-00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6758,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1484319117605859,"flow_dst_last_pkt_time":1484319117664151,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319117664151,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGPb80KR4FwKgBBwG7z\/fOmYqt+6oWVKASOJB9NwAAAgQFtAQCCAqh\/Yo1H2X1uAEDAwg="}
-00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6761,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1484319117667082,"flow_dst_last_pkt_time":1484319117664151,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117667082,"pkt":"gCqoTGHM5JjWH70UCABFAAA0nQxAAEAGidrAqAEHNCkeBc\/3Abv7qhZUzpmKroAQEBXUQwAAAQEICh9l9fSh\/Yo1"}
-01205{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6764,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117664151,"flow_idle_time":3285032704,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319117668880,"pkt":"gCqoTGHM5JjWH70UCABFAAI59gxAAEAGLtXAqAEHNCkeBc\/3Abv7qhZUzpmKroAYEBUUlAAAAQEICh9l9feh\/Yo1FgMBAgABAAH8AwNYeOmNAe5Q0hcaTI2Ej50ifhjlODvil\/8YZ4JhR3RxkSAlPalSNkR1ua99akikzzyiXtlC5nVNfalnaleVK1UZuQAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAAGNAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMzdAAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQAFAAUBAAAAAAASAAAAFwAAABUA+QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-01150{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6764,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117664151,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117668880,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
-00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6772,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_src_last_pkt_time":1484319117651396,"flow_dst_last_pkt_time":1484319117703150,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319117703150,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGRPc0IBbWwKgBBwG70ABfA575ZnjBIaASOJAZDQAAAgQFtAQCCAq2sSZcH2X15gEDAwg="}
-00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6773,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_src_last_pkt_time":1484319117704525,"flow_dst_last_pkt_time":1484319117703150,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117704525,"pkt":"gCqoTGHM5JjWH70UCABFAAA0fsVAAEAGr1nAqAEHNCAW1tAAAbtmeMEhXwOe+oAQEBVwIwAAAQEICh9l9hi2sSZc"}
-01203{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6774,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117703150,"flow_idle_time":3285032704,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319117713351,"pkt":"gCqoTGHM5JjWH70UCABFAAI5taBAAEAGdnnAqAEHNCAW1tAAAbtmeMEhXwOe+oAYEBXylgAAAQEICh9l9hq2sSZcFgMBAgABAAH8AwN8q\/ZLhsSOm12ptnIT0OvNxxjn3f9+RlJ5hY7lfSkXAAAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6774,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117703150,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117713351,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6775,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117734717,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117734717,"pkt":"5JjWH70UgCqoTGHMCABFIAA0AOhAACkGPN80KR4FwKgBBwG7z\/fOmYqu+6oYWYAQAD3iAQAAAQEICqH9ikcfZfX3"}
-01210{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6776,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117737656,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319117737656,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
-01667{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6777,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117738672,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319117738672,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}}
-00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6788,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":5,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117767728,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117767728,"pkt":"5JjWH70UgCqoTGHMCABFIAA0uJNAACkGjGs0IBbWwKgBBwG70ABfA576ZnjDJoAQAD194wAAAQEICraxJm0fZfYa"}
-01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6789,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117770085,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319117770085,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}}
-01616{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6790,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117771052,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319117771052,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6799,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319117826887,"flow_dst_last_pkt_time":1484319117826887,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117826887,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6799,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1484319117826887,"flow_dst_last_pkt_time":1484319117826887,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319117826887,"pkt":"gCqoTGHM5JjWH70UCABFAABAF8hAAEAGDxPAqAEHNCkeBdABAbshc+whAAAAALAC\/\/8t3QAAAgQFtAEDAwUBAQgKH2X2iwAAAAAEAgAA"}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6800,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319117827967,"flow_dst_last_pkt_time":1484319117827967,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117827967,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6800,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1484319117827967,"flow_dst_last_pkt_time":1484319117827967,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319117827967,"pkt":"gCqoTGHM5JjWH70UCABFAABADR1AAEAGGb7AqAEHNCkeBdACAbuRqNIFAAAAALAC\/\/\/XwQAAAgQFtAEDAwUBAQgKH2X2jAAAAAAEAgAA"}
-00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6809,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1484319117826887,"flow_dst_last_pkt_time":1484319117879588,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319117879588,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGPL80KR4FwKgBBwG70AFaPMiyIXPsIqASOJC25AAAAgQFtAQCCAqh\/YpsH2X2iwEDAwg="}
-00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6810,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1484319117881117,"flow_dst_last_pkt_time":1484319117879588,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117881117,"pkt":"gCqoTGHM5JjWH70UCABFAAA0BiRAAEAGIMPAqAEHNCkeBdABAbshc+wiWjzIs4AQEBUN+QAAAQEICh9l9r+h\/Yps"}
-00794{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6811,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117879588,"flow_idle_time":3285032704,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1484319117885772,"pkt":"gCqoTGHM5JjWH70UCABFAAEEKuFAAEAG+zXAqAEHNCkeBdABAbshc+wiWjzIs4AYEBUAlAAAAQEICh9l9sOh\/YpsFgMBAMsBAADHAwNYeOmNxGxgi8I9EIqk5oJkWnJI9VweKmO\/JyQkao7GaCDcQ+\/FQ45c2bdXzP\/d5vWiRznU+6UwyhdZu7Y2G7JjpAAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="}
-01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6811,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117879588,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117885772,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6812,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1484319117827967,"flow_dst_last_pkt_time":1484319117886937,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319117886937,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGPb80KR4FwKgBBwG70ALhlhIJkajSBqASOJCQFwAAAgQFtAQCCAqh\/YptH2X2jAEDAwg="}
-00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6813,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_src_last_pkt_time":1484319117890575,"flow_dst_last_pkt_time":1484319117886937,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117890575,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Pr9AAEAG6CfAqAEHNCkeBdACAbuRqNIG4ZYSCoAQEBXnJgAAAQEICh9l9sWh\/Ypt"}
-00793{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6814,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117886937,"flow_idle_time":3285032704,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1484319117892631,"pkt":"gCqoTGHM5JjWH70UCABFAAEEuTxAAEAGbNrAqAEHNCkeBdACAbuRqNIG4ZYSCoAYEBUMGAAAAQEICh9l9seh\/YptFgMBAMsBAADHAwNYeOmNE5tkHrD0G2XjxlOstOMmL3TKkSrM+b+7cNSu7CDcQ+\/FQ45c2bdXzP\/d5vWiRznU+6UwyhdZu7Y2G7JjpAAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="}
-01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6814,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117886937,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117892631,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6820,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117929656,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117929656,"pkt":"5JjWH70UgCqoTGHMCABFIAA0QsRAACoG+gI0KR4FwKgBBwG70AFaPMizIXPs8oAQAD0c8QAAAQEICqH9ingfZfbD"}
-01274{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6821,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117930548,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319117930548,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}}
-00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6827,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":5,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117941532,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117941532,"pkt":"5JjWH70UgCqoTGHMCABFIAA0mHNAACkGpVM0KR4FwKgBBwG70ALhlhIKkajS1oAQAD32HgAAAQEICqH9insfZfbH"}
-01274{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6828,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117942410,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319117942410,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}}
-02301{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":6875,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319118140455,"flow_dst_last_pkt_time":1484319118145946,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2205,"flow_dst_tot_l4_payload_len":9578,"midstream":0,"thread_ts_usec":1484319118145946,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":140,"avg":20407.3,"max":141407,"stddev":28956.2,"var":838464256.0,"ent":3.9,"data": [52701,54230,4655,50068,892,45987,1145,402,2281,621,48897,36085,58570,140,1031,141407,13303,12185,4698,8739,8491,4498,3692,4536,12375,12816,15153,13884,6123,6182,6840]},"pktlen": {"min":52,"avg":420.8,"max":1500,"stddev":506.4,"var":256458.0,"ent":4.1,"data": [64,60,52,260,52,197,52,58,97,1500,550,52,52,1500,213,1500,52,545,52,991,52,425,52,1292,52,1392,52,646,52,794,52,707]},"bins": {"c_to_s": [12,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [4,0,0,0,1,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.494096756,5.269149303,5.100070000,6.003353119,5.215455055,6.547097206,5.138531685,5.182787418,6.044509888,7.866807461,7.609665394,5.140452385,5.215455055,7.873748302,6.994494438,7.847311020,5.138531685,7.632858276,5.138531685,7.760740280,5.176993370,7.540992260,5.061608315,7.843688965,5.176993370,7.880697250,5.138531685,7.689140797,5.100070000,7.779115677,5.138531685,7.737319469]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6888,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319118629811,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118629811,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118629811,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6888,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118629811,"flow_idle_time":200000000,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1484319118629811,"pkt":"gCqoTGHM5JjWH70UCABFAABDkmsAAP8RpeXAqAEHwKgBAd8FADUALzVHkfABAAABAAAAAAAABWExOTA3BGRzY2cGYWthbWFpA25ldAAAAQAB"}
-01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6888,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319118629811,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118629811,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118629811,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a1907.dscg.akamai.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6895,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118652959,"flow_idle_time":200000000,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_usec":1484319118652959,"pkt":"5JjWH70UgCqoTGHMCABFAABj4U1AAEAR1ePAqAEBwKgBBwA13wUATx78kfCBgAABAAIAAAAABWExOTA3BGRzY2cGYWthbWFpA25ldAAAAQABwAwAAQABAAAADAAEuBnMCsAMAAEAAQAAAAwABLgZzBk="}
-01057{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6895,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319118629811,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118652959,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":71,"midstream":0,"thread_ts_usec":1484319118652959,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a1907.dscg.akamai.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.10"}}}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6898,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319118657433,"flow_src_last_pkt_time":1484319118657433,"flow_dst_last_pkt_time":1484319118657433,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118657433,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6898,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1484319118657433,"flow_dst_last_pkt_time":1484319118657433,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319118657433,"pkt":"gCqoTGHM5JjWH70UCABFAABAL91AAEAGxQfAqAEHuBnMCtADAFAmSxL9AAAAALAC\/\/\/OdwAAAgQFtAEDAwUBAQgKH2X5sAAAAAAEAgAA"}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6899,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319118658049,"flow_src_last_pkt_time":1484319118658049,"flow_dst_last_pkt_time":1484319118658049,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118658049,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6899,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1484319118658049,"flow_dst_last_pkt_time":1484319118658049,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319118658049,"pkt":"gCqoTGHM5JjWH70UCABFAABAEThAAEAG46zAqAEHuBnMCtAEAFDFgkYhAAAAALAC\/\/\/8GgAAAgQFtAEDAwUBAQgKH2X5sAAAAAAEAgAA"}
-00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6901,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_src_last_pkt_time":1484319118657433,"flow_dst_last_pkt_time":1484319118672865,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319118672865,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Mi4GcwKwKgBBwBQ0APyPQT8JksS\/qAScSAMhgAAAgQFtAQCCAr\/\/WqNH2X5sAEDAwU="}
-00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6902,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_src_last_pkt_time":1484319118674195,"flow_dst_last_pkt_time":1484319118672865,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319118674195,"pkt":"gCqoTGHM5JjWH70UCABFAAA0XA9AAEAGmOHAqAEHuBnMCtADAFAmSxL+8j0E\/YAQEBWcSwAAAQEICh9l+cD\/\/WqN"}
-00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6903,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1484319118658049,"flow_dst_last_pkt_time":1484319118674728,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319118674728,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Mi4GcwKwKgBBwBQ0ASr4P0LxYJGIqAScSCIdgAAAgQFtAQCCAr\/\/WqNH2X5sAEDAwU="}
-00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6905,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_src_last_pkt_time":1484319118675789,"flow_dst_last_pkt_time":1484319118674728,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319118675789,"pkt":"gCqoTGHM5JjWH70UCABFAAA0us1AAEAGOiPAqAEHuBnMCtAEAFDFgkYiq+D9DIAQEBUYOwAAAQEICh9l+cH\/\/WqN"}
-00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6906,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":4,"flow_src_last_pkt_time":1484319118676250,"flow_dst_last_pkt_time":1484319118672865,"flow_idle_time":3285032704,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"thread_ts_usec":1484319118676250,"pkt":"gCqoTGHM5JjWH70UCABFAAEppeRAAEAGThfAqAEHuBnMCtADAFAmSxL+8j0E\/YAYEBUliAAAAQEICh9l+cH\/\/WqNR0VUIC80ZTM2ZC82Mjg5ODg5MDIwZDZjYzZkZmIzMDM4YzM1NTY0YTQxZTFjYTRlMzZkLmpwZyBIVFRQLzEuMQ0KSG9zdDogYXJ0LTEubmZseGltZy5uZXQNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTO3E9MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBBcmdvLzkuMS4wIChpUGhvbmU7IGlPUyAxMC4yOyBTY2FsZS8yLjAwKQ0KDQo="}
-01115{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6906,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319118657433,"flow_src_last_pkt_time":1484319118676250,"flow_dst_last_pkt_time":1484319118672865,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118676250,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net","http": {"url":"art-1.nflximg.net\/4e36d\/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}}
-00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6908,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_src_last_pkt_time":1484319118687774,"flow_dst_last_pkt_time":1484319118674728,"flow_idle_time":3285032704,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"thread_ts_usec":1484319118687774,"pkt":"gCqoTGHM5JjWH70UCABFAAEp1+JAAEAGHBnAqAEHuBnMCtAEAFDFgkYiq+D9DIAYEBXuKgAAAQEICh9l+cj\/\/WqNR0VUIC84YjFmYS9lYWExYjc4Y2Q3MmNhNGRiZGNhYjUyNzY5MWQyZmNhYjM3YzhiMWZhLmpwZyBIVFRQLzEuMQ0KSG9zdDogYXJ0LTEubmZseGltZy5uZXQNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTO3E9MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBBcmdvLzkuMS4wIChpUGhvbmU7IGlPUyAxMC4yOyBTY2FsZS8yLjAwKQ0KDQo="}
-01115{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6908,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319118658049,"flow_src_last_pkt_time":1484319118687774,"flow_dst_last_pkt_time":1484319118674728,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118687774,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net","http": {"url":"art-1.nflximg.net\/8b1fa\/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}}
-00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6909,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":5,"flow_src_last_pkt_time":1484319118676250,"flow_dst_last_pkt_time":1484319118700093,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319118700093,"pkt":"5JjWH70UgCqoTGHMCABFIAA0blRAADwGiny4GcwKwKgBBwBQ0APyPQT9JksT84AQA6unowAAAQEICv\/9aqkfZfnB"}
-00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6913,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":5,"flow_src_last_pkt_time":1484319118687774,"flow_dst_last_pkt_time":1484319118713206,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319118713206,"pkt":"5JjWH70UgCqoTGHMCABFIAA0l79AADwGYRG4GcwKwKgBBwBQ0ASr4P0MxYJHF4AQA6sjgwAAAQEICv\/9arMfZfnI"}
-01976{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":6921,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319118414034,"flow_dst_last_pkt_time":1484319118767393,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4896,"flow_dst_tot_l4_payload_len":7589,"midstream":0,"thread_ts_usec":1484319118767393,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":95,"avg":63539.0,"max":500942,"stddev":121518.7,"var":14766798848.0,"ent":3.3,"data": [58292,61223,1798,70566,2939,1016,71265,11570,12325,13054,147,95,65707,781,52265,3649,191,91649,51753,301,140150,3732,3446,3903,5462,6438,5030,437212,863,500942,291945]},"pktlen": {"min":52,"avg":442.8,"max":1500,"stddev":552.3,"var":305076.8,"ent":4.0,"data": [64,60,52,569,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,789,52,1500,476,52,448,52,751,52,86,52,1500,672,52,1500]},"bins": {"c_to_s": [10,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [5,2,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,0,1,0,1,0,1,0,0,0,1,1],"entropies": [4.586286545,5.335815430,5.169486523,4.098951340,5.025067329,7.251211166,7.301212311,5.207947731,7.012731075,5.246409416,6.273766041,5.113821983,5.990005016,5.132945538,5.992234230,5.246409893,7.870625973,7.755266190,5.171407223,7.853860855,7.522392750,5.169486046,7.574260712,5.131024361,7.742949009,5.207947731,5.956426620,5.207947731,7.856410503,7.668289185,5.038780212,7.883280277]}}
-01671{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6921,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319118414034,"flow_dst_last_pkt_time":1484319118767393,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4896,"flow_dst_tot_l4_payload_len":7589,"midstream":0,"thread_ts_usec":1484319118767393,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}}
-02208{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":6965,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":26,"flow_first_seen":1484319118658049,"flow_src_last_pkt_time":1484319118854817,"flow_dst_last_pkt_time":1484319119584735,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":34752,"midstream":0,"thread_ts_usec":1484319119584735,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":508,"avg":36240.5,"max":99830,"stddev":21554.2,"var":464585632.0,"ent":4.7,"data": [16679,17740,11985,38478,508,12702,40101,27115,27112,58536,99830,81106,33879,23672,53768,53762,65076,48010,65429,13865,30914,13324,28733,40448,54528,28786,29443,29431,27518,25487,25489]},"pktlen": {"min":52,"avg":1146.7,"max":1500,"stddev":613.3,"var":376142.5,"ent":4.7,"data": [64,60,52,297,52,1500,1500,52,1500,52,1500,64,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500]},"bins": {"c_to_s": [5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.495864868,5.233453751,5.156889915,5.883365631,5.270353794,7.005603790,7.481070995,5.118428230,7.677317619,5.077241421,7.654481411,5.151865005,7.832942486,7.813632965,7.788673401,7.782803535,7.834435940,7.821334362,7.827250957,7.843655586,7.828696728,7.842951298,7.865435123,7.847778320,7.855163097,7.835734844,7.856423378,7.842322826,7.854029179,7.863353252,7.834544182,7.849704266]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-02200{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":6990,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1484319118657433,"flow_src_last_pkt_time":1484319120611345,"flow_dst_last_pkt_time":1484319120609765,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":490,"flow_dst_tot_l4_payload_len":22387,"midstream":0,"thread_ts_usec":1484319120611345,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":241,"avg":126007.9,"max":1416280,"stddev":340787.6,"var":116136157184.0,"ent":2.6,"data": [15432,16762,2055,27228,957,1055,27336,38112,39355,39938,44658,83445,40664,236734,277719,1389753,1416280,268,12835,48683,241,12768,12757,15934,13837,16300,12778,12746,23173,13285,13156]},"pktlen": {"min":52,"avg":767.5,"max":1500,"stddev":698.9,"var":488505.9,"ent":4.3,"data": [64,60,52,297,52,1500,1500,52,1500,52,1500,1500,52,1500,719,52,297,1500,1500,1500,52,52,1500,1500,52,1500,52,1500,1500,52,1500,52]},"bins": {"c_to_s": [12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,0,0,1,1,1,0,0,1,1,0,1,0,1,1,0,1,0],"entropies": [4.464614868,5.187539101,5.079966545,5.914007187,5.270354271,7.264070511,7.801600933,5.195351601,7.847749710,5.032077789,7.834869862,7.811845303,5.118427753,7.846868038,7.676549435,5.195351124,5.834331989,6.944043159,7.534036636,7.785680771,5.062724590,4.993616104,7.810704231,7.840629101,5.024262428,7.853393078,4.863714218,7.836608410,7.849914551,5.062724113,7.841484547,5.053297043]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-00960{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":83,"flow_dst_packets_processed":147,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319110605814,"flow_dst_last_pkt_time":1484319110632202,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1427,"flow_dst_tot_l4_payload_len":193037,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
-00908{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319034890998,"flow_src_last_pkt_time":1484319034890998,"flow_dst_last_pkt_time":1484319034890998,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319118629811,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118652959,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":71,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319042988806,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319043002781,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":106,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":106,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00767{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1484319032896759,"flow_src_last_pkt_time":1484319033215216,"flow_dst_last_pkt_time":1484319033213209,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2185,"flow_dst_tot_l4_payload_len":4385,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00768{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":13,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319050696784,"flow_dst_last_pkt_time":1484319050693641,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4473,"flow_dst_tot_l4_payload_len":8193,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00901{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1484319030789585,"flow_src_last_pkt_time":1484319044993872,"flow_dst_last_pkt_time":1484319030789585,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00751{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1484319030789585,"flow_src_last_pkt_time":1484319044993872,"flow_dst_last_pkt_time":1484319030789585,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":46,"flow_dst_packets_processed":25,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319117874656,"flow_dst_last_pkt_time":1484319117873585,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":47170,"flow_dst_tot_l4_payload_len":6233,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
-01097{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":16,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319065592399,"flow_dst_last_pkt_time":1484319065588591,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9240,"flow_dst_tot_l4_payload_len":6786,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
-00960{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1484319049465573,"flow_src_last_pkt_time":1484319081182418,"flow_dst_last_pkt_time":1484319081180537,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9065,"flow_dst_tot_l4_payload_len":5638,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-00963{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":26,"flow_first_seen":1484319048780859,"flow_src_last_pkt_time":1484319080085510,"flow_dst_last_pkt_time":1484319080083748,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2612,"flow_dst_tot_l4_payload_len":27820,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-00765{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319063913670,"flow_dst_last_pkt_time":1484319063911664,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":601,"flow_dst_tot_l4_payload_len":4205,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00962{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":75,"flow_dst_packets_processed":73,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319080084561,"flow_dst_last_pkt_time":1484319080082639,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":26074,"flow_dst_tot_l4_payload_len":38104,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
-01092{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1484319033206431,"flow_src_last_pkt_time":1484319063914824,"flow_dst_last_pkt_time":1484319063913042,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":923,"flow_src_tot_l4_payload_len":502,"flow_dst_tot_l4_payload_len":1187,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
-00952{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1484319033886061,"flow_src_last_pkt_time":1484319113019284,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1976,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00956{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":32,"flow_first_seen":1484319043012652,"flow_src_last_pkt_time":1484319085476120,"flow_dst_last_pkt_time":1484319085460132,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":491,"flow_dst_tot_l4_payload_len":41992,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-00957{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":86,"flow_first_seen":1484319043013015,"flow_src_last_pkt_time":1484319077933957,"flow_dst_last_pkt_time":1484319077931072,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":119506,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-00956{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":11,"flow_first_seen":1484319043665565,"flow_src_last_pkt_time":1484319075730913,"flow_dst_last_pkt_time":1484319075722109,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":11584,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-01086{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":147,"flow_dst_packets_processed":490,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319109285016,"flow_dst_last_pkt_time":1484319109283193,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":701998,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-00768{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319117555613,"flow_dst_last_pkt_time":1484319117553842,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4406,"flow_dst_tot_l4_payload_len":4474,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00769{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117994811,"flow_dst_last_pkt_time":1484319117992103,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4361,"flow_dst_tot_l4_payload_len":4406,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":25,"flow_first_seen":1484319118657433,"flow_src_last_pkt_time":1484319120726362,"flow_dst_last_pkt_time":1484319120717893,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":490,"flow_dst_tot_l4_payload_len":31755,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":29,"flow_first_seen":1484319118658049,"flow_src_last_pkt_time":1484319120053813,"flow_dst_last_pkt_time":1484319119662360,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":39096,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-00948{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1484319032865799,"flow_src_last_pkt_time":1484319032866374,"flow_dst_last_pkt_time":1484319032884052,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":329,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":562,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00947{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319036827113,"flow_src_last_pkt_time":1484319036827113,"flow_dst_last_pkt_time":1484319036847572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":95,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":95,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-01097{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":18,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319073564849,"flow_dst_last_pkt_time":1484319073562707,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4576,"flow_dst_tot_l4_payload_len":6263,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
-01098{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":39,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319073578996,"flow_dst_last_pkt_time":1484319073576827,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4348,"flow_dst_tot_l4_payload_len":35028,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
-01097{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1484319035342783,"flow_src_last_pkt_time":1484319066108619,"flow_dst_last_pkt_time":1484319066106464,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2624,"flow_dst_tot_l4_payload_len":3919,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
-00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1484319114365279,"flow_src_last_pkt_time":1484319114365513,"flow_dst_last_pkt_time":1484319114400480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":329,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":562,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":26,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319119338372,"flow_dst_last_pkt_time":1484319119162139,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4896,"flow_dst_tot_l4_payload_len":21553,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
-01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":27,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319118687018,"flow_dst_last_pkt_time":1484319118675176,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4272,"flow_dst_tot_l4_payload_len":18162,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
-01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319118041692,"flow_dst_last_pkt_time":1484319118040132,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1384,"flow_dst_max_l4_payload_len":1000,"flow_src_tot_l4_payload_len":2158,"flow_dst_tot_l4_payload_len":2014,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
-00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319049641053,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049665892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319035004050,"flow_src_last_pkt_time":1484319035004050,"flow_dst_last_pkt_time":1484319035024355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319048757894,"flow_src_last_pkt_time":1484319048757894,"flow_dst_last_pkt_time":1484319048776187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":150,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":150,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319117511945,"flow_src_last_pkt_time":1484319117511945,"flow_dst_last_pkt_time":1484319117538934,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00948{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319032882949,"flow_src_last_pkt_time":1484319032882949,"flow_dst_last_pkt_time":1484319032884500,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319049645637,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049681348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":329,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":329,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":32,"flow_first_seen":1484319050652467,"flow_src_last_pkt_time":1484319052229556,"flow_dst_last_pkt_time":1484319052226562,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":41059,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":34,"flow_first_seen":1484319052216458,"flow_src_last_pkt_time":1484319054100433,"flow_dst_last_pkt_time":1484319054096359,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":42884,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01075{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":34,"flow_first_seen":1484319054101585,"flow_src_last_pkt_time":1484319056189450,"flow_dst_last_pkt_time":1484319056186291,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":354,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":354,"flow_dst_tot_l4_payload_len":42887,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":20,"flow_first_seen":1484319056204111,"flow_src_last_pkt_time":1484319063242076,"flow_dst_last_pkt_time":1484319063297170,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":21106,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":25,"flow_first_seen":1484319056210218,"flow_src_last_pkt_time":1484319062135981,"flow_dst_last_pkt_time":1484319062134494,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":28406,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":35,"flow_dst_packets_processed":19,"flow_first_seen":1484319056214323,"flow_src_last_pkt_time":1484319063597246,"flow_dst_last_pkt_time":1484319063594994,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":21166,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":22,"flow_first_seen":1484319056221799,"flow_src_last_pkt_time":1484319063369085,"flow_dst_last_pkt_time":1484319063367514,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":26582,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":21,"flow_first_seen":1484319056232857,"flow_src_last_pkt_time":1484319064277374,"flow_dst_last_pkt_time":1484319064275757,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":24061,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":23,"flow_first_seen":1484319056233255,"flow_src_last_pkt_time":1484319063240640,"flow_dst_last_pkt_time":1484319063283910,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":25147,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":22,"flow_first_seen":1484319056233602,"flow_src_last_pkt_time":1484319063764739,"flow_dst_last_pkt_time":1484319063789538,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":24062,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":29,"flow_first_seen":1484319056234960,"flow_src_last_pkt_time":1484319063566368,"flow_dst_last_pkt_time":1484319063564465,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":35622,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":21,"flow_first_seen":1484319056241489,"flow_src_last_pkt_time":1484319062003848,"flow_dst_last_pkt_time":1484319062000609,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":24062,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":20,"flow_first_seen":1484319056264215,"flow_src_last_pkt_time":1484319064484621,"flow_dst_last_pkt_time":1484319064524154,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":359,"flow_dst_tot_l4_payload_len":21057,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":25,"flow_first_seen":1484319056264541,"flow_src_last_pkt_time":1484319063421011,"flow_dst_last_pkt_time":1484319063419225,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":28406,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01080{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":502,"flow_dst_packets_processed":805,"flow_first_seen":1484319064590230,"flow_src_last_pkt_time":1484319117695373,"flow_dst_last_pkt_time":1484319117692528,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":515,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6669,"flow_dst_tot_l4_payload_len":1149307,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01079{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":75,"flow_dst_packets_processed":103,"flow_first_seen":1484319064593980,"flow_src_last_pkt_time":1484319070693375,"flow_dst_last_pkt_time":1484319070642260,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":516,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1540,"flow_dst_tot_l4_payload_len":143966,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01080{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":293,"flow_dst_packets_processed":495,"flow_first_seen":1484319070636683,"flow_src_last_pkt_time":1484319117609764,"flow_dst_last_pkt_time":1484319117608195,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":516,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":3604,"flow_dst_tot_l4_payload_len":703435,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01082{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":667,"flow_dst_packets_processed":1205,"flow_first_seen":1484319091296070,"flow_src_last_pkt_time":1484319117694194,"flow_dst_last_pkt_time":1484319117691857,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":518,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6198,"flow_dst_tot_l4_payload_len":1728337,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00960{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":16,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319063911876,"flow_dst_last_pkt_time":1484319063910283,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1665,"flow_dst_tot_l4_payload_len":5170,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
-00961{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":15,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319064012018,"flow_dst_last_pkt_time":1484319064010312,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6334,"flow_dst_tot_l4_payload_len":4142,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
-00962{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":16,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319064790823,"flow_dst_last_pkt_time":1484319064782569,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6319,"flow_dst_tot_l4_payload_len":4171,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
-00962{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":17,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319096924088,"flow_dst_last_pkt_time":1484319096921856,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":20856,"flow_dst_tot_l4_payload_len":4094,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
-00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319064683828,"flow_src_last_pkt_time":1484319064683828,"flow_dst_last_pkt_time":1484319064699948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":206,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00574{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","packets-captured":6999,"packets-processed":6999,"total-skipped-flows":0,"total-l4-payload-len":5686857,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":60,"total-detection-updates":61,"total-updates":10,"current-active-flows":0,"total-active-flows":61,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":559,"global_ts_usec":1484319120726362}
+00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1484319037897807,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_usec":1484319037897807,"pkt":"AQBef\/\/65JjWH70UCABFAACWcF0AAAERl1DAqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="}
+01978{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":401,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319042786338,"flow_dst_last_pkt_time":1484319042922798,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4576,"flow_dst_tot_l4_payload_len":5220,"midstream":0,"thread_ts_usec":1484319042922798,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":147,"avg":501615.3,"max":7507819,"stddev":1826252.6,"var":3335198867456.0,"ent":1.4,"data": [49499,50871,4368,54319,2439,996,53513,42973,42827,12725,273,205,57417,5098,49336,4198,388,49955,75766,32147,2030,911,5107,4712,147,7402221,150,7507819,929,35745,990]},"pktlen": {"min":52,"avg":358.8,"max":1500,"stddev":520.7,"var":271128.8,"ent":3.8,"data": [64,60,52,260,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,661,52,52,184,96,86,52,52,52,1500,789,52,52,1500,474]},"bins": {"c_to_s": [10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [6,3,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,0,1,1,1,0,0,0,0,0,1,1,1,1],"entropies": [4.566831589,5.335815907,5.094483852,6.025682926,5.169486523,7.256491661,7.325493813,5.092563152,7.129077435,5.092563152,6.393805504,5.100806713,6.014647961,5.169486523,5.965332508,5.169486523,7.872792244,7.651345730,5.207947731,5.207948208,6.796521664,6.094137192,5.926040173,5.169486523,5.207948208,5.169486046,7.868273258,7.747731686,5.169486046,5.169486523,7.861037254,7.536938190]}}
+01738{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":401,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319042786338,"flow_dst_last_pkt_time":1484319042922798,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4576,"flow_dst_tot_l4_payload_len":5220,"midstream":0,"thread_ts_usec":1484319042922798,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319042988806,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319042988806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319042988806,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319042988806,"flow_idle_time":200000000,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1484319042988806,"pkt":"gCqoTGHM5JjWH70UCABFAABGkh4AAP8Rpi\/AqAEHwKgBAecsADUAMtLh8roBAAABAAAAAAAAB2FydHdvcmsEYWthbQduZmx4aW1nA25ldAAAAQAB"}
+01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319042988806,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319042988806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319042988806,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"artwork.akam.nflximg.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319043002781,"flow_idle_time":200000000,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"thread_ts_usec":1484319043002781,"pkt":"5JjWH70UgCqoTGHMCABFAACG4UVAAEAR1cjAqAEBwKgBBwA15ywAct6B8rqBgAABAAMAAAAAB2FydHdvcmsEYWthbQduZmx4aW1nA25ldAAAAQABwAwABQABAAAAUwAUBWExOTA3BGRzY2cGYWthbWFpwCHANgABAAEAAAAHAAS4GcwZwDYAAQABAAAABwAEuBnMCg=="}
+01066{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":414,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319042988806,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319043002781,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":106,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":106,"midstream":0,"thread_ts_usec":1484319043002781,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"artwork.akam.nflximg.net","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.25"}}}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319043012652,"flow_src_last_pkt_time":1484319043012652,"flow_dst_last_pkt_time":1484319043012652,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043012652,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1484319043012652,"flow_dst_last_pkt_time":1484319043012652,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319043012652,"pkt":"gCqoTGHM5JjWH70UCABFAABA10xAAEAGHYnAqAEHuBnMGc+cAFC2IFmCAAAAALAC\/\/8TjwAAAgQFtAEDAwUBAQgKH2TelwAAAAAEAgAA"}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":416,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319043013015,"flow_src_last_pkt_time":1484319043013015,"flow_dst_last_pkt_time":1484319043013015,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043013015,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1484319043013015,"flow_dst_last_pkt_time":1484319043013015,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319043013015,"pkt":"gCqoTGHM5JjWH70UCABFAABAkrpAAEAGYhvAqAEHuBnMGc+dAFDU44WRAAAAALAC\/\/\/IugAAAgQFtAEDAwUBAQgKH2TemAAAAAAEAgAA"}
+00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1484319043012652,"flow_dst_last_pkt_time":1484319043035100,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319043035100,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lm4GcwZwKgBBwBQz5xwDCo3tiBZg6AScSDeBAAAAgQFtAQCCAr\/\/DsdH2TelwEDAwU="}
+00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1484319043013015,"flow_dst_last_pkt_time":1484319043035720,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319043035720,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lm4GcwZwKgBBwBQz53Qk2dE1OOFkqAScSD1lgAAAgQFtAQCCAr\/\/DsiH2TemAEDAwU="}
+00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1484319043041595,"flow_dst_last_pkt_time":1484319043035100,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319043041595,"pkt":"gCqoTGHM5JjWH70UCABFAAA0zhNAAEAGJs7AqAEHuBnMGc+cAFC2IFmDcAwqOIAQEBVtuwAAAQEICh9k3rb\/\/Dsd"}
+00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1484319043042140,"flow_dst_last_pkt_time":1484319043035720,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319043042140,"pkt":"gCqoTGHM5JjWH70UCABFAAA0UPZAAEAGo+vAqAEHuBnMGc+dAFDU44WS0JNnRYAQEBWFTgAAAQEICh9k3rb\/\/Dsi"}
+00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1484319043068353,"flow_dst_last_pkt_time":1484319043035100,"flow_idle_time":3285032704,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1484319043068353,"pkt":"gCqoTGHM5JjWH70UCABFAAEq43RAAEAGEHfAqAEHuBnMGc+cAFC2IFmDcAwqOIAYEBUNzAAAAQEICh9k3rv\/\/DsdR0VUIC9hZjdhNS8zNjI2NDM0MjRlNzc1ZDAzOTNkZGI0NmUxNDVjMjM3NTM2N2FmN2E1LndlYnAgSFRUUC8xLjENCkhvc3Q6IGFydC0yLm5mbHhpbWcubmV0DQpBY2NlcHQ6ICovKg0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUztxPTENCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogQXJnby85LjEuMCAoaVBob25lOyBpT1MgMTAuMjsgU2NhbGUvMi4wMCkNCg0K"}
+01115{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":431,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319043012652,"flow_src_last_pkt_time":1484319043068353,"flow_dst_last_pkt_time":1484319043035100,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043068353,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net","http": {"url":"art-2.nflximg.net\/af7a5\/362643424e775d0393ddb46e145c2375367af7a5.webp","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}}
+00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1484319043078953,"flow_dst_last_pkt_time":1484319043035720,"flow_idle_time":3285032704,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"thread_ts_usec":1484319043078953,"pkt":"gCqoTGHM5JjWH70UCABFAAEp\/qdAAEAG9UTAqAEHuBnMGc+dAFDU44WS0JNnRYAYEBWe1gAAAQEICh9k3rz\/\/DsiR0VUIC81NzU4Yy9iYjYzNmU0NGI4N2VmODU0YzMzMWVkN2I3YjZlMTU3ZTQ5NDU3NThjLmpwZyBIVFRQLzEuMQ0KSG9zdDogYXJ0LTIubmZseGltZy5uZXQNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTO3E9MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBBcmdvLzkuMS4wIChpUGhvbmU7IGlPUyAxMC4yOyBTY2FsZS8yLjAwKQ0KDQo="}
+01114{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319043013015,"flow_src_last_pkt_time":1484319043078953,"flow_dst_last_pkt_time":1484319043035720,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043078953,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net","http": {"url":"art-2.nflximg.net\/5758c\/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}}
+00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1484319043068353,"flow_dst_last_pkt_time":1484319043092808,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319043092808,"pkt":"5JjWH70UgCqoTGHMCABFIAA0EWZAADwG51u4GcwZwKgBBwBQz5xwDCo4tiBaeYAQA6t46QAAAQEICv\/8O14fZN67"}
+00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1484319043078953,"flow_dst_last_pkt_time":1484319043106058,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319043106058,"pkt":"5JjWH70UgCqoTGHMCABFIAA0XCxAADwGnJW4GcwZwKgBBwBQz53Qk2dF1OOGh4AQA6uQdgAAAQEICv\/8O2kfZN68"}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":473,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319043665565,"flow_src_last_pkt_time":1484319043665565,"flow_dst_last_pkt_time":1484319043665565,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043665565,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1484319043665565,"flow_dst_last_pkt_time":1484319043665565,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319043665565,"pkt":"gCqoTGHM5JjWH70UCABFAABAaV9AAEAGi3bAqAEHuBnMGc+eAFByPGEHAAAAALAC\/\/9NegAAAgQFtAEDAwUBAQgKH2ThCQAAAAAEAgAA"}
+00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1484319043665565,"flow_dst_last_pkt_time":1484319043688511,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319043688511,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lm4GcwZwKgBBwBQz57u7DQucjxhCKAScSCMigAAAgQFtAQCCAr\/\/D2rH2ThCQEDAwU="}
+00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1484319043689999,"flow_dst_last_pkt_time":1484319043688511,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319043689999,"pkt":"gCqoTGHM5JjWH70UCABFAAA0VAZAAEAGoNvAqAEHuBnMGc+eAFByPGEI7uw0L4AQEBUcSAAAAQEICh9k4SH\/\/D2r"}
+00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1484319043691581,"flow_dst_last_pkt_time":1484319043688511,"flow_idle_time":3285032704,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"thread_ts_usec":1484319043691581,"pkt":"gCqoTGHM5JjWH70UCABFAAEpIqVAAEAG0UfAqAEHuBnMGc+eAFByPGEI7uw0L4AYEBW0VgAAAQEICh9k4SL\/\/D2rR0VUIC84N2IzMy9iZWQxMjIzYTAwNDBmZGM5N2JhYzRlOTA2MzMyZTQ2MmM2ZTg3YjMzLmpwZyBIVFRQLzEuMQ0KSG9zdDogYXJ0LTIubmZseGltZy5uZXQNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTO3E9MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBBcmdvLzkuMS4wIChpUGhvbmU7IGlPUyAxMC4yOyBTY2FsZS8yLjAwKQ0KDQo="}
+01114{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319043665565,"flow_src_last_pkt_time":1484319043691581,"flow_dst_last_pkt_time":1484319043688511,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319043691581,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-2.nflximg.net","http": {"url":"art-2.nflximg.net\/87b33\/bed1223a0040fdc97bac4e906332e462c6e87b33.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}}
+00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1484319043691581,"flow_dst_last_pkt_time":1484319043731268,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319043731268,"pkt":"5JjWH70UgCqoTGHMCABFIAA0CfxAADwG7sW4GcwZwKgBBwBQz57u7DQvcjxh\/YAQA6snlAAAAQEICv\/8PdMfZOEi"}
+02218{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":499,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":25,"flow_first_seen":1484319043013015,"flow_src_last_pkt_time":1484319044532732,"flow_dst_last_pkt_time":1484319044504314,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":33304,"midstream":0,"thread_ts_usec":1484319044532732,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6882,"avg":97129.5,"max":1300093,"stddev":229777.6,"var":52797755392.0,"ent":3.4,"data": [22705,29125,36813,70338,13255,32378,25989,101810,6882,28009,25233,44994,56409,27146,27165,53793,54320,26078,52109,80662,53766,398536,54325,39942,109640,40469,26128,51507,108074,13323,1300093]},"pktlen": {"min":52,"avg":1101.9,"max":1500,"stddev":637.7,"var":406609.6,"ent":4.6,"data": [64,60,52,297,52,1500,1500,1500,52,52,1500,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,80]},"bins": {"c_to_s": [6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0],"entropies": [4.538909912,5.312702179,5.079966545,5.942044735,5.308815479,7.330718994,7.743900776,7.712044239,5.233813286,5.000318527,7.842275620,7.821234226,5.156889915,7.816409111,7.847937107,7.841120243,7.664994240,7.793088913,7.822535038,7.766201496,7.754564285,7.803048134,7.810695171,7.784301758,7.848053455,7.850491524,7.814136028,7.845249176,7.833446503,7.828612804,7.832110882,5.393421650]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1484319044993872,"flow_dst_last_pkt_time":1484319030789585,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1484319044993872,"pkt":"gCqoTGHM5JjWH70UCABFAAAoz5tAAEAGHmfAqAEHNBhXBs7BAbvkIOdlTYzTZlAUEACWDAAAAAAAAAAA"}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":600,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319048757894,"flow_src_last_pkt_time":1484319048757894,"flow_dst_last_pkt_time":1484319048757894,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319048757894,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1484319048757894,"flow_dst_last_pkt_time":1484319048757894,"flow_idle_time":200000000,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1484319048757894,"pkt":"gCqoTGHM5JjWH70UCABFAABBS2MAAP8R7O\/AqAEHwKgBAeL2ADUALZ5c\/mQBAAABAAAAAAAAB2FwcGJvb3QHbmV0ZmxpeANjb20AAAEAAQ=="}
+01043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319048757894,"flow_src_last_pkt_time":1484319048757894,"flow_dst_last_pkt_time":1484319048757894,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319048757894,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"appboot.netflix.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1484319048757894,"flow_dst_last_pkt_time":1484319048776187,"flow_idle_time":200000000,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_usec":1484319048776187,"pkt":"5JjWH70UgCqoTGHMCABFAACy4UZAAEAR1ZvAqAEBwKgBBwA14vYAnkKZ\/mSBgAABAAUAAAAAB2FwcGJvb3QHbmV0ZmxpeANjb20AAAEAAcAMAAUAAQAAAG0ADgdhcHBib290A2dlb8AUwDEABQABAAABawAbB2FwcGJvb3QJdXMtd2VzdC0yBnByb2RhYcAUwEsAAQABAAAACwAENsm\/hMBLAAEAAQAAAAsABDQr9VrASwABAAEAAAALAAQ0GfQx"}
+01062{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":601,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319048757894,"flow_src_last_pkt_time":1484319048757894,"flow_dst_last_pkt_time":1484319048776187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":150,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":150,"midstream":0,"thread_ts_usec":1484319048776187,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"appboot.netflix.com","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.201.191.132"}}}
+00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":602,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319048780859,"flow_src_last_pkt_time":1484319048780859,"flow_dst_last_pkt_time":1484319048780859,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319048780859,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1484319048780859,"flow_dst_last_pkt_time":1484319048780859,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319048780859,"pkt":"gCqoTGHM5JjWH70UCABFAABAtrNAAEAGzAfAqAEHNsm\/hM+fAFA6e8d6AAAAALAC\/\/+ZMQAAAgQFtAEDAwUBAQgKH2T0hAAAAAAEAgAA"}
+00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1484319048780859,"flow_dst_last_pkt_time":1484319048824981,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319048824981,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGmJ82yb+EwKgBBwBQz59tgW\/FOnvHe6ASRep1DwAAAgQFtAQCCApXXrqDH2T0hAEDAwg="}
+00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1484319048826457,"flow_dst_last_pkt_time":1484319048824981,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319048826457,"pkt":"gCqoTGHM5JjWH70UCABFAAA0VQxAAEAGLbvAqAEHNsm\/hM+fAFA6e8d7bYFvxoAQEBXZhAAAAQEICh9k9LFXXrqD"}
+00929{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1484319048830359,"flow_dst_last_pkt_time":1484319048824981,"flow_idle_time":3285032704,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_usec":1484319048830359,"pkt":"gCqoTGHM5JjWH70UCABFAAFtxNtAAEAGvLLAqAEHNsm\/hM+fAFA6e8d7bYFvxoAYEBUtNAAAAQEICh9k9LRXXrqDUE9TVCAvYXBwYm9vdC9ORkFQUEwtMDItIEhUVFAvMS4xDQpIb3N0OiBhcHBib290Lm5ldGZsaXguY29tDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogQXJnby85MDAgQ0ZOZXR3b3JrLzgwOC4yLjE2IERhcndpbi8xNi4zLjANCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdDogKi8qDQpYLU5ldGZsaXguQVBJQWN0aW9uOiBhcHBib290DQpDb250ZW50LUxlbmd0aDogMjI5OQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQoNCg=="}
+01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319048780859,"flow_src_last_pkt_time":1484319048830359,"flow_dst_last_pkt_time":1484319048824981,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":313,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":313,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319048830359,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"appboot.netflix.com","http": {"url":"appboot.netflix.com\/appboot\/NFAPPL-02-","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0","request_content_type":"application\/x-www-form-urlencoded"}}}
+02444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1484319048841019,"flow_dst_last_pkt_time":1484319048824981,"flow_idle_time":3285032704,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1484319048841019,"pkt":"gCqoTGHM5JjWH70UCABFAAXc5GhAAEAGmLbAqAEHNsm\/hM+fAFA6e8i0bYFvxoAQEBWdRQAAAQEICh9k9LVXXrqDeyJlbnRpdHlhdXRoZGF0YSI6eyJhdXRoZGF0YSI6eyJpZGVudGl0eSI6Ik5GQVBQTC0wMi1JUEhPTkU2PTEtODc1OUZDM0NFMDgzNjA2M0MyMTA3RDZBMDM1QUY3M0QyMzU2NzlBQ0Q2OUNBOTg4N0JGNjQ1NzBFQTJERkQ5OCJ9LCJzY2hlbWUiOiJNR0sifSwiaGVhZGVyZGF0YSI6ImV5SmphWEJvWlhKMFpYaDBJam9pVUVkVlp6Rk1OazE0TldkVlpXeDRhM2QxU2tkRFpUSmxObFY2Y0N0NUswWjNkVU41WVVKbVJHTnllblZZTVdkTldXcENTVEJ2U2xWVFRUVXZOamM0UldGcWJXVTRUelY0U21oQ01ubE9PWGcwTTJaTlQwNVJSRUkxYzAwME9IUlBRbU5KU2xab1dFWktORFl4TlZsclNsZGtlRVZaVFhSblNVcGtVVm9yWmtaMWQxcHpjek5JTTFJeFREYzRjWGcxU2s5d09IZFVORGRZWjFJMFIyb3lWVVJGZUZObVozRk9TalkwVHpKSE9IRktSVFJaYldGUmFGVnZkbTB4VGxremEyTnVPU3QyVnpGT0t6QjZVR1p1V2pCR1kwdEpSbkZSYjBKVmJDdGlWSFJaTms5dE55dDBRV3cxYUd0SE4xaFNVak5oUldsYVltSm5kMmMyUlhVd1JteHBSSHB2U0U5WFlYVmlkRGdyUmtnMlYyb3phWHBDYVc5bVYwRmhTREI0VkRJNGRuSkJXbW8zTlRsM1dHZHhWamhVVDFndmNFRXZObWtyZEZoSWQwOVpPVlZHUW14UVkxVlRaSFZXU3l0VWQzSTNVMGRqVVRkT1owZE1lRVp5YjFoQ1dHbzRibEl6ZVRGbFYzZHhVMlJVTm0xWllWUkJSbEZRVG1GaGVETmpiM0pSVGxoUFl6ZEtNbVV6VTJwdGVrbElhRlJ6YTBacldsSlNZa1p6ZWxCSFRFNWhMMVZZYnpGWWRtdGxjRnBhWTBzNFEyNHpaVzVCYlVGdk5EWjRMM1ZDYWxoUU5qZFFlR3RpVWtjMmJVOVJSMDlIVVdsSlZqSlRWbHBWTDFkS1NEUk1TbXRyZG1Wd2QwUXZhRmc0ZURKaFVFeDBRVkZPVDFBMVFtNUdiR2d4WmpOWVlVbG1OWG95U0VkRFFUTjVOMDVoYUVaNVZFWjZkV3RhU2tSYVZHc3pSME5KV21wamJrVkNkekJXZUZsbFVETjJhVWh3UzBwT1JTdHhiMWhFVFROb2VFMXdNalIwV25kRk0xbHdSSE42WTA5bWRIWlNOMnMxVTFoalVFZFFjV3ROY1c5YVIyVkNkM2hrVkRCWlNXVnlhR0ZFVEhsRFltRnROa3htTkhKTWVrbFdVbFZhU3pWYVpHWjFSbWMwY1d4dE9VRTlQU0lzSW1sMklqb2laWEZvVFZaak5VaFFiV1ZSZFZSUFYxZHJZemwxZHowOUlpd2lhMlY1YVdRaU9pSk9Sa0ZRVUV3dE1ESXRTVkJJVDA1Rk5qMHhMVGczTlRsR1F6TkRSVEE0TXpZd05qTkRNakV3TjBRMlFUQXpOVUZHTnpORU1qTTFOamM1UVVORU5qbERRVGs0T0RkQ1JqWTBOVGN3UlVFeVJFWkVPVGdpTENKemFHRXlOVFlpT2lKQlFUMDlJbjA9Iiwic2lnbmF0dXJlIjoieWZ5ZkVRQjVpTjVkeCttb1YyU0FhWnliK1NLMDdPVDVjazhPNE9VdjlZWT0ifXsicGF5bG9hZCI6ImV5SmphWEJvWlhKMFpYaDBJam9pUWpSS056SjFXRzQ1VUhRNVJqUmtRbk5ETUhsWVdWVlVRV3hYUVZwb1ptOURURWRETmpWMmJEaFNhbXhhTVZOUGMycDVhVGwwTmxaNVJsVXlNVUZOTWxOVGRVMVlWVXQ="}
+02196{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":644,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1484319048780859,"flow_src_last_pkt_time":1484319049236027,"flow_dst_last_pkt_time":1484319049229808,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2612,"flow_dst_tot_l4_payload_len":21687,"midstream":0,"thread_ts_usec":1484319049236027,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":193,"avg":29165.1,"max":187154,"stddev":42322.7,"var":1791214592.0,"ent":4.0,"data": [44122,45598,3902,10660,193,60003,5736,990,135055,302,187154,5655,5706,13881,14022,13277,14383,27821,13324,13128,9212,13280,22521,13399,39251,13309,13303,13855,13324,13288,124463]},"pktlen": {"min":52,"avg":812.3,"max":1500,"stddev":674.9,"var":455511.9,"ent":4.4,"data": [64,60,52,365,1500,903,52,52,52,714,1500,52,1500,52,1500,52,1500,1500,52,1012,52,1500,1293,52,1500,1500,1500,1500,1500,1500,1500,64]},"bins": {"c_to_s": [9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,13,0,0]},"directions": [0,1,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,0],"entropies": [4.538909912,5.279368401,5.156889915,5.705281258,5.964499474,6.056532860,5.272274971,5.272274494,5.310736179,6.005652428,5.696421623,5.094483852,6.091891766,5.233812809,5.866946220,5.038780212,5.796521664,5.782927513,5.195351601,5.831374168,5.233812809,5.802160263,5.817751884,5.195351124,5.813166142,5.771504402,5.781269550,5.780963898,5.817500591,5.785477638,5.779314995,5.163660049]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":666,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049465573,"flow_src_last_pkt_time":1484319049465573,"flow_dst_last_pkt_time":1484319049465573,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049465573,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1484319049465573,"flow_dst_last_pkt_time":1484319049465573,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319049465573,"pkt":"gCqoTGHM5JjWH70UCABFAABAjtZAAEAGjk7AqAEHNFkni8+gAFCVL\/AiAAAAALAC\/\/+toQAAAgQFtAEDAwUBAQgKH2T3IAAAAAAEAgAA"}
+00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1484319049465573,"flow_dst_last_pkt_time":1484319049510947,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319049510947,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGMwk0WSeLwKgBBwBQz6CC\/YxQlS\/wI6ASRerkyQAAAgQFtAQCCAqtiNcHH2T3IAEDAwg="}
+00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1484319049516159,"flow_dst_last_pkt_time":1484319049510947,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319049516159,"pkt":"gCqoTGHM5JjWH70UCABFAAA0TN5AAEAG0FLAqAEHNFkni8+gAFCVL\/Ajgv2MUYAQEBVJOgAAAQEICh9k91KtiNcH"}
+01377{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1484319049518619,"flow_dst_last_pkt_time":1484319049510947,"flow_idle_time":3285032704,"pkt_caplen":715,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":715,"pkt_l4_len":681,"thread_ts_usec":1484319049518619,"pkt":"gCqoTGHM5JjWH70UCABFAAK9sclAAEAGaN7AqAEHNFkni8+gAFCVL\/Ajgv2MUYAYEBXtIwAAAQEICh9k91StiNcHUE9TVCAvbXNsL25yZGpzLzIuMS4yIEhUVFAvMS4xDQpIb3N0OiBhcGktZ2xvYmFsLm5ldGZsaXguY29tDQpYLUdpYmJvbi1DYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQWNjZXB0OiAqLyoNClgtTmV0ZmxpeC5yZXF1ZXN0LmV4cGlyeS50aW1lb3V0OiAxNTAwMA0KWC1BbGxvd0NvbXByZXNzaW9uOiBmYWxzZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KWC1OZXRmbGl4LnJlcXVlc3QuYXR0ZW1wdDogMQ0KQ29udGVudC1MZW5ndGg6IDg0MTYNClgtQ2xpZW50LVJlcXVlc3QtSWQ6IDE4NDQ2MzU2MTMzMDg2MjYxNjEyDQpVc2VyLUFnZW50OiBBcmdvLzkwMCBDRk5ldHdvcmsvODA4LjIuMTYgRGFyd2luLzE2LjMuMA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ29va2llOiBtZW1jbGlkPTcwMWFkMzEyLTQ4MDEtNDdlNy1hYzAwLWNiMzdhZTJmNGFmZjsgbmZ2ZGlkPUJRRm1BQUVCRUpYJTJGOEFodHlLbFRicmt0TUhUSWRITkFYbUJNMFpuUEY2NDJwZW5HVEhPaXQzeDlyVTBwTG0wS0s3ZDhtb0J5ZDFROW9Fc2FRT1UwNXkxJTJGT1RRWWRPODZVVDFZVlVOTGpxVUR1WEU2V3MzVTdRJTNEJTNEDQoNCg=="}
+01154{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319049465573,"flow_src_last_pkt_time":1484319049518619,"flow_dst_last_pkt_time":1484319049510947,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":649,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":649,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049518619,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","http": {"url":"api-global.netflix.com\/msl\/nrdjs\/2.1.2","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0","request_content_type":"application\/x-www-form-urlencoded"}}}
+02445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1484319049529760,"flow_dst_last_pkt_time":1484319049510947,"flow_idle_time":3285032704,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1484319049529760,"pkt":"gCqoTGHM5JjWH70UCABFAAXcGHxAAEAG\/wzAqAEHNFkni8+gAFCVL\/Ksgv2MUYAQEBU48AAAAQEICh9k91StiNcHeyJoZWFkZXJkYXRhIjoiZXlKamFYQm9aWEowWlhoMElqb2labkJwTWprNE1IVlpRbThyZDNkSlNYQnNjMWhMS3paQ1ZFaERhM2RrYTFOU09XbFVUbWx3TVVZMU9XVlRiV3BUYVd4VVRta3ZORlJQYnpSeFFsUk1ZVmh4VlZkUmFFNUtjQ3RaUzA5VVkyVlJVVkJVYVZWbmFVOVRaM1F5YmpjeWNFOVdhRlZhVW5GMWJuVm9TMmRZVHpaSWRqVkJWamR0ZVRZcmFWUnROVUZvU2t4TFZsTmtWMDFYVkd3eGRTOUJjbTR4ZUdSTFZtaHBjSGsxT0hSeVdrRnZlaXRDY3pKSVR6ZFJWVEJvZW0xWk9ERnRjR1JNZUcxYWFUSjZWSGhNYzNWd0wxWlVTRWhNT0hNNGIwNDJjVkpwWW5sWGNuVk9kRkV4Y21adVNsTndlbkp1UzJSck1VdHBLMWxVYmxOMFNqWTVkMEk1VUhBd2RpdHVObmhKZW5wRlMwTlRaRkpHVVdwNE56ZFZVbGRWYTI1VVZGUTBjWFpEY25BMlUwNXFOMGhaTjB0YWVpOTFUV3BKT1ZscU4xSlJZMWx3T0hKMU0xUTRjMDFEY2pCU2EzRm1SVVV2VHpCVU5VWlRPRFpyUTJkcVJXZFNSVlJFV1d0UmMzZE1jSGxCYW5ZdlYxZEtNazl3U0U5eE9HRk5iM3BMZERRd1Rqa3JaMnhyTnpSTU1UbGtkbUpQTXpOdlRFWnNNRUpEU1hadU5ISnhhaXRST1VGb1VtWndaMFZqWldoRFZWTllPV3RVZUZsMlduRmhTMHBzUkdVNFFUSjFUV0UwYjNaNlkwMWxhMEozWlRkc1JIazFNa042ZDBGR1NtWlhlbVl6YWxWUlZVMXllalZFUjJkWWVXRlJhVlp5UjFOaGREVnRSek4xUmtVMksyeHhaVEEwT1ZSUFVqaEZLMGRRV1d4eFptcGFiRTl5Vm0xQk1sTldlVWhLZGpkMVYwVkVNV1lyTTFWa00wNVBXamQzTVZWV2NYTTNaaTlpUTNnNWRuRjVVbGhWV0M4cmMwRjJNMUp1TkRNM2IzZHdlV0phY2pWSFFWZFRNRWhTYUhGemNtSXpURGxSY0VjNFIyNXFSamxOWTBwT1owMU9aVEZvSzNSb1JtcElaRzVZT0hsb1VrNXlVVmhDUWxoRFZXUk1aVnByU1dkR01qUkJia3RDUlc1RWFtazVWRTF6YTBwalpuUldWMWhOYUVWVlprdFZNV0o1ZGk5RFdXTlhVWFpEWVdSNFUzQlJOR1JQY2tkV1NVMUhWME4xWm5SalVrOTJWV1pPZFZRM01taG1SMFZ3UldaVVJrc3JaV3d5VkRoTFVFcHliMWRNYlVoeVVrdE5SM0ZYZGxSV1REaHdabGhrZG1OcGFVSldRMmhOZDNGTWEzRm5PV1UyVjNsWVZWRXJibWs1T1hGc2NHWkZkbWMyYXl0MUsyeDZjRXcxWVVOcFUwZHlaMHgwV0VkNlNXVk9OMWt2V1Vwc01VeFJhMWhYYW5oTlkzRXZNMFkyUlV0eE9GTnFkakJ6UzJkMWVuaG1URkJpWVVkd1FuSmFXV1pKZFZGWmR6RXlVMlJVU1dsNFZHSmtjbEZaWVVsRk9HMVlXRE5rTXk5UFNVcEZSM2xxZVRaeE9FVkdXWHBIS3pkM2NVODVZa1F5YkdkSlNEQnVXV3hEYm01MmIyWnZlamsxYzNBek9WUnRXbnAwZGpsMFRFbzNPVWRTTjNCeWJYTlpZemhRVGpseWJHNTZPRWgzVGpKMGRUZzNhVmhsZDFWbU1qQjBkRVJVU1ZWNFF6WnVTMWRIVEZBcmVrSmxPRUoxVjFVMU1VTjNjbE5DYjBseFp6RnRPVU12WVhkaVZXRmhUVlE1ZGtseFltRlpjR1V3Um5sRlE="}
+01164{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":683,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":2,"flow_first_seen":1484319049465573,"flow_src_last_pkt_time":1484319049580164,"flow_dst_last_pkt_time":1484319049578403,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4993,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049580164,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","http": {"url":"api-global.netflix.com\/msl\/nrdjs\/2.1.2","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0","request_content_type":"application\/x-www-form-urlencoded"}}}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049641053,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049641053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049641053,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049641053,"flow_idle_time":200000000,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1484319049641053,"pkt":"gCqoTGHM5JjWH70UCABFAABCJHQAAP8RE97AqAEHwKgBAcoQADUALkrZBBoBAAABAAAAAAAABGE4MDMEZHNjZwZha2FtYWkDbmV0AAABAAE="}
+01039{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":691,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049641053,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049641053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049641053,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a803.dscg.akamai.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":692,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049645637,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049645637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049645637,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049645637,"flow_idle_time":200000000,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1484319049645637,"pkt":"gCqoTGHM5JjWH70UCABFAABCunsAAEARPNfAqAEHwKgBAcx7ADUALmwlX+cBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAE="}
+01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":692,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049645637,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049645637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049645637,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"ios.nccp.netflix.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+02209{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":694,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1484319043012652,"flow_src_last_pkt_time":1484319049640319,"flow_dst_last_pkt_time":1484319049653906,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":491,"flow_dst_tot_l4_payload_len":23168,"midstream":0,"thread_ts_usec":1484319049653906,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":590,"avg":428029.7,"max":6030936,"stddev":1231580.9,"var":1516791529472.0,"ent":2.3,"data": [22448,28943,26758,57708,590,13165,40076,31828,42757,26526,25526,50240,53221,30909,25521,54871,53768,27167,52693,79537,53772,544724,1519985,11557,27351,27280,28765,635381,3643850,6030936,1068]},"pktlen": {"min":52,"avg":795.6,"max":1500,"stddev":706.6,"var":499284.2,"ent":4.3,"data": [64,60,52,298,52,1500,1500,52,1500,52,1500,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,80,80,80,72,64,52,52,297,1500,1500]},"bins": {"c_to_s": [12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1],"entropies": [4.570159912,5.187539101,5.118428230,5.866323471,5.308815956,7.539054394,7.823310852,5.094483852,7.811959267,5.038779736,7.799767494,7.796337128,5.156889439,7.762200832,7.778352737,7.834424973,7.823929787,7.799146652,7.830269337,7.869925976,7.880800724,7.877037048,5.357215405,5.224027157,5.307214737,5.376956940,5.259624004,5.233813286,5.195351601,5.825244904,7.190491676,7.824782848]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":696,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049665892,"flow_idle_time":200000000,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1484319049665892,"pkt":"5JjWH70UgCqoTGHMCABFAABi4UdAAEAR1erAqAEBwKgBBwA1yhAATkFkBBqBgAABAAIAAAAABGE4MDMEZHNjZwZha2FtYWkDbmV0AAABAAHADAABAAEAAAAMAAS4GcwYwAwAAQABAAAADAAEuBnMKA=="}
+01055{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":696,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319049641053,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049665892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1484319049665892,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a803.dscg.akamai.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.24"}}}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319049672494,"flow_dst_last_pkt_time":1484319049672494,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049672494,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1484319049672494,"flow_dst_last_pkt_time":1484319049672494,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319049672494,"pkt":"gCqoTGHM5JjWH70UCABFAABAS8NAAEAGqRPAqAEHuBnMGM+hAFBgKjK0AAAAALAC\/\/92\/gAAAgQFtAEDAwUBAQgKH2T36AAAAAAEAgAA"}
+00916{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":701,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049681348,"flow_idle_time":200000000,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"thread_ts_usec":1484319049681348,"pkt":"5JjWH70UgCqoTGHMCABFAAFl4UhAAEAR1ObAqAEBwKgBBwA1zHsBUaLnX+eBgAABAAoAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAHADAAFAAEAAABiAA8DaW9zBG5jY3ADZ2VvwBXAMgAFAAEAAAFYABwDaW9zBG5jY3AJdXMtd2VzdC0yBnByb2RhYcAVwE0AHAABAAAAFwAQJiABCHAPAAAAAAAANChyo8BNABwAAQAAABcAECYgAQhwDwAAAAAAADQoMS\/ATQAcAAEAAAAXABAmIAEIcA8AAAAAAAA0KQT4wE0AHAABAAAAFwAQJiABCHAPAAAAAAAANCk7ncBNABwAAQAAABcAECYgAQhwDwAAAAAAADQnRIjATQAcAAEAAAAXABAmIAEIcA8AAAAAAAA0KBwAwE0AHAABAAAAFwAQJiABCHAPAAAAAAAANCh7ccBNABwAAQAAABcAECYgAQhwDwAAAAAAADQoNhw="}
+01061{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":701,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319049645637,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049681348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":329,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":329,"midstream":0,"thread_ts_usec":1484319049681348,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"ios.nccp.netflix.com","dns": {"num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.32.1.8"}}}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":702,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049684933,"flow_dst_last_pkt_time":1484319049684933,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049684933,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1484319049684933,"flow_dst_last_pkt_time":1484319049684933,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319049684933,"pkt":"gCqoTGHM5JjWH70UCABFAABAHF1AAEAGFLrAqAEHNr8RM8+qAbupwyRaAAAAALAC\/\/92fwAAAgQFtAEDAwUBAQgKH2T39AAAAAAEAgAA"}
+00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1484319049672494,"flow_dst_last_pkt_time":1484319049697401,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319049697401,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lq4GcwYwKgBBwBQz6GV0BcIYCoytaAScSDlwwAAAgQFtAQCCAr\/\/IQ4H2T36AEDAwU="}
+00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":705,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1484319049700208,"flow_dst_last_pkt_time":1484319049697401,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319049700208,"pkt":"gCqoTGHM5JjWH70UCABFAAA0bmdAAEAGhnvAqAEHuBnMGM+hAFBgKjK1ldAXCYAQEBV1gAAAAQEICh9k+AH\/\/IQ4"}
+00798{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1484319049703194,"flow_dst_last_pkt_time":1484319049697401,"flow_idle_time":3285032704,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_usec":1484319049703194,"pkt":"gCqoTGHM5JjWH70UCABFAAEMARZAAEAG8vTAqAEHuBnMGM+hAFBgKjK1ldAXCYAYEBWbUgAAAQEICh9k+AP\/\/IQ4R0VUIC90cGEzLzYxNi8yMDQxNzc5NjE2LmJpZiBIVFRQLzEuMQ0KSG9zdDogdHAuYWthbS5uZmx4aW1nLmNvbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogZW4tdXMNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogQXJnby85MDAgQ0ZOZXR3b3JrLzgwOC4yLjE2IERhcndpbi8xNi4zLjANCg0K"}
+01093{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319049703194,"flow_dst_last_pkt_time":1484319049697401,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049703194,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"tp.akam.nflximg.com","http": {"url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}}
+00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1484319049703194,"flow_dst_last_pkt_time":1484319049725869,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319049725869,"pkt":"5JjWH70UgCqoTGHMCABFIAA0k1dAADwGZWu4GcwYwKgBBwBQz6GV0BcJYCozjYAQA6uA6gAAAQEICv\/8hF4fZPgD"}
+00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1484319049684933,"flow_dst_last_pkt_time":1484319049740377,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319049740377,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGRvs2vxEzwKgBBwG7z6pwpjzKqcMkW6ASOJCp2gAAAgQFtAQCCAqtikoKH2T39AEDAwg="}
+00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":715,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1484319049743556,"flow_dst_last_pkt_time":1484319049740377,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319049743556,"pkt":"gCqoTGHM5JjWH70UCABFAAA0ddRAAEAGu07AqAEHNr8RM8+qAbupwyRbcKY8y4AQEBUA7QAAAQEICh9k+CqtikoK"}
+01204{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":717,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049740377,"flow_idle_time":3285032704,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319049748048,"pkt":"gCqoTGHM5JjWH70UCABFAAI5KeBAAEAGBT7AqAEHNr8RM8+qAbupwyRbcKY8y4AYEBVJ9gAAAQEICh9k+C6tikoKFgMBAgABAAH8AwPYXvBe7OTKRo\/HluRIJZi3JSt\/Gg\/Ui4yLFjBV5BYvDAAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
+01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":717,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049740377,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319049748048,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+01247{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":718,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319049703194,"flow_dst_last_pkt_time":1484319049753726,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319049753726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"tp.akam.nflximg.com","http": {"url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":200,"content_type":"text\/plain","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}}
+00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049807153,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319049807153,"pkt":"5JjWH70UgCqoTGHMCABFIAA0dtFAACoG0DE2vxEzwKgBBwG7z6pwpjzLqcMmYIAQAD0OrAAAAQEICq2KShofZPgu"}
+01275{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":725,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049807663,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319049807663,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}}
+01615{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":728,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319049748048,"flow_dst_last_pkt_time":1484319049850914,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319049850914,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":772,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319050652467,"flow_src_last_pkt_time":1484319050652467,"flow_dst_last_pkt_time":1484319050652467,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319050652467,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1484319050652467,"flow_dst_last_pkt_time":1484319050652467,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319050652467,"pkt":"gCqoTGHM5JjWH70UCABFAABA2xBAAEAGenHAqAEHF\/YLkc+rAFC8XkCtAAAAALAC\/\/9pzAAAAgQFtAEDAwUBAQgKH2T7jgAAAAAEAgAA"}
+00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1484319050652467,"flow_dst_last_pkt_time":1484319050677236,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319050677236,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmYX9guRwKgBBwBQz6susPTdvF5ArqAS\/\/\/2WQAAAgQFtAEDAwkEAggKRVwbeB9k+44="}
+00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1484319050678757,"flow_dst_last_pkt_time":1484319050677236,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319050678757,"pkt":"gCqoTGHM5JjWH70UCABFAAA0kSxAAEAGxGHAqAEHF\/YLkc+rAFC8XkCuLrD03oAQEBUU+gAAAQEICh9k+6dFXBt4"}
+00987{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":775,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1484319050682551,"flow_dst_last_pkt_time":1484319050677236,"flow_idle_time":3285032704,"pkt_caplen":422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":422,"pkt_l4_len":388,"thread_ts_usec":1484319050682551,"pkt":"gCqoTGHM5JjWH70UCABFAAGY\/5JAAEAGVJfAqAEHF\/YLkc+rAFC8XkCuLrD03oAYEBUr\/wAAAQEICh9k+6pFXBt4R0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMLXAtVmVJWjZXS1JxLVg2TE12YUxxZ3hXQkN1RmJoMDlNcHJlT1JVVU9PNVR4MTY4M0hQbkxZNkJQak5fOW1sRHVZaWhHWm9YdTl1MG96SDhSRmlvQk5fSkROaVJzY2lkanZvU2RXbWx5WmdQTmFuc1cwbGtCcjRYODFIdmxvT2k4QlNfZXhWU1BoTXlKUVRCNWJnJnY9MyZlPTE0ODQzNDc4NTAmdD01eGZZVnRuYTNHZFlYTDcxdU5zNkRaLVg4NFkmcmFuZG9tPTM5MzA3MDgyMjQgSFRUUC8xLjENCkhvc3Q6IDIzLjI0Ni4xMS4xNDUNCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGRlZmxhdGUsIGd6aXANClVzZXItQWdlbnQ6IG5ldGZsaXgtaW9zLWFwcA0KDQo="}
+01391{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":775,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319050652467,"flow_src_last_pkt_time":1484319050682551,"flow_dst_last_pkt_time":1484319050677236,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319050682551,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.145","http": {"url":"23.246.11.145\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=3930708224","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
+01196{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1484319050682551,"flow_dst_last_pkt_time":1484319050719721,"flow_idle_time":3285032704,"pkt_caplen":581,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":581,"pkt_l4_len":547,"thread_ts_usec":1484319050719721,"pkt":"5JjWH70UgCqoTGHMCABFIAI3AABAADsGWGsX9guRwKgBBwBQz6susPTevF5CEoAQCAIpPgAAAQEICkVcG6AfZPuqSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjUwIEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogV2VkLCAwOSBNYXIgMjAxNiAxMjoxNDoxNSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0yMjIxNjM3NTg4O2gxPTM4MzU3MzQ4NDM7aDI9OTA1OTYwMTAyO2gzPTE4OTE3NzkxNTQ7aDQ9MTIzNDk0MDsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE2MzthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
+02327{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":809,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":21,"flow_first_seen":1484319050652467,"flow_src_last_pkt_time":1484319051912595,"flow_dst_last_pkt_time":1484319051940613,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":28027,"midstream":0,"thread_ts_usec":1484319051940613,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3794,"avg":82202.4,"max":651024,"stddev":153564.6,"var":23582076928.0,"ent":3.6,"data": [24769,26290,3794,42485,4828,43771,27157,40474,69366,43854,44827,78254,38808,79815,102619,28781,14718,354324,85041,14066,12423,12747,651024,22850,582496,8619,27490,16417,16392,14698,15077]},"pktlen": {"min":52,"avg":940.8,"max":1500,"stddev":683.5,"var":467159.1,"ent":4.5,"data": [64,60,52,408,567,1500,52,1500,1500,52,1500,52,1500,1500,1500,1500,1500,1500,80,1500,1500,1500,1500,64,52,1500,1500,52,1500,52,1500,1500]},"bins": {"c_to_s": [10,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,1,0,1,1,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,0,1,1],"entropies": [4.550704956,5.312702179,5.103910923,6.388577938,5.862974167,3.576230049,5.195351124,2.528419971,2.540967226,5.077241421,2.547356844,5.115703106,2.543488026,2.552008152,2.558917999,3.816826105,3.805565357,3.816280365,5.256690979,3.890866995,3.462315798,3.461706400,3.458227158,5.071470261,5.154164314,3.470844507,3.517976761,5.154164314,3.546975851,4.955154419,3.560742617,3.579237461]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":828,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319052216458,"flow_src_last_pkt_time":1484319052216458,"flow_dst_last_pkt_time":1484319052216458,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319052216458,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1484319052216458,"flow_dst_last_pkt_time":1484319052216458,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319052216458,"pkt":"gCqoTGHM5JjWH70UCABFAABAN3hAAEAGHxDAqAEHF\/YKi8+sAFBgdy0VAAAAALAC\/\/\/UZQAAAgQFtAEDAwUBAQgKH2UBeQAAAAAEAgAA"}
+00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":832,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1484319052216458,"flow_dst_last_pkt_time":1484319052235250,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319052235250,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGW2wX9gqLwKgBBwBQz6xlmlqWYHctFqAS\/\/8JBgAAAgQFtAEDAwkEAggKQI7bkB9lAXk="}
+00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":833,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_src_last_pkt_time":1484319052237833,"flow_dst_last_pkt_time":1484319052235250,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319052237833,"pkt":"gCqoTGHM5JjWH70UCABFAAA0JFZAAEAGMj7AqAEHF\/YKi8+sAFBgdy0WZZpal4AQEBUnrAAAAQEICh9lAYxAjtuQ"}
+00986{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_src_last_pkt_time":1484319052242977,"flow_dst_last_pkt_time":1484319052235250,"flow_idle_time":3285032704,"pkt_caplen":422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":422,"pkt_l4_len":388,"thread_ts_usec":1484319052242977,"pkt":"gCqoTGHM5JjWH70UCABFAAGYZXBAAEAG77\/AqAEHF\/YKi8+sAFBgdy0WZZpal4AYEBXLwAAAAQEICh9lAZFAjtuQR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMLXAtVmVJWjZXS1JxLVg2TE12YUxxZ3hXQkN1RmJoMDlNcHJlT1JVVU9PNVR4MTY4M0hQbkxZNkJQak5fOW1sRHVZaWhHWm9YdTl1MG96SDhSRmlvQk5fSkROaVJzY2lkanZvU2RXbWx5WmdQTmFuc1cwbGtCcjRYODFIdmxvT2k4QlNfZXhWU1BoTXlKUVRCNWJnJnY9MyZlPTE0ODQzNDc4NTAmdD0tZGpHWEljYkZCTnp5ZnVncUVXY3JndENweVkmcmFuZG9tPTM0MDczNjA3NzYgSFRUUC8xLjENCkhvc3Q6IDIzLjI0Ni4xMC4xMzkNCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGRlZmxhdGUsIGd6aXANClVzZXItQWdlbnQ6IG5ldGZsaXgtaW9zLWFwcA0KDQo="}
+01391{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":834,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319052216458,"flow_src_last_pkt_time":1484319052242977,"flow_dst_last_pkt_time":1484319052235250,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319052242977,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.10.139","http": {"url":"23.246.10.139\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=3407360776","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
+01196{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":835,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_src_last_pkt_time":1484319052242977,"flow_dst_last_pkt_time":1484319052270991,"flow_idle_time":3285032704,"pkt_caplen":582,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":582,"pkt_l4_len":548,"thread_ts_usec":1484319052270991,"pkt":"5JjWH70UgCqoTGHMCABFIAI4AABAADsGWXAX9gqLwKgBBwBQz6xlmlqXYHcueoAQCAJ9jgAAAQEICkCO27MfZQGRSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjUyIEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogV2VkLCAwMiBEZWMgMjAxNSAxMTo1NjoxMSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0xNjkxOTM1MzA7aDE9MzQ4NzI0MzI0ODtoMj0zNzE0MjA4Mzg0O2gzPTY2MDIzMTMzO2g0PTE4NTY2Mzk4ODk7DQpYLVNlc3Npb24tSW5mbzogYWRkcj03My4yMDMuMTA3LjIzO3BvcnQ9NTMxNjQ7YXJncD02LnNOYzBEWFNmOFRIRTNmNHk4VnVObGtUSExzRW5RMUNLY2tDN3VzdzJ2YkENCg0K"}
+02327{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":870,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1484319052216458,"flow_src_last_pkt_time":1484319053577715,"flow_dst_last_pkt_time":1484319053589492,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":25132,"midstream":0,"thread_ts_usec":1484319053589492,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1043,"avg":88202.9,"max":638852,"stddev":151898.7,"var":23073200128.0,"ent":3.7,"data": [18792,21375,5144,35741,1043,5439,35508,13242,13983,20324,20435,13235,116191,170244,28107,56564,51631,31663,27571,12760,327583,131379,638852,579987,19881,15021,30035,13582,42286,118688,118005]},"pktlen": {"min":52,"avg":851.9,"max":1500,"stddev":697.4,"var":486427.5,"ent":4.4,"data": [64,60,52,408,568,1500,1500,52,1500,52,1500,52,1500,52,1500,1500,1500,1500,1500,1500,1500,80,1500,80,1500,72,1500,64,52,1500,52,1500]},"bins": {"c_to_s": [12,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,1,0,1,1,1,1,1,1,1,0,1,0,1,0,1,0,0,1,0,1],"entropies": [4.451259136,5.200120449,5.003043175,6.363925457,5.826877117,3.573564768,2.540809155,5.079966545,2.553215742,4.950064659,2.546205282,4.961856842,2.557531357,4.985801220,2.554388523,2.558952808,3.302551985,3.777240515,3.820478201,3.802512646,3.817392588,5.302858829,3.877096891,5.277858257,3.521096945,5.267232895,3.547756672,5.124750137,4.947339535,3.545200109,4.894361019,3.575657606]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":897,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319054101585,"flow_src_last_pkt_time":1484319054101585,"flow_dst_last_pkt_time":1484319054101585,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319054101585,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":897,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1484319054101585,"flow_dst_last_pkt_time":1484319054101585,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319054101585,"pkt":"gCqoTGHM5JjWH70UCABFAABA9bFAAEAGZ9XAqAEHF\/YDjM+zAFBtwXYMAAAAALAC\/\/99\/AAAAgQFtAEDAwUBAQgKH2UImQAAAAAEAgAA"}
+00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":898,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1484319054101585,"flow_dst_last_pkt_time":1484319054132376,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319054132376,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADgGZWsX9gOMwKgBBwBQz7OFwt93bcF2DaAS\/\/\/aJAAAAgQFtAEDAwkEAggKhKDK7B9lCJk="}
+00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":899,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1484319054134077,"flow_dst_last_pkt_time":1484319054132376,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319054134077,"pkt":"gCqoTGHM5JjWH70UCABFAAA0mQ1AAEAGxIXAqAEHF\/YDjM+zAFBtwXYNhcLfeIAQEBX4vQAAAQEICh9lCLmEoMrs"}
+00981{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1484319054139605,"flow_dst_last_pkt_time":1484319054132376,"flow_idle_time":3285032704,"pkt_caplen":420,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":420,"pkt_l4_len":386,"thread_ts_usec":1484319054139605,"pkt":"gCqoTGHM5JjWH70UCABFAAGW+VhAAEAGYtjAqAEHF\/YDjM+zAFBtwXYNhcLfeIAYEBWMVgAAAQEICh9lCL6EoMrsR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMLXAtVmVJWjZXS1JxLVg2TE12YUxxZ3hXQkN1RmJoMDlNcHJlT1JVVU9PNVR4MTY4M0hQbkxZNkJQak5fOW1sRHVZaWhHWm9YdTl1MG96SDhSRmlvQk5fSkROaVJzY2lkanZvU2RXbWx5WmdQTmFuc1cwbGtCcjRYODFIdmxvT2k4QlNfZXhWU1BoTXlKUVRCNWJnJnY9MyZlPTE0ODQzNDc4NTAmdD0tOHU0dmxjUHVGcWNPTG5MeWI5RER0Sy1iQjQmcmFuZG9tPTM1NzUwOTY1NyBIVFRQLzEuMQ0KSG9zdDogMjMuMjQ2LjMuMTQwDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlLCBnemlwDQpVc2VyLUFnZW50OiBuZXRmbGl4LWlvcy1hcHANCg0K"}
+01387{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":900,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319054101585,"flow_src_last_pkt_time":1484319054139605,"flow_dst_last_pkt_time":1484319054132376,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":354,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":354,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319054139605,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.3.140","http": {"url":"23.246.3.140\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
+01200{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1484319054139605,"flow_dst_last_pkt_time":1484319054176709,"flow_idle_time":3285032704,"pkt_caplen":585,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":585,"pkt_l4_len":551,"thread_ts_usec":1484319054176709,"pkt":"5JjWH70UgCqoTGHMCABFIAI7AABAADgGY2wX9gOMwKgBBwBQz7OFwt94bcF3b4AQCAIFOAAAAQEICoSgyxgfZQi+SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU0IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogV2VkLCAwMiBEZWMgMjAxNSAxMzowNDo1NCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0xMzQ4NjUzMDQ1O2gxPTI5MjU4ODY1MDk7aDI9MzMxMjc0NzM0OTtoMz0zNTU2NzU4MDYwO2g0PTI0NjkwOTU0ODI7DQpYLVNlc3Npb24tSW5mbzogYWRkcj03My4yMDMuMTA3LjIzO3BvcnQ9NTMxNzE7YXJncD02LnNOYzBEWFNmOFRIRTNmNHk4VnVObGtUSExzRW5RMUNLY2tDN3VzdzJ2YkENCg0K"}
+02319{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":929,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":22,"flow_first_seen":1484319054101585,"flow_src_last_pkt_time":1484319054294236,"flow_dst_last_pkt_time":1484319054480080,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":354,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":354,"flow_dst_tot_l4_payload_len":29479,"midstream":0,"thread_ts_usec":1484319054480080,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2187,"avg":18424.1,"max":44333,"stddev":10032.7,"var":100655136.0,"ent":4.7,"data": [30791,32492,5528,44333,2187,41107,2921,12763,15575,14938,14982,12802,12713,26425,12767,11943,13284,17180,31033,13321,13566,25571,14329,13905,26660,13805,13288,27210,13255,13305,27167]},"pktlen": {"min":52,"avg":984.9,"max":1500,"stddev":672.7,"var":452466.1,"ent":4.5,"data": [64,60,52,406,571,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500]},"bins": {"c_to_s": [9,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,1,1,1,1,1,1,1,1],"entropies": [4.527114868,5.266787052,5.118428230,6.362258911,5.831311226,3.571949720,5.233812809,2.540643215,2.558721066,5.195351124,2.550262213,5.038779736,2.557194710,2.582848072,5.195351124,2.547422886,5.038780212,2.553757429,2.570932388,5.195351124,2.541049719,5.115703106,3.780845165,3.769821644,3.779848337,3.819229603,3.784283876,3.803048134,3.786687374,3.790169001,3.883657932,3.464622736]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":953,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056204111,"flow_src_last_pkt_time":1484319056204111,"flow_dst_last_pkt_time":1484319056204111,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056204111,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":953,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1484319056204111,"flow_dst_last_pkt_time":1484319056204111,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319056204111,"pkt":"gCqoTGHM5JjWH70UCABFAABAfy9AAEAG1l7AqAEHF\/YLhc+0AFDwxwoWAAAAALAC\/\/9XEAAAAgQFtAEDAwUBAQgKH2UQewAAAAAEAgAA"}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":954,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056210218,"flow_src_last_pkt_time":1484319056210218,"flow_dst_last_pkt_time":1484319056210218,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056210218,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1484319056210218,"flow_dst_last_pkt_time":1484319056210218,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319056210218,"pkt":"gCqoTGHM5JjWH70UCABFAABAc11AAEAG4jDAqAEHF\/YLhc+1AFCjZhjfAAAAALAC\/\/+VoQAAAgQFtAEDAwUBAQgKH2UQgQAAAAAEAgAA"}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":955,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056214323,"flow_src_last_pkt_time":1484319056214323,"flow_dst_last_pkt_time":1484319056214323,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056214323,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":955,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1484319056214323,"flow_dst_last_pkt_time":1484319056214323,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319056214323,"pkt":"gCqoTGHM5JjWH70UCABFAABAlQtAAEAGwHrAqAEHF\/YLjc+2AFBDrGT6AAAAALAC\/\/+pMwAAAgQFtAEDAwUBAQgKH2UQhQAAAAAEAgAA"}
+00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":956,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056204111,"flow_dst_last_pkt_time":1484319056215779,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056215779,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWnIX9guFwKgBBwBQz7RnATKV8McKF6AS\/\/8JWwAAAgQFtAEDAwkEAggKNWmPpR9lEHs="}
+00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":957,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056219771,"flow_dst_last_pkt_time":1484319056215779,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056219771,"pkt":"gCqoTGHM5JjWH70UCABFAAA0oIhAAEAGtRHAqAEHF\/YLhc+0AFDwxwoXZwEyloAQEBUoBwAAAQEICh9lEIg1aY+l"}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":958,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056221799,"flow_src_last_pkt_time":1484319056221799,"flow_dst_last_pkt_time":1484319056221799,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056221799,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":958,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1484319056221799,"flow_dst_last_pkt_time":1484319056221799,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319056221799,"pkt":"gCqoTGHM5JjWH70UCABFAABAtyBAAEAGnmXAqAEHF\/YLjc+3AFC7qylgAAAAALAC\/\/9syQAAAgQFtAEDAwUBAQgKH2UQiQAAAAAEAgAA"}
+00989{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":959,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056222173,"flow_dst_last_pkt_time":1484319056215779,"flow_idle_time":3285032704,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"thread_ts_usec":1484319056222173,"pkt":"gCqoTGHM5JjWH70UCABFAAGaDOxAAEAGR0jAqAEHF\/YLhc+0AFDwxwoXZwEyloAYEBXItgAAAQEICh9lEIo1aY+lR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMW91VmFKcGVRTEJXakdMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwXzdsSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PUpmRWVmODBLMDJ5bklqTExvaS1IWkIxdVExMCZyYW5kb209MjQ3MzMzNjUxMyBIVFRQLzEuMQ0KSG9zdDogMjMuMjQ2LjExLjEzMw0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZSwgZ3ppcA0KVXNlci1BZ2VudDogbmV0ZmxpeC1pb3MtYXBwDQoNCg=="}
+01393{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":959,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056204111,"flow_src_last_pkt_time":1484319056222173,"flow_dst_last_pkt_time":1484319056215779,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056222173,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.133","http": {"url":"23.246.11.133\/range\/0-65535?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10&random=2473336513","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":960,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056232857,"flow_src_last_pkt_time":1484319056232857,"flow_dst_last_pkt_time":1484319056232857,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056232857,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":960,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1484319056232857,"flow_dst_last_pkt_time":1484319056232857,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319056232857,"pkt":"gCqoTGHM5JjWH70UCABFAABA7BpAAEAGaWvAqAEHF\/YLjc+4AFBql8CVAAAAALAC\/\/8mpAAAAgQFtAEDAwUBAQgKH2UQjAAAAAAEAgAA"}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":961,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056233255,"flow_src_last_pkt_time":1484319056233255,"flow_dst_last_pkt_time":1484319056233255,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056233255,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":961,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1484319056233255,"flow_dst_last_pkt_time":1484319056233255,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319056233255,"pkt":"gCqoTGHM5JjWH70UCABFAABALEhAAEAGKT7AqAEHF\/YLjc+5AFBMFfUEAAAAALAC\/\/8QsgAAAgQFtAEDAwUBAQgKH2UQkAAAAAAEAgAA"}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":962,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056233602,"flow_src_last_pkt_time":1484319056233602,"flow_dst_last_pkt_time":1484319056233602,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056233602,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":962,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1484319056233602,"flow_dst_last_pkt_time":1484319056233602,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319056233602,"pkt":"gCqoTGHM5JjWH70UCABFAABACXBAAEAGTBbAqAEHF\/YLjc+6AFDVkM0AAAAAALAC\/\/+vNgAAAgQFtAEDAwUBAQgKH2UQkwAAAAAEAgAA"}
+00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":963,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056210218,"flow_dst_last_pkt_time":1484319056234132,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056234132,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWnIX9guFwKgBBwBQz7VYH\/mqo2YY4KAS\/\/\/lFwAAAgQFtAEDAwkEAggKL5BAHx9lEIE="}
+00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":964,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056214323,"flow_dst_last_pkt_time":1484319056234316,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056234316,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7YrOmTYQ6xk+6AS\/\/\/4+gAAAgQFtAEDAwkEAggKJ9gJPh9lEIU="}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":965,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056234960,"flow_src_last_pkt_time":1484319056234960,"flow_dst_last_pkt_time":1484319056234960,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056234960,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":965,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1484319056234960,"flow_dst_last_pkt_time":1484319056234960,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319056234960,"pkt":"gCqoTGHM5JjWH70UCABFAABATZFAAEAGB\/XAqAEHF\/YLjc+7AFDfu3VVAAAAALAC\/\/\/8sgAAAgQFtAEDAwUBAQgKH2UQlgAAAAAEAgAA"}
+00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":966,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056235335,"flow_dst_last_pkt_time":1484319056234132,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056235335,"pkt":"gCqoTGHM5JjWH70UCABFAAA09NVAAEAGYMTAqAEHF\/YLhc+1AFCjZhjgWB\/5q4AQEBUDvAAAAQEICh9lEJYvkEAf"}
+00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":967,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056236474,"flow_dst_last_pkt_time":1484319056234316,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056236474,"pkt":"gCqoTGHM5JjWH70UCABFAAA0j6xAAEAGxeXAqAEHF\/YLjc+2AFBDrGT7Kzpk2YAQEBUXoQAAAQEICh9lEJgn2Ak+"}
+00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":968,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056221799,"flow_dst_last_pkt_time":1484319056237886,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056237886,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7dWBL6lu6spYaAS\/\/\/t4QAAAgQFtAEDAwkEAggKuIfCpR9lEIk="}
+00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":969,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056241221,"flow_dst_last_pkt_time":1484319056237886,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056241221,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Xt9AAEAG9rLAqAEHF\/YLjc+3AFC7qylhVgS+poAQEBUMigAAAQEICh9lEJq4h8Kl"}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":970,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056241489,"flow_src_last_pkt_time":1484319056241489,"flow_dst_last_pkt_time":1484319056241489,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056241489,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1484319056241489,"flow_dst_last_pkt_time":1484319056241489,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319056241489,"pkt":"gCqoTGHM5JjWH70UCABFAABAWzRAAEAG+lHAqAEHF\/YLjc+8AFAt4\/K3AAAAALAC\/\/8xJAAAAgQFtAEDAwUBAQgKH2UQmgAAAAAEAgAA"}
+00989{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":971,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056241806,"flow_dst_last_pkt_time":1484319056234316,"flow_idle_time":3285032704,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"thread_ts_usec":1484319056241806,"pkt":"gCqoTGHM5JjWH70UCABFAAGaBJdAAEAGT5XAqAEHF\/YLjc+2AFBDrGT7Kzpk2YAYEBUtTQAAAQEICh9lEJsn2Ak+R0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFKcG1RSVJla0dMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhydm5sSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PW1RZk9mOTAtUlkyR2QyaWkyMEtKcENjWVFWayZyYW5kb209MTM0NTY0NjIyOSBIVFRQLzEuMQ0KSG9zdDogMjMuMjQ2LjExLjE0MQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZSwgZ3ppcA0KVXNlci1BZ2VudDogbmV0ZmxpeC1pb3MtYXBwDQoNCg=="}
+01393{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":971,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056214323,"flow_src_last_pkt_time":1484319056241806,"flow_dst_last_pkt_time":1484319056234316,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056241806,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJpmQIRekGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThrvnlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=mQfOf90-RY2Gd2ii20KJpCcYQVk&random=1345646229","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
+00986{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":972,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056253583,"flow_dst_last_pkt_time":1484319056234132,"flow_idle_time":3285032704,"pkt_caplen":423,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":423,"pkt_l4_len":389,"thread_ts_usec":1484319056253583,"pkt":"gCqoTGHM5JjWH70UCABFAAGZsodAAEAGoa3AqAEHF\/YLhc+1AFCjZhjgWB\/5q4AYEBXhqgAAAQEICh9lEJsvkEAfR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMW91VmFKWjJiTEJDaEdMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwX25nSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PVNpeEtRbUxMSk52U2hqLXBmTUwtMmg0UWFxUSZyYW5kb209NzI3NjY2MTA0IEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTMzDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlLCBnemlwDQpVc2VyLUFnZW50OiBuZXRmbGl4LWlvcy1hcHANCg0K"}
+01392{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":972,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056210218,"flow_src_last_pkt_time":1484319056253583,"flow_dst_last_pkt_time":1484319056234132,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056253583,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.133","http": {"url":"23.246.11.133\/range\/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666104","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":973,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056264215,"flow_src_last_pkt_time":1484319056264215,"flow_dst_last_pkt_time":1484319056264215,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056264215,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":973,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1484319056264215,"flow_dst_last_pkt_time":1484319056264215,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319056264215,"pkt":"gCqoTGHM5JjWH70UCABFAABAgCRAAEAG1WHAqAEHF\/YLjc+9AFCAerrsAAAAALAC\/\/8WUwAAAgQFtAEDAwUBAQgKH2UQngAAAAAEAgAA"}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":974,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056264541,"flow_src_last_pkt_time":1484319056264541,"flow_dst_last_pkt_time":1484319056264541,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056264541,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":974,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1484319056264541,"flow_dst_last_pkt_time":1484319056264541,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319056264541,"pkt":"gCqoTGHM5JjWH70UCABFAABA6tRAAEAGarHAqAEHF\/YLjc++AFBtOQm6AAAAALAC\/\/\/axQAAAgQFtAEDAwUBAQgKH2UQngAAAAAEAgAA"}
+00985{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":975,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056264843,"flow_dst_last_pkt_time":1484319056237886,"flow_idle_time":3285032704,"pkt_caplen":423,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":423,"pkt_l4_len":389,"thread_ts_usec":1484319056264843,"pkt":"gCqoTGHM5JjWH70UCABFAAGZg0NAAEAG0OnAqAEHF\/YLjc+3AFC7qylhVgS+poAYEBUzwQAAAQEICh9lEJ64h8KlR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFKSjJUTGh1aUdMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwUDdsSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PURoMjc4dTJVcEFwT0NHVWo1UnhWOGF6TldYOCZyYW5kb209MzIzNzY1OTUwIEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTQxDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlLCBnemlwDQpVc2VyLUFnZW50OiBuZXRmbGl4LWlvcy1hcHANCg0K"}
+01392{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":975,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056221799,"flow_src_last_pkt_time":1484319056264843,"flow_dst_last_pkt_time":1484319056237886,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056264843,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765950","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
+01200{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":976,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056222173,"flow_dst_last_pkt_time":1484319056276003,"flow_idle_time":3285032704,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1484319056276003,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWHQX9guFwKgBBwBQz7RnATKW8McLfYAQCAIfuQAAAQEICjVpj8IfZRCKSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogVGh1LCAwNiBBdWcgMjAxNSAwODo0OTozMiBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0xMDQzNTI1NDU2O2gxPTM4NjQ4OTgwMTg7aDI9MjgzOTU3NTcwNDtoMz0yMjk3OTE3MjM0O2g0PTEzMDQzMDA3NDsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE3MjthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
+00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":977,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056234960,"flow_dst_last_pkt_time":1484319056276405,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056276405,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7vga1YT37t1VqAS\/\/\/ATQAAAgQFtAEDAwkEAggKs1tjeh9lEJY="}
+00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":978,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056232857,"flow_dst_last_pkt_time":1484319056276713,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056276713,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7h\/u26MapfAlqAS\/\/8KPAAAAgQFtAEDAwkEAggKFFAqwB9lEIw="}
+00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056233602,"flow_dst_last_pkt_time":1484319056276849,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056276849,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7qJ1p961ZDNAaAS\/\/87aAAAAgQFtAEDAwkEAggKTYEN7B9lEJM="}
+00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":980,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056233255,"flow_dst_last_pkt_time":1484319056276985,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056276985,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7nPaH08TBX1BaAS\/\/\/55gAAAgQFtAEDAwkEAggKNK+mZh9lEJA="}
+00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":983,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056278412,"flow_dst_last_pkt_time":1484319056276405,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056278412,"pkt":"gCqoTGHM5JjWH70UCABFAAA0QtJAAEAGEsDAqAEHF\/YLjc+7AFDfu3VW4GtWFIAQEBXe3gAAAQEICh9lEL6zW2N6"}
+00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":984,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056278683,"flow_dst_last_pkt_time":1484319056276713,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056278683,"pkt":"gCqoTGHM5JjWH70UCABFAAA0gLJAAEAG1N\/AqAEHF\/YLjc+4AFBql8CWf7tujYAQEBUowwAAAQEICh9lEL4UUCrA"}
+00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":985,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056278896,"flow_dst_last_pkt_time":1484319056276849,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056278896,"pkt":"gCqoTGHM5JjWH70UCABFAAA0s8BAAEAGodHAqAEHF\/YLjc+6AFDVkM0Bidafe4AQEBVZ9gAAAQEICh9lEL5NgQ3s"}
+00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056279100,"flow_dst_last_pkt_time":1484319056276985,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056279100,"pkt":"gCqoTGHM5JjWH70UCABFAAA0AZpAAEAGU\/jAqAEHF\/YLjc+5AFBMFfUFz2h9PYAQEBUYcgAAAQEICh9lEL40r6Zm"}
+00989{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":988,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056281344,"flow_dst_last_pkt_time":1484319056276405,"flow_idle_time":3285032704,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"thread_ts_usec":1484319056281344,"pkt":"gCqoTGHM5JjWH70UCABFAAGaF7lAAEAGPHPAqAEHF\/YLjc+7AFDfu3VW4GtWFIAYEBXHgQAAAQEICh9lEMGzW2N6R0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFKSmlYTEJ1Z0dMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwUGZsSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PUpxVGcwTmlBTkluNC1hUnduM3VLdFdkb1E3TSZyYW5kb209MTE0ODk3MDExNSBIVFRQLzEuMQ0KSG9zdDogMjMuMjQ2LjExLjE0MQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZSwgZ3ppcA0KVXNlci1BZ2VudDogbmV0ZmxpeC1pb3MtYXBwDQoNCg=="}
+01393{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":988,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056234960,"flow_src_last_pkt_time":1484319056281344,"flow_dst_last_pkt_time":1484319056276405,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056281344,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=1148970115","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
+00985{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":989,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056292083,"flow_dst_last_pkt_time":1484319056276849,"flow_idle_time":3285032704,"pkt_caplen":423,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":423,"pkt_l4_len":389,"thread_ts_usec":1484319056292083,"pkt":"gCqoTGHM5JjWH70UCABFAAGZMGVAAEAGI8jAqAEHF\/YLjc+6AFDVkM0Bidafe4AYEBWjdwAAAQEICh9lEMFNgQ3sR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFKSm1VTFJhakdMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwZmJsSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PXplenJESkRRdmdPMlRpWUMxZFQzaW1INFFDOCZyYW5kb209MTY5NDY3MzA0IEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTQxDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlLCBnemlwDQpVc2VyLUFnZW50OiBuZXRmbGl4LWlvcy1hcHANCg0K"}
+01392{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":989,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056233602,"flow_src_last_pkt_time":1484319056292083,"flow_dst_last_pkt_time":1484319056276849,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056292083,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJmULRajGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpfblHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=zezrDJDQvgO2TiYC1dT3imH4QC8&random=169467304","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
+00989{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":990,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056292112,"flow_dst_last_pkt_time":1484319056276713,"flow_idle_time":3285032704,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"thread_ts_usec":1484319056292112,"pkt":"gCqoTGHM5JjWH70UCABFAAGa65tAAEAGaJDAqAEHF\/YLjc+4AFBql8CWf7tujYAYEBXPLgAAAQEICh9lEMQUUCrAR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFKSnFUSVJxaEdMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwX3ZsSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PVRuUDU5SkIxd2I1VVRPQ3IwbS1LUVUya0dQbyZyYW5kb209NDEzNDczMTQwMCBIVFRQLzEuMQ0KSG9zdDogMjMuMjQ2LjExLjE0MQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZSwgZ3ppcA0KVXNlci1BZ2VudDogbmV0ZmxpeC1pb3MtYXBwDQoNCg=="}
+01393{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":990,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056232857,"flow_src_last_pkt_time":1484319056292112,"flow_dst_last_pkt_time":1484319056276713,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056292112,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo&random=4134731400","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
+00990{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056302728,"flow_dst_last_pkt_time":1484319056276985,"flow_idle_time":3285032704,"pkt_caplen":426,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":426,"pkt_l4_len":392,"thread_ts_usec":1484319056302728,"pkt":"gCqoTGHM5JjWH70UCABFAAGcdGpAAEAG37\/AqAEHF\/YLjc+5AFBMFfUFz2h9PYAYEBXR6AAAAQEICh9lEMQ0r6ZmR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFJcHlUSUJHakdMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwX2JpQ0ZyVWpIV3FoNWlwUUN0emY0T1ZXUSZ2PTMmZT0xNDg0MzQ3ODUwJnQ9OFo3OHZMMmk5T3ppaENBM00xTGluTVljTVk0JnJhbmRvbT0yMzg2NDc1ODM2IEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTQxDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlLCBnemlwDQpVc2VyLUFnZW50OiBuZXRmbGl4LWlvcy1hcHANCg0K"}
+01395{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":991,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056233255,"flow_src_last_pkt_time":1484319056302728,"flow_dst_last_pkt_time":1484319056276985,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056302728,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQIpyTIBGjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_biCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=8Z78vL2i9OzihCA3M1LinMYcMY4&random=2386475836","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
+00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":992,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056241489,"flow_dst_last_pkt_time":1484319056303302,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056303302,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7wVYmHmLePyuKAS\/\/9RBgAAAgQFtAEDAwkEAggKED1piB9lEJo="}
+01200{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":993,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056241806,"flow_dst_last_pkt_time":1484319056303461,"flow_idle_time":3285032704,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1484319056303461,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWGwX9guNwKgBBwBQz7YrOmTZQ6xmYYAQCAKWwQAAAQEICifYCWMfZRCbSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNSBGZWIgMjAxNiAxMDo0OTozNCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0xNDM0ODQ5OTY5O2gxPTE2NzkwMzAyNTk7aDI9ODg3ODQzMjA4O2gzPTQwODQyNzcyNzc7aDQ9MzEyNzQ2MDg0NDsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE3NDthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
+01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":995,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056253583,"flow_dst_last_pkt_time":1484319056306671,"flow_idle_time":3285032704,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1484319056306671,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWHQX9guFwKgBBwBQz7VYH\/mro2YaRYAQCAIXVAAAAQEICi+QQFUfZRCbSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogVGh1LCAwNiBBdWcgMjAxNSAwODo0OTo0MiBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0yMTUyNDYxMTY7aDE9MTQwNDMyNTczMztoMj0xNTU5ODI2NzA0O2gzPTE3MDc5MDAxNTQ7aDQ9MTEwODczNTEzNzsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE3MzthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
+00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":997,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056313756,"flow_dst_last_pkt_time":1484319056303302,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056313756,"pkt":"gCqoTGHM5JjWH70UCABFAAA0DEJAAEAGSVDAqAEHF\/YLjc+8AFAt4\/K4FWJh54AQEBVvgQAAAQEICh9lENgQPWmI"}
+00990{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056314229,"flow_dst_last_pkt_time":1484319056303302,"flow_idle_time":3285032704,"pkt_caplen":426,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":426,"pkt_l4_len":392,"thread_ts_usec":1484319056314229,"pkt":"gCqoTGHM5JjWH70UCABFAAGcJw9AAEAGLRvAqAEHF\/YLjc+8AFAt4\/K4FWJh54AYEBUJcgAAAQEICh9lENoQPWmIR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFKNXlUTEJDa0dMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwXzNtQ0ZyVWpIV3FoNWlwUUN0emY0T1ZXUSZ2PTMmZT0xNDg0MzQ3ODUwJnQ9cjVqdG5uRWNSOGhEQ2tQSW1mRWlXcVdBaktrJnJhbmRvbT0xODQ2MjM0NTI0IEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTQxDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlLCBnemlwDQpVc2VyLUFnZW50OiBuZXRmbGl4LWlvcy1hcHANCg0K"}
+01395{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056241489,"flow_src_last_pkt_time":1484319056314229,"flow_dst_last_pkt_time":1484319056303302,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056314229,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJ5yTLBCkGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_3mCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=r5jtnnEcR8hDCkPImfEiWqWAjKk&random=1846234524","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
+00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056264215,"flow_dst_last_pkt_time":1484319056326114,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056326114,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz72N4Tx+gHq67aAS\/\/8YZwAAAgQFtAEDAwkEAggKc9HQqh9lEJ4="}
+00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1002,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056264541,"flow_dst_last_pkt_time":1484319056326288,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056326288,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz749DprObTkJu6AS\/\/9Z3AAAAgQFtAEDAwkEAggKxO\/1DB9lEJ4="}
+01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1003,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056264843,"flow_dst_last_pkt_time":1484319056326471,"flow_idle_time":3285032704,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1484319056326471,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWGwX9guNwKgBBwBQz7dWBL6mu6sqxoAQCAIAPQAAAQEICriHwtgfZRCeSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMDo1OTo1NyBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0zNDEyNDEzNzk2O2gxPTM3MjM0NTkzOTc7aDI9MjEyNTU1Njc3MztoMz0yNTE0MzMyMzA5O2g0PTMwNjc0Mzg0NzsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE3NTthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
+00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1004,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056327250,"flow_dst_last_pkt_time":1484319056326114,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056327250,"pkt":"gCqoTGHM5JjWH70UCABFAAA0BrtAAEAGTtfAqAEHF\/YLjc+9AFCAerrtjeE8f4AQEBU20gAAAQEICh9lEOxz0dCq"}
+00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1005,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056327623,"flow_dst_last_pkt_time":1484319056326288,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056327623,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Fj1AAEAGP1XAqAEHF\/YLjc++AFBtOQm7PQ6az4AQEBV4RwAAAQEICh9lEOzE7\/UM"}
+00990{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1007,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056336202,"flow_dst_last_pkt_time":1484319056326114,"flow_idle_time":3285032704,"pkt_caplen":425,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":425,"pkt_l4_len":391,"thread_ts_usec":1484319056336202,"pkt":"gCqoTGHM5JjWH70UCABFAAGbxNdAAEAGj1PAqAEHF\/YLjc+9AFCAerrtjeE8f4AYEBVqrAAAAQEICh9lEO5z0dCqR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFMSjJUSUJlcEdMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwUGJpQ0ZyVWpIV3FoNWlwUUN0emY0T1ZXUSZ2PTMmZT0xNDg0MzQ3ODUwJnQ9dFRYdTNjNkZuSnRmaTZ6MElKcDNodzhlRHY4JnJhbmRvbT0xMjk0NTQwNzYgSFRUUC8xLjENCkhvc3Q6IDIzLjI0Ni4xMS4xNDENCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGRlZmxhdGUsIGd6aXANClVzZXItQWdlbnQ6IG5ldGZsaXgtaW9zLWFwcA0KDQo="}
+01395{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1007,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056264215,"flow_src_last_pkt_time":1484319056336202,"flow_dst_last_pkt_time":1484319056326114,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":359,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056336202,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=129454076","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
+00991{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1008,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056347066,"flow_dst_last_pkt_time":1484319056326288,"flow_idle_time":3285032704,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"thread_ts_usec":1484319056347066,"pkt":"gCqoTGHM5JjWH70UCABFAAGazfdAAEAGhjTAqAEHF\/YLjc++AFBtOQm7PQ6az4AYEBVtUQAAAQEICh9lEPDE7\/UMR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFKWjJWS2hxZ0dMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhvX2ZsSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PUxRN0x5WFNuWmFYS0VIQUhhUlJIay1TN2RLRSZyYW5kb209NDIwOTgxMDYzMyBIVFRQLzEuMQ0KSG9zdDogMjMuMjQ2LjExLjE0MQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZSwgZ3ppcA0KVXNlci1BZ2VudDogbmV0ZmxpeC1pb3MtYXBwDQoNCg=="}
+01394{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1008,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056264541,"flow_src_last_pkt_time":1484319056347066,"flow_dst_last_pkt_time":1484319056326288,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056347066,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=4209810633","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
+01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056281344,"flow_dst_last_pkt_time":1484319056358487,"flow_idle_time":3285032704,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1484319056358487,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWGwX9guNwKgBBwBQz7vga1YU37t2vIAQCAIEZwAAAQEICrNbY8AfZRDBSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMTowMTozMCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0yODYxMDQyNzU7aDE9MjM5MzA0NTg0MTtoMj00MDM0NTM4MzEwO2gzPTE2NTY5NTYxMjI7aDQ9MjQ5OTU3MjMyOTsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE3OTthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
+01203{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1013,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056292112,"flow_dst_last_pkt_time":1484319056365336,"flow_idle_time":3285032704,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319056365336,"pkt":"5JjWH70UgCqoTGHMCABFIAI5AABAADsGWG0X9guNwKgBBwBQz7h\/u26NapfB\/IAQCALntAAAAQEIChRQKwcfZRDESFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMDo1ODozOCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0yNTI3ODc2NzIzO2gxPTE4NTMxMDM2MDtoMj0yNjI2NDM0MjQ5O2gzPTc4MTUxOTY2NTtoND0zNzg0NDkyNzc5Ow0KWC1TZXNzaW9uLUluZm86IGFkZHI9NzMuMjAzLjEwNy4yMztwb3J0PTUzMTc2O2FyZ3A9Ni5zTmMwRFhTZjhUSEUzZjR5OFZ1TmxrVEhMc0VuUTFDS2NrQzd1c3cydmJBDQoNCg=="}
+01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056292083,"flow_dst_last_pkt_time":1484319056383550,"flow_idle_time":3285032704,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1484319056383550,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWGwX9guNwKgBBwBQz7qJ1p971ZDOZoAQCAJWkwAAAQEICk2BDjMfZRDBSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMDo1ODoyNSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0xMjIzMjI1NzE4O2gxPTIwMzYxMjM3NjI7aDI9MzY2MTI5NzM1NztoMz0xNTYzOTQ3OTU4O2g0PTg2NjYyMTEyMzsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE3ODthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
+01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1020,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056302728,"flow_dst_last_pkt_time":1484319056401774,"flow_idle_time":3285032704,"pkt_caplen":585,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":585,"pkt_l4_len":551,"thread_ts_usec":1484319056401774,"pkt":"5JjWH70UgCqoTGHMCABFIAI7AABAADsGWGsX9guNwKgBBwBQz7nPaH09TBX2bYAQCAIuwwAAAQEICjSvprMfZRDESFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMTowMToxMiBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0xNDIzMTMyNTA5O2gxPTEzMzc4NDc0ODI7aDI9MTgyMzk5NjUyNjtoMz0zMDE5NjA2NjE3O2g0PTQxMDM4MzQ5NjY7DQpYLVNlc3Npb24tSW5mbzogYWRkcj03My4yMDMuMTA3LjIzO3BvcnQ9NTMxNzc7YXJncD02LnNOYzBEWFNmOFRIRTNmNHk4VnVObGtUSExzRW5RMUNLY2tDN3VzdzJ2YkENCg0K"}
+01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1023,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056314229,"flow_dst_last_pkt_time":1484319056438162,"flow_idle_time":3285032704,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1484319056438162,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWGwX9guNwKgBBwBQz7wVYmHnLeP0IIAQCAJc5wAAAQEIChA9adofZRDaSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogU3VuLCAyNSBTZXAgMjAxNiAxMDozMzo0MCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0yMDc1MzA1ODc2O2gxPTE4NjI3MjU3Nzk7aDI9Mjg3NzM5ODUyMjtoMz0yODE2OTEyNTI1O2g0PTE5OTg1MTYxNjsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE4MDthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
+01202{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056336202,"flow_dst_last_pkt_time":1484319056481232,"flow_idle_time":3285032704,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319056481232,"pkt":"5JjWH70UgCqoTGHMCABFIAI5AABAADsGWG0X9guNwKgBBwBQz72N4Tx\/gHq8VIAQCAJ0XQAAAQEICnPR0PkfZRDuSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMDo1NzoxMyBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0zMTQ0MzE0NDtoMT0zNzA4MzgzMjg3O2gyPTM4ODgxMTQyNjc7aDM9MjMzMzc4ODI2NztoND0xODYyMzgzNDIyOw0KWC1TZXNzaW9uLUluZm86IGFkZHI9NzMuMjAzLjEwNy4yMztwb3J0PTUzMTgxO2FyZ3A9Ni5zTmMwRFhTZjhUSEUzZjR5OFZ1TmxrVEhMc0VuUTFDS2NrQzd1c3cydmJBDQoNCg=="}
+01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056347066,"flow_dst_last_pkt_time":1484319056498941,"flow_idle_time":3285032704,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1484319056498941,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWGwX9guNwKgBBwBQz749DprPbTkLIYAQCAICSgAAAQEICsTv9WUfZRDwSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMDo1NjowNSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0yMTI4ODE4ODczO2gxPTQxNDYxMDk3OTg7aDI9NDY4ODMxMDcxO2gzPTE2MDgwNTYwNzc7aDQ9NDI2NDEzMTg0MDsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE4MjthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
+02317{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1175,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056241489,"flow_src_last_pkt_time":1484319059351882,"flow_dst_last_pkt_time":1484319059371795,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319059371795,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":394,"avg":201312.9,"max":2097549,"stddev":403399.4,"var":162731114496.0,"ent":3.6,"data": [61813,72267,473,134860,394,125851,1162295,73601,899,212949,11519,409208,101075,1892,70852,2097549,79500,52131,129820,120649,42895,59919,67076,69354,174355,284029,29385,65003,252681,150502,125903]},"pktlen": {"min":52,"avg":493.7,"max":1500,"stddev":638.1,"var":407212.3,"ent":3.9,"data": [64,60,52,412,570,1500,52,80,80,80,80,80,80,64,64,52,1500,52,1500,52,1500,1500,52,1500,52,1500,64,52,52,1500,52,1500]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,1,0,1,0,0,0,1,0,1],"entropies": [4.601409912,5.346035957,5.041505337,6.346901894,5.793770790,4.440931797,5.065449238,5.202858448,5.202857018,5.262294292,5.341651440,5.366651535,5.317899227,5.165874004,5.228374004,5.195351601,4.782721043,5.156889915,4.790072441,5.101186275,4.825405598,4.817777157,5.233812809,4.752513409,5.024262905,4.806689262,5.165874004,5.195351124,5.195351124,4.632717133,5.024262905,4.635102272]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02320{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1251,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1484319056233255,"flow_src_last_pkt_time":1484319060551613,"flow_dst_last_pkt_time":1484319060618267,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":13563,"midstream":0,"thread_ts_usec":1484319060618267,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":135,"avg":280753.9,"max":1046959,"stddev":300914.6,"var":90549583872.0,"ent":4.2,"data": [43730,45845,23628,124789,4917,111637,635898,176069,176,135,41643,37401,940199,857,45449,434520,483806,1046959,74656,202356,418896,472205,955340,169880,525271,694311,167240,252312,98045,326303,148897]},"pktlen": {"min":52,"avg":490.1,"max":1500,"stddev":638.9,"var":408170.9,"ent":3.9,"data": [64,60,52,412,571,1500,52,72,72,64,64,64,52,88,1476,52,52,52,1500,1500,52,52,52,1500,52,52,1500,52,1500,1500,52,1500]},"bins": {"c_to_s": [19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,8,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,0,1,1,0,1],"entropies": [4.527114868,5.312702179,5.003043652,6.355251789,5.803568363,4.440690517,5.118427753,5.277718067,5.249940395,5.146419048,5.208919048,5.134624004,5.056021690,4.908463001,4.253908634,5.156889915,5.156889439,5.118427753,4.918218613,4.902011871,5.000318050,5.118427753,5.118427753,4.876659870,4.985801220,5.017560482,4.758782864,4.961856365,4.610503674,4.658255100,5.118427753,4.789437294]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02327{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1254,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1484319056221799,"flow_src_last_pkt_time":1484319060594060,"flow_dst_last_pkt_time":1484319060664663,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":14998,"midstream":0,"thread_ts_usec":1484319060664663,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":569,"avg":284358.9,"max":1636184,"stddev":362564.9,"var":131453321216.0,"ent":4.0,"data": [16087,19422,23622,88585,4002,82236,1105315,26930,21843,19608,569,13093,381586,1636184,66410,119030,421421,408128,882662,90167,143374,490378,519431,92259,120978,487097,597701,217631,227512,270000,221864]},"pktlen": {"min":52,"avg":536.6,"max":1500,"stddev":657.9,"var":432827.8,"ent":3.9,"data": [64,60,52,409,570,1500,52,72,72,72,64,64,64,64,1500,1500,52,64,52,1500,1500,52,52,1500,1500,52,52,1500,52,1500,64,1500]},"bins": {"c_to_s": [19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1],"entropies": [4.538909912,5.333454132,5.142372608,6.390935421,5.823237419,4.453172207,5.118427753,5.333272934,5.385473251,5.387441158,5.216578960,5.208919048,5.216578960,5.228374004,3.805912256,4.418298721,5.156889915,5.072124004,5.233813286,4.401393414,4.419836998,5.233812809,5.195351124,4.383244514,4.387027740,5.233812809,5.209868431,4.311857224,5.000318527,4.386717796,5.240169048,4.585660934]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02340{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1260,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319056210218,"flow_src_last_pkt_time":1484319060695068,"flow_dst_last_pkt_time":1484319060746254,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":20790,"midstream":0,"thread_ts_usec":1484319060746254,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4949,"avg":290996.3,"max":1397235,"stddev":314333.5,"var":98805530624.0,"ent":4.2,"data": [23914,25117,18248,72539,4949,71292,152183,249467,985618,26703,1397235,519076,299466,499851,482346,40528,55620,206768,137068,537495,535230,174291,571825,775969,198842,230534,89909,283953,128056,116304,110490]},"pktlen": {"min":52,"avg":716.2,"max":1500,"stddev":699.0,"var":488561.8,"ent":4.2,"data": [64,60,52,409,570,1500,52,1500,52,80,80,1500,72,1500,64,1500,1500,1500,52,1500,52,1500,52,52,1500,52,1500,1500,52,1500,52,1500]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,0,1,0,1,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,1],"entropies": [4.601409912,5.266787052,5.036415577,6.391139984,5.809580326,4.456539154,5.041504860,4.186237812,4.961856842,5.322779179,5.322779179,4.373055458,5.331886292,4.362320423,5.228374004,4.324150085,4.463343143,4.271175385,5.118428230,4.316685200,5.142372608,4.338371277,5.077241421,5.195351124,4.538278103,5.038779736,4.711270332,4.737337112,5.079966545,4.685406208,5.233812809,4.710971355]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02322{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1277,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056264541,"flow_src_last_pkt_time":1484319060916913,"flow_dst_last_pkt_time":1484319060915445,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319060916913,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":342,"avg":300105.7,"max":2716440,"stddev":539188.2,"var":290723889152.0,"ent":3.6,"data": [61747,63082,19443,172653,342,153906,1162512,94154,1429,12319,104280,65945,674747,41474,39967,488929,2716440,44869,75746,28743,32797,29468,133613,256105,742961,71312,1131465,569658,135441,73631,104098]},"pktlen": {"min":52,"avg":492.6,"max":1500,"stddev":638.8,"var":408052.9,"ent":3.9,"data": [64,60,52,410,570,1500,52,80,72,72,72,72,72,72,64,52,52,1500,1500,52,1500,52,1500,52,1500,64,52,1500,52,1500,1500,52]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,1,0,1,0,0,1,0,1,1,0],"entropies": [4.601409912,5.379369259,5.103910923,6.382707119,5.801897049,4.439589024,5.156889439,5.282214642,5.359663963,5.304108143,5.359663963,5.304108143,5.263877869,5.293623924,5.290874004,5.156889915,5.038779736,4.572134495,4.543495178,5.115703106,4.553971767,4.993616104,4.540792465,4.955154419,4.553669930,5.177669048,5.079966545,4.316857815,4.961856842,4.387219906,4.488969326,5.079966545]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02317{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1281,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1484319056214323,"flow_src_last_pkt_time":1484319060947278,"flow_dst_last_pkt_time":1484319060861747,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":12102,"midstream":0,"thread_ts_usec":1484319060947278,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":137,"avg":302592.9,"max":3094333,"stddev":556136.4,"var":309287714816.0,"ent":3.7,"data": [19993,22151,5332,69145,137,72224,626011,606979,26604,520264,51479,55493,593239,41657,80288,418048,3094333,65564,425655,469983,40810,84995,52141,54303,117697,383081,387305,709380,53664,73805,158619]},"pktlen": {"min":52,"avg":447.8,"max":1500,"stddev":616.5,"var":380048.7,"ent":3.8,"data": [64,60,52,410,570,1500,52,72,72,72,72,64,64,72,64,52,52,1500,64,64,1500,1500,52,1500,52,1500,52,64,1500,64,1500,52]},"bins": {"c_to_s": [21,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,1,0,1,0,0,1,0,1,0],"entropies": [4.538909912,5.312702179,5.065449715,6.359480381,5.816523552,4.445319176,5.065449238,5.277717590,5.387441635,5.387441635,5.248553276,5.259624004,5.228374004,5.331886292,5.259624004,5.272274494,5.115703106,4.653451920,5.163660049,5.185328960,4.692939758,4.660350800,5.065449715,4.689436913,5.077241898,4.606202602,5.156889439,5.290874004,4.357360840,5.290874004,4.495481014,5.233812809]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02314{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1300,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1484319056264215,"flow_src_last_pkt_time":1484319061168059,"flow_dst_last_pkt_time":1484319060482194,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":359,"flow_dst_tot_l4_payload_len":12101,"midstream":0,"thread_ts_usec":1484319061168059,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":266,"avg":294252.3,"max":2608516,"stddev":529173.0,"var":280024055808.0,"ent":3.5,"data": [61899,63035,8952,155118,266,150147,1152400,92133,498,591361,113696,141666,52293,522,39853,381137,2608516,28241,68204,27169,29555,26620,56459,81742,44814,43749,497350,496550,1208877,807442,91559]},"pktlen": {"min":52,"avg":449.2,"max":1500,"stddev":615.6,"var":378913.2,"ent":3.8,"data": [64,60,52,411,569,1500,52,80,80,80,80,72,64,64,64,52,64,1500,1500,52,1500,52,1500,1500,52,1500,52,64,52,1500,72,72]},"bins": {"c_to_s": [21,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,1,1,0,1,0,0,0,1,0,0],"entropies": [4.570159912,5.346035480,5.065449715,6.363940239,5.804843426,4.442625046,5.142372608,5.362294197,5.337294102,5.312294006,5.287294388,5.333272934,5.197124004,5.240169048,5.240169048,5.156889439,5.152518272,4.990313053,4.973003864,5.195351124,4.964061737,5.000318050,4.996945381,4.996238232,5.156889439,4.959667683,5.038779736,5.146419048,5.003043175,4.680668831,5.247971535,5.333272934]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02317{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1307,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056204111,"flow_src_last_pkt_time":1484319061128980,"flow_dst_last_pkt_time":1484319061270358,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319061270358,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":79,"avg":322294.1,"max":3064500,"stddev":576519.8,"var":332375130112.0,"ent":3.6,"data": [11668,15660,2402,60224,1206,79,57126,107813,316921,313910,536684,811161,71198,122498,693690,84709,585634,3064500,52838,57895,98411,231468,526235,115101,671,585669,117652,1178873,25807,79129,64284]},"pktlen": {"min":52,"avg":495.0,"max":1500,"stddev":637.2,"var":406023.8,"ent":3.9,"data": [64,60,52,410,570,1500,1500,52,52,1500,52,80,80,80,80,72,64,72,1500,72,1500,64,1500,80,64,52,64,52,1500,52,1500,1500]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,0,0,0,1,0,1,0,1,0,0,0,0,0,1,0,1,1],"entropies": [4.507659912,5.233454227,4.964581966,6.333802700,5.821110249,4.461877346,4.201263905,5.132945538,5.014835358,3.777186632,4.976373672,5.144669533,5.135233879,5.169670582,5.169669628,5.192996979,5.140319824,5.248552799,4.282153130,5.248552322,4.242815018,4.995864868,4.290421486,5.085232735,5.140319824,5.132945538,5.140319824,5.056022167,4.478749752,5.053297043,4.467899799,4.518882275]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02324{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1334,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056233602,"flow_src_last_pkt_time":1484319061706774,"flow_dst_last_pkt_time":1484319061794702,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319061794702,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":240,"avg":355944.2,"max":3546297,"stddev":682699.4,"var":466078498816.0,"ent":3.5,"data": [43247,45294,13187,106701,4927,97880,1317695,102059,98186,240,515839,59813,1148424,57207,54890,165165,3546297,68400,92258,155981,131046,69975,95851,103962,104462,205130,729427,91959,551213,1189389,68168]},"pktlen": {"min":52,"avg":493.2,"max":1500,"stddev":638.4,"var":407523.4,"ent":3.9,"data": [64,60,52,409,570,1500,52,80,80,72,72,72,72,72,64,64,52,1500,52,1500,52,1500,1500,52,1500,52,1500,64,52,52,1500,1500]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,1,0,1,0,0,0,1,1],"entropies": [4.515677452,5.333454132,5.041505337,6.377946854,5.816387177,4.450622082,5.118428230,5.366649628,5.366649628,5.359663963,5.333272934,5.387441635,5.387441635,5.293623924,5.290874004,5.322124004,5.272274494,4.440482140,5.209868431,4.489046574,5.014835358,4.480661392,4.471484184,5.233812809,4.471359730,5.062724590,4.458212852,5.290874004,5.233812809,5.000318527,4.395615101,4.444458961]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02323{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1407,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1484319056234960,"flow_src_last_pkt_time":1484319062638948,"flow_dst_last_pkt_time":1484319062680623,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":14998,"midstream":0,"thread_ts_usec":1484319062680623,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":72,"avg":414504.9,"max":4457097,"stddev":811357.3,"var":658300731392.0,"ent":3.6,"data": [41445,43452,2932,82082,72,78739,1252127,77707,132171,828,525346,100674,510044,513013,40289,4457097,87034,1392951,522404,574888,39602,91204,57625,58127,138968,449063,380142,69915,139503,473414,516793]},"pktlen": {"min":52,"avg":538.1,"max":1500,"stddev":656.8,"var":431419.8,"ent":3.9,"data": [64,60,52,410,570,1500,52,80,80,72,72,72,72,72,64,64,1500,1500,52,52,1500,1500,52,1500,52,1500,52,1500,1500,52,52,1500]},"bins": {"c_to_s": [19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1],"entropies": [4.538909912,5.312702179,5.026988029,6.353898048,5.812767506,4.447575092,5.118428230,5.316649437,5.391650200,5.387441635,5.387441635,5.361050606,5.333272934,5.331886292,5.228374004,5.228374004,4.410194397,4.460495949,5.079966545,5.195351124,4.415517807,4.454523087,5.195351601,4.441005707,5.077241421,4.548726559,5.156889915,4.299219608,4.319707394,5.195351601,5.156889439,4.440834999]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02318{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1438,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1484319056232857,"flow_src_last_pkt_time":1484319062946776,"flow_dst_last_pkt_time":1484319063015567,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":10653,"midstream":0,"thread_ts_usec":1484319063015567,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":682,"avg":435375.1,"max":4431980,"stddev":814478.7,"var":663375511552.0,"ent":3.6,"data": [43856,45826,13429,88623,4898,81946,1250769,92472,118428,682,544165,69196,495457,501654,62886,1143862,28583,39116,4431980,82976,87813,169881,586445,795488,292945,509017,501170,1203523,55860,83014,70669]},"pktlen": {"min":52,"avg":404.2,"max":1500,"stddev":589.2,"var":347103.4,"ent":3.7,"data": [64,60,52,410,569,1500,52,80,80,72,72,72,72,72,64,64,64,64,64,1500,52,1500,64,52,1500,64,52,52,1500,1500,52,1500]},"bins": {"c_to_s": [22,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,1,0,0,0,1,1,0,1],"entropies": [4.570159912,5.166786671,4.974009037,6.366189480,5.841994762,4.452114582,5.079966545,5.252857208,5.332214355,5.359663963,5.387441635,5.293623924,5.359663486,5.276330948,5.290874004,5.144205093,5.290874004,5.259624004,5.154078960,4.322241306,5.038779736,4.343337059,5.163660049,5.156889439,4.373079300,5.208919048,5.180834293,5.195351124,4.324346066,4.345085144,5.195351124,4.404635906]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01983{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1545,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319063959877,"flow_dst_last_pkt_time":1484319064010312,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6334,"flow_dst_tot_l4_payload_len":4142,"midstream":0,"thread_ts_usec":1484319064010312,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":136,"avg":1958267.8,"max":30086001,"stddev":7379834.5,"var":54461959503872.0,"ent":1.1,"data": [47011,48359,1676,53080,2562,989,62283,11050,5991,10798,261,350,60341,3416,50128,4429,893,563,55944,50485,306,42722,3984,5077,5232,136,57719,311,30033380,30086001,822]},"pktlen": {"min":52,"avg":380.0,"max":1500,"stddev":556.9,"var":310128.2,"ent":3.8,"data": [64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1402,1500,1500,52,1500,337,52,52,52,993,112,52,52,52,83,52]},"bins": {"c_to_s": [9,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0],"s_to_c": [9,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,1,1,1,1,1,0,0,0,1,1],"entropies": [4.484876633,5.289900780,5.078045845,5.808425426,5.131024837,7.255376339,7.317865372,5.092562675,6.901146412,5.131024361,6.124006748,5.004364967,6.039024830,5.169486046,6.007705688,5.169486046,7.873569965,7.881214619,7.864243507,5.169486046,7.845795155,7.405421257,5.116507530,5.078045845,5.131024361,7.806305885,6.290623188,5.169486046,5.092563152,5.094483852,5.825018406,5.132945538]}}
+01643{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1545,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319063959877,"flow_dst_last_pkt_time":1484319064010312,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6334,"flow_dst_tot_l4_payload_len":4142,"midstream":0,"thread_ts_usec":1484319064010312,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1570,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064590230,"flow_src_last_pkt_time":1484319064590230,"flow_dst_last_pkt_time":1484319064590230,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064590230,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1570,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1484319064590230,"flow_dst_last_pkt_time":1484319064590230,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319064590230,"pkt":"gCqoTGHM5JjWH70UCABFAABAVptAAEAGBuzAqAEHF\/YDjM+\/AFBrAzOSAAAAALAC\/\/+cMAAAAgQFtAEDAwUBAQgKH2UvkQAAAAAEAgAA"}
+00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1571,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064593980,"flow_src_last_pkt_time":1484319064593980,"flow_dst_last_pkt_time":1484319064593980,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064593980,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1571,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1484319064593980,"flow_dst_last_pkt_time":1484319064593980,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319064593980,"pkt":"gCqoTGHM5JjWH70UCABFAABAVrtAAEAG\/srAqAEHF\/YLjc\/AAFDz13keAAAAALAC\/\/\/FywAAAgQFtAEDAwUBAQgKH2UvkwAAAAAEAgAA"}
+00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1572,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1484319064593980,"flow_dst_last_pkt_time":1484319064620050,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319064620050,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz8BQi7Oi89d5H6AS\/\/+uwwAAAgQFtAEDAwkEAggKYvDA2R9lL5M="}
+00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1484319064590230,"flow_dst_last_pkt_time":1484319064620707,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319064620707,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADgGZWsX9gOMwKgBBwBQz78\/hnHMawMzk6AS\/\/+duQAAAgQFtAEDAwkEAggKbx\/u9B9lL5E="}
+00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1574,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1484319064621471,"flow_dst_last_pkt_time":1484319064620050,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064621471,"pkt":"gCqoTGHM5JjWH70UCABFAAA0SOFAAEAGDLHAqAEHF\/YLjc\/AAFDz13kfUIuzo4AQEBXNXwAAAQEICh9lL7Bi8MDZ"}
+00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1575,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_src_last_pkt_time":1484319064621745,"flow_dst_last_pkt_time":1484319064620707,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064621745,"pkt":"gCqoTGHM5JjWH70UCABFAAA0y1dAAEAGkjvAqAEHF\/YDjM+\/AFBrAzOTP4ZxzYAQEBW8UwAAAQEICh9lL7BvH+70"}
+01193{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1576,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1484319064624064,"flow_dst_last_pkt_time":1484319064620050,"flow_idle_time":3285032704,"pkt_caplen":575,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":575,"pkt_l4_len":541,"thread_ts_usec":1484319064624064,"pkt":"gCqoTGHM5JjWH70UCABFAAIx\/M5AAEAGVsbAqAEHF\/YLjc\/AAFDz13kfUIuzo4AYEBXADAAAAQEICh9lL7Ji8MDZR0VUIC8\/bz1BUUVmS3Eyb01yTFJpV0wycHVOUUpKcVRJUnFoR0xqU3NldTIzVjJIWDZrSWlVOUpwYkNhQnh4YUlvejIxcVFOS3VEVWFPSVp3ZFRseDIzRE1WeGFiYkN3bXZFbHVpcERXMnR2Rk1saE1SdHdkaGhWbGJ2OUtHRmFiaXU1S0gwU2x4MFZqT0tfd3pUaHBfdmxIaFdBNGtXOWdheVlFV3RqTk5LZSZ2PTMmZT0xNDg0MzQ3ODUwJnQ9VG5QNTlKQjF3YjVVVE9DcjBtLUtRVTJrR1BvIEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTQxDQpYLVBsYXliYWNrLVNlc3Npb24tSWQ6IDQzRERBRkI5LUZFMkYtNEM2RS05QjkxLUFCMERDNDY0ODdBMQ0KUmFuZ2U6IGJ5dGVzPTAtMjA1OA0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IEFwcGxlQ29yZU1lZGlhLzEuMC4wLjE0QzkyIChpUGhvbmU7IFU7IENQVSBPUyAxMF8yIGxpa2UgTWFjIE9TIFg7IGVuX3VzKQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cw0KQWNjZXB0LUVuY29kaW5nOiBpZGVudGl0eQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
+01420{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1576,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064593980,"flow_src_last_pkt_time":1484319064624064,"flow_dst_last_pkt_time":1484319064620050,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":509,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":509,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064624064,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}}
+01188{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1577,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_src_last_pkt_time":1484319064634961,"flow_dst_last_pkt_time":1484319064620707,"flow_idle_time":3285032704,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1484319064634961,"pkt":"gCqoTGHM5JjWH70UCABFAAIt069AAEAGh+rAqAEHF\/YDjM+\/AFBrAzOTP4ZxzYAYEBUSvwAAAQEICh9lL7NvH+70R0VUIC8\/bz1BUUVmS3Eyb01yTFJpV0wtcC1WZUlaNldLUnEtWDZMTXZhTHFneFdCQ3VGYmgwOU1wcmVPUlVVT081VHgxNjgzSFBuTFk2QlBqTl85bWxEdVlpaEdab1h1OXUwb3pIOFJGaW9CTl9KRE5pUnNjaWRqdm9TZFdtbHlaZ1BOYW5zVzBsa0JyNFg4MUh2bG9PaThCU19leFZTUGhNeUpRVEI1Ymcmdj0zJmU9MTQ4NDM0Nzg1MCZ0PS04dTR2bGNQdUZxY09Mbkx5YjlERHRLLWJCNCBIVFRQLzEuMQ0KSG9zdDogMjMuMjQ2LjMuMTQwDQpYLVBsYXliYWNrLVNlc3Npb24tSWQ6IDQzRERBRkI5LUZFMkYtNEM2RS05QjkxLUFCMERDNDY0ODdBMQ0KUmFuZ2U6IGJ5dGVzPTAtODk4DQpBY2NlcHQ6ICovKg0KVXNlci1BZ2VudDogQXBwbGVDb3JlTWVkaWEvMS4wLjAuMTRDOTIgKGlQaG9uZTsgVTsgQ1BVIE9TIDEwXzIgbGlrZSBNYWMgT1MgWDsgZW5fdXMpDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzDQpBY2NlcHQtRW5jb2Rpbmc6IGlkZW50aXR5DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
+01415{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1577,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064590230,"flow_src_last_pkt_time":1484319064634961,"flow_dst_last_pkt_time":1484319064620707,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":505,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":505,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064634961,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.3.140","http": {"url":"23.246.3.140\/?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}}
+01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1578,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1484319064624064,"flow_dst_last_pkt_time":1484319064666580,"flow_idle_time":3285032704,"pkt_caplen":635,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":635,"pkt_l4_len":601,"thread_ts_usec":1484319064666580,"pkt":"5JjWH70UgCqoTGHMCABFIAJtAABAADsGWDkX9guNwKgBBwBQz8BQi7Oj89d7HIAQCAKAjwAAAQEICmLwwQkfZS+ySFRUUC8xLjEgMjA2IFBhcnRpYWwgQ29udGVudA0KU2VydmVyOiBuZ2lueA0KRGF0ZTogRnJpLCAxMyBKYW4gMjAxNyAxNDo1MTowNCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMjA1OQ0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMDo1ODozOCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0zODc0NDA1MjkxO2gxPTE2OTUxOTc4MzY7aDI9MzkxNzk2ODQ1MztoMz0xNjgzNjM2NjM2O2g0PTEyNTE5MTU3NTQ7DQpYLVNlc3Npb24tSW5mbzogYWRkcj03My4yMDMuMTA3LjIzO3BvcnQ9NTMxODQ7YXJncD02LnNOYzBEWFNmOFRIRTNmNHk4VnVObGtUSExzRW5RMUNLY2tDN3VzdzJ2YkENCkNvbnRlbnQtUmFuZ2U6IGJ5dGVzIDAtMjA1OC81MTgzODA5MA0KDQo="}
+00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1579,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064669455,"flow_dst_last_pkt_time":1484319064669455,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064669455,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1579,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1484319064669455,"flow_dst_last_pkt_time":1484319064669455,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319064669455,"pkt":"gCqoTGHM5JjWH70UCABFAABAhwJAAEAGqhTAqAEHNr8RM8\/JAbsptVYdAAAAALAC\/\/+MwgAAAgQFtAEDAwUBAQgKH2Uv3QAAAAAEAgAA"}
+00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1580,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064671268,"flow_dst_last_pkt_time":1484319064671268,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064671268,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1580,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1484319064671268,"flow_dst_last_pkt_time":1484319064671268,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319064671268,"pkt":"gCqoTGHM5JjWH70UCABFAABAbOBAAEAGxDbAqAEHNr8RM8\/SAbtTxg2UAAAAALAC\/\/+rMAAAAgQFtAEDAwUBAQgKH2Uv3gAAAAAEAgAA"}
+00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1583,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064683828,"flow_src_last_pkt_time":1484319064683828,"flow_dst_last_pkt_time":1484319064683828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064683828,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1583,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1484319064683828,"flow_dst_last_pkt_time":1484319064683828,"flow_idle_time":200000000,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1484319064683828,"pkt":"gCqoTGHM5JjWH70UCABFAABFcJ0AAP8Rx7HAqAEHwKgBAe4iADUAMSObED0BAAABAAAAAAAAB2ljaG5hZWEDZ2VvB25ldGZsaXgDY29tAAABAAE="}
+01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1583,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064683828,"flow_src_last_pkt_time":1484319064683828,"flow_dst_last_pkt_time":1484319064683828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064683828,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"ichnaea.geo.netflix.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1584,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1484319064634961,"flow_dst_last_pkt_time":1484319064684712,"flow_idle_time":3285032704,"pkt_caplen":632,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":632,"pkt_l4_len":598,"thread_ts_usec":1484319064684712,"pkt":"5JjWH70UgCqoTGHMCABFIAJqAABAADgGYz0X9gOMwKgBBwBQz78\/hnHNawM1jIAQCALNywAAAQEICm8f7y8fZS+zSFRUUC8xLjEgMjA2IFBhcnRpYWwgQ29udGVudA0KU2VydmVyOiBuZ2lueA0KRGF0ZTogRnJpLCAxMyBKYW4gMjAxNyAxNDo1MTowNCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogODk5DQpMYXN0LU1vZGlmaWVkOiBXZWQsIDAyIERlYyAyMDE1IDEzOjA0OjU0IEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tc3RvcmUNClByYWdtYTogbm8tY2FjaGUNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQWNjZXNzLUNvbnRyb2wtRXhwb3NlLUhlYWRlcnM6IFgtVENQLUluZm8sWC1TZXNzaW9uLUluZm8NClgtVENQLUluZm86IGgwPTE4NzYyODM3MjU7aDE9NDA2NDkwMzk0NDtoMj00MDQyNzE1Mjg1O2gzPTU1ODU2Mjg0MztoND0zODg1NTExNTIyOw0KWC1TZXNzaW9uLUluZm86IGFkZHI9NzMuMjAzLjEwNy4yMztwb3J0PTUzMTgzO2FyZ3A9Ni5zTmMwRFhTZjhUSEUzZjR5OFZ1TmxrVEhMc0VuUTFDS2NrQzd1c3cydmJBDQpDb250ZW50LVJhbmdlOiBieXRlcyAwLTg5OC8zMjQ2ODMzNQ0KDQo="}
+00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1588,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1484319064683828,"flow_dst_last_pkt_time":1484319064699948,"flow_idle_time":200000000,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_usec":1484319064699948,"pkt":"5JjWH70UgCqoTGHMCABFAADq4UlAAEAR1WDAqAEBwKgBBwA17iIA1plWED2BgAABAAkAAAAAB2ljaG5hZWEDZ2VvB25ldGZsaXgDY29tAAABAAHADAAFAAEAAAAMABkHaWNobmFlYQdsYXRlbmN5BnByb2RhYcAYwDUAAQABAAAAFgAENCUk\/MA1AAEAAQAAABYABDQrZhTANQABAAEAAAAWAAQ0Iv+pwDUAAQABAAAAFgAENBhu0sA1AAEAAQAAABYABDQK7rvANQABAAEAAAAWAAQ2RB9SwDUAAQABAAAAFgAENCdXJMA1AAEAAQAAABYABDQobnM="}
+01065{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1588,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319064683828,"flow_src_last_pkt_time":1484319064683828,"flow_dst_last_pkt_time":1484319064699948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":206,"midstream":0,"thread_ts_usec":1484319064699948,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"ichnaea.geo.netflix.com","dns": {"num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.37.36.252"}}}
+00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1592,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064711690,"flow_dst_last_pkt_time":1484319064711690,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064711690,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1592,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1484319064711690,"flow_dst_last_pkt_time":1484319064711690,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319064711690,"pkt":"gCqoTGHM5JjWH70UCABFAABAfOpAAEAGov3AqAEHNCUk\/M\/TAbvE99WSAAAAALAC\/\/9grAAAAgQFtAEDAwUBAQgKH2UwAgAAAAAEAgAA"}
+01978{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1593,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319064712006,"flow_dst_last_pkt_time":1484319034278653,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6319,"flow_dst_tot_l4_payload_len":4140,"midstream":0,"thread_ts_usec":1484319064712006,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":74,"avg":1003326.9,"max":30431499,"stddev":5372888.5,"var":28867930619904.0,"ent":0.2,"data": [44924,46321,7446,58250,1844,979,55802,12140,9904,9342,287,206,60460,132,50780,11459,460,157,72134,60865,339,50757,444,15673,16944,136,74,82928,303,146,30431499]},"pktlen": {"min":52,"avg":379.5,"max":1500,"stddev":557.0,"var":310204.4,"ent":3.8,"data": [64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1402,1500,1500,52,1500,322,52,52,52,993,107,86,52,52,52,52]},"bins": {"c_to_s": [10,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0],"s_to_c": [7,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,1,1,1,1,1,1,0,0,0,0],"entropies": [4.598081589,5.256567001,5.131024837,5.819132805,5.246409416,7.227420330,7.332920074,5.092563152,6.984497547,5.169486046,6.274277210,5.113821983,5.948767662,5.284871101,6.050486565,5.246409416,7.870395660,7.873335838,7.867392540,5.246409416,7.876014709,7.339691162,5.169486046,5.284871101,5.284871101,7.775086403,6.215628147,5.873826027,5.246409416,5.169486046,5.154969215,5.003043175]}}
+01644{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1593,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319064712006,"flow_dst_last_pkt_time":1484319034278653,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6319,"flow_dst_tot_l4_payload_len":4140,"midstream":0,"thread_ts_usec":1484319064712006,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}}
+00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1594,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1484319064671268,"flow_dst_last_pkt_time":1484319064722112,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319064722112,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGRvs2vxEzwKgBBwG7z9JcNkhzU8YNlaASOJDYrwAAAgQFtAQCCAqtilitH2Uv3gEDAwg="}
+00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1595,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1484319064669455,"flow_dst_last_pkt_time":1484319064722814,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319064722814,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGR\/s2vxEzwKgBBwG7z8mqa43KKbVWHqASOJAmtQAAAgQFtAQCCAqtilitH2Uv3QEDAwg="}
+00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1596,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1484319064723412,"flow_dst_last_pkt_time":1484319064722112,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064723412,"pkt":"gCqoTGHM5JjWH70UCABFAAA06mxAAEAGRrbAqAEHNr8RM8\/SAbtTxg2VXDZIdIAQEBUvyAAAAQEICh9lMA6tilit"}
+00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1597,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1484319064724096,"flow_dst_last_pkt_time":1484319064722814,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064724096,"pkt":"gCqoTGHM5JjWH70UCABFAAA0RtdAAEAG6kvAqAEHNr8RM8\/JAbsptVYeqmuNy4AQEBV9zAAAAQEICh9lMA6tilit"}
+01205{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1598,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064722814,"flow_idle_time":3285032704,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319064728551,"pkt":"gCqoTGHM5JjWH70UCABFAAI52vZAAEAGVCfAqAEHNr8RM8\/JAbsptVYeqmuNy4AYEBU\/AQAAAQEICh9lMBGtilitFgMBAgABAAH8AwOssLX4r6P7GP1cyM+\/QL5jcos5eemrJxEB7qfdYiVRRQAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
+01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1598,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064722814,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064728551,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+01204{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1599,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064722112,"flow_idle_time":3285032704,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319064729673,"pkt":"gCqoTGHM5JjWH70UCABFAAI526xAAEAGU3HAqAEHNr8RM8\/SAbtTxg2VXDZIdIAYEBX36QAAAQEICh9lMBOtilitFgMBAgABAAH8AwM\/Ud3IJ+zS9aVmySryI5irQf+M2+tqC0+UPSJWqvpDqAAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
+01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1599,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064722112,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064729673,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1606,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1484319064711690,"flow_dst_last_pkt_time":1484319064781140,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319064781140,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGNcw0JST8wKgBBwG7z9NfgzodxPfVk6ASRersYQAAAgQFtAQCCAqFpSALH2UwAgEDAwg="}
+00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1609,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1484319064782652,"flow_dst_last_pkt_time":1484319064781140,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064782652,"pkt":"gCqoTGHM5JjWH70UCABFAAA0MmJAAEAG7ZHAqAEHNCUk\/M\/TAbvE99WTX4M6HoAQEBVQwAAAAQEICh9lMEaFpSAL"}
+00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1610,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064783171,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064783171,"pkt":"5JjWH70UgCqoTGHMCABFIAA0EM5AACoGNjU2vxEzwKgBBwG7z9JcNkh0U8YPmoAQAD09hgAAAQEICq2KWL0fZTAT"}
+00820{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1613,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064781140,"flow_idle_time":3285032704,"pkt_caplen":295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":295,"pkt_l4_len":261,"thread_ts_usec":1484319064785302,"pkt":"gCqoTGHM5JjWH70UCABFAAEZfjdAAEAGoNfAqAEHNCUk\/M\/TAbvE99WTX4M6HoAYEBXgSwAAAQEICh9lMEiFpSALFgMBAOABAADcAwNYeOlYxBLS5gM2ky3bQNFyoxLviT91lQxxEizDalFYdwAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAjQAAABgAFgAAE2ljaG5hZWEubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="}
+01149{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1613,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064781140,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064785302,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
+00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1616,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064796538,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064796538,"pkt":"5JjWH70UgCqoTGHMCABFIAA01XFAACkGcpE2vxEzwKgBBwG7z8mqa43LKbVYI4AQAD2LiwAAAQEICq2KWL4fZTAR"}
+01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1617,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064796989,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319064796989,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}}
+01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1618,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064823890,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319064823890,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}}
+00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1619,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064836708,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319064836708,"pkt":"5JjWH70UgCqoTGHMCABFIAA0GgVAACoGG880JST8wKgBBwG7z9NfgzoexPfWeIAQAEtfkAAAAQEICoWlIB4fZTBI"}
+01616{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1620,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064728551,"flow_dst_last_pkt_time":1484319064850606,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319064850606,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}}
+01209{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1624,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064885811,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319064885811,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
+01616{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1625,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064729673,"flow_dst_last_pkt_time":1484319064898548,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319064898548,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}}
+01639{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1632,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064950196,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319064950196,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}}
+01995{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1688,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319065388464,"flow_dst_last_pkt_time":1484319065423935,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":23355,"flow_dst_tot_l4_payload_len":2633,"midstream":0,"thread_ts_usec":1484319065423935,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":105,"avg":47531.9,"max":266118,"stddev":57373.9,"var":3291763968.0,"ent":4.0,"data": [53359,54641,4455,73724,451,53617,123531,11602,72543,62717,1529,55777,52363,2209,208,426,218,96299,96364,227,131,105,82592,81689,880,205,155,38176,40581,146597,266118]},"pktlen": {"min":52,"avg":865.4,"max":1500,"stddev":680.5,"var":463015.4,"ent":4.4,"data": [64,60,52,569,52,1500,1132,52,178,103,52,1044,106,52,1500,1500,1500,1500,52,1500,1500,1500,1500,52,1500,1500,1500,1500,1500,1500,1500,72]},"bins": {"c_to_s": [5,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0],"s_to_c": [5,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,1],"entropies": [4.578626633,5.335815907,5.207947731,4.350263596,5.169486523,7.184256554,7.647752762,5.207947731,6.566578865,6.006330490,5.169486046,7.810021400,6.234852314,5.215455055,7.860099316,7.858446598,7.850243568,7.875246525,5.284871101,7.867991447,7.875946045,7.875228882,7.851313114,5.246409416,7.892469883,7.867894650,7.855500698,7.875078678,7.889169693,7.874140739,7.858912468,5.388828278]}}
+01620{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1688,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319065388464,"flow_dst_last_pkt_time":1484319065423935,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":23355,"flow_dst_tot_l4_payload_len":2633,"midstream":0,"thread_ts_usec":1484319065423935,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}}
+01992{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1708,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319065492035,"flow_dst_last_pkt_time":1484319065478679,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9240,"flow_dst_tot_l4_payload_len":6755,"midstream":0,"thread_ts_usec":1484319065492035,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":182,"avg":52521.9,"max":282465,"stddev":58168.2,"var":3383536896.0,"ent":4.2,"data": [50844,52144,6261,61059,40719,74658,170395,11813,79420,67625,2032,57431,55801,1745,844,219,182,82546,79700,249,94600,127478,60574,282465,10583,27617,37968,39882,42871,7730,723]},"pktlen": {"min":52,"avg":552.5,"max":1500,"stddev":629.7,"var":396553.7,"ent":4.0,"data": [64,60,52,569,52,1500,1132,52,178,103,52,1043,106,52,1500,1500,1500,1500,52,1500,387,52,52,1243,52,1500,1486,52,101,52,83,52]},"bins": {"c_to_s": [10,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0],"s_to_c": [5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,2,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,1,1,1,0,1,1,0,1,0,0,0],"entropies": [4.598081589,5.369149208,5.169486046,4.365832806,5.154969215,7.171761036,7.662086964,5.169486523,6.518167496,5.984750271,5.100070000,7.782325745,6.202902317,5.246409416,7.867114544,7.871539593,7.857532978,7.870780945,5.078046322,7.856834412,7.434062958,5.154969215,5.154969215,7.833981991,5.246409416,7.884502411,7.878024578,5.246409416,6.160539627,5.207947731,5.791826725,5.094483852]}}
+01620{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1708,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319065492035,"flow_dst_last_pkt_time":1484319065478679,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9240,"flow_dst_tot_l4_payload_len":6755,"midstream":0,"thread_ts_usec":1484319065492035,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}}
+01991{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1735,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319065635020,"flow_dst_last_pkt_time":1484319065630720,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":19082,"flow_dst_tot_l4_payload_len":3110,"midstream":0,"thread_ts_usec":1484319065635020,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":105,"avg":59431.0,"max":332646,"stddev":83335.9,"var":6944879104.0,"ent":3.8,"data": [69450,70962,2650,55568,49103,64385,167918,331939,332646,26549,653,732,87677,534,60709,8817,7117,449,81078,62803,767,160,105,68135,67101,803,163,105,111161,109572,2549]},"pktlen": {"min":52,"avg":746.1,"max":1500,"stddev":703.8,"var":495333.0,"ent":4.2,"data": [64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1403,1500,1500,52,1500,1500,1500,1500,52,1500,1500,1500,1500,52,1500,1500]},"bins": {"c_to_s": [6,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,12,0,0],"s_to_c": [6,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0],"entropies": [4.578626633,5.323234081,5.169486046,5.810972691,5.131024837,7.231025219,7.326107502,5.154969215,6.940334797,5.169486523,6.230382919,5.079339504,6.149899960,5.207948208,5.992234230,5.193430901,7.859437466,7.874912739,7.853219032,5.207947731,7.901949883,7.848706245,7.875315189,7.851129055,5.207947731,7.874441147,7.863263607,7.860793114,7.870314598,5.207947731,7.870880127,7.866354465]}}
+01644{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1735,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319065635020,"flow_dst_last_pkt_time":1484319065630720,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":19082,"flow_dst_tot_l4_payload_len":3110,"midstream":0,"thread_ts_usec":1484319065635020,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}}
+02321{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1766,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319064593980,"flow_src_last_pkt_time":1484319066015206,"flow_dst_last_pkt_time":1484319066064571,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":515,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":19133,"midstream":0,"thread_ts_usec":1484319066064571,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2593,"avg":93284.4,"max":471964,"stddev":119313.2,"var":14235634688.0,"ent":4.1,"data": [26070,27491,2593,46530,5363,49411,29634,29502,8466,38422,5397,39840,38400,39693,140326,138333,356578,206910,471964,29274,417442,40849,81521,44012,43364,83015,187750,28619,25160,184386,25502]},"pktlen": {"min":52,"avg":684.8,"max":1500,"stddev":659.1,"var":434476.8,"ent":4.2,"data": [64,60,52,561,621,1500,52,663,52,567,629,1500,52,1500,52,1500,1500,80,1500,64,52,1500,1500,52,1500,52,1500,72,64,52,1500,1500]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1,1,0,1,0,1,0,0,0,1,1],"entropies": [4.570159912,5.266787052,5.065449715,6.275901794,5.797811985,4.453124046,5.118428230,4.223619461,5.089393616,6.289565086,5.782683849,3.849286318,5.103911400,6.893377781,5.000318050,7.605064869,7.871351719,5.248013020,7.860187054,5.187250137,5.077241421,7.867404461,7.859804153,5.065449238,7.885848045,5.000318527,7.863960743,5.267232895,5.115169048,5.079966545,7.857268333,7.882204533]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02318{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1829,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319064590230,"flow_src_last_pkt_time":1484319066598421,"flow_dst_last_pkt_time":1484319065741809,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":17969,"midstream":0,"thread_ts_usec":1484319066598421,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5292,"avg":101928.1,"max":730898,"stddev":155663.8,"var":24231225344.0,"ent":4.0,"data": [30477,31515,13216,64005,5292,56409,6142,68156,5406,71534,109518,202677,164827,560321,47319,78954,279545,27696,94465,26601,26144,15824,70512,85885,39451,39774,41592,84438,730898,41457,39720]},"pktlen": {"min":52,"avg":648.3,"max":1500,"stddev":653.4,"var":426995.3,"ent":4.2,"data": [64,60,52,557,618,951,52,564,628,1500,52,1500,1500,1500,72,64,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,64,72,64,52]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,0,1,0,0,0,0],"entropies": [4.476409912,5.212701797,5.156889915,6.230133057,5.778679371,3.867035151,5.079966545,6.195135117,5.745929718,3.167200804,5.094483852,7.856627464,7.824065208,7.816611290,5.331886292,5.165874004,5.118428230,7.781126976,7.831735134,5.118428230,7.778219700,4.961856365,5.882567406,7.827349663,5.103910923,7.794489861,4.961856365,7.814080238,4.958919048,5.244518280,5.083919048,5.079966545]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1926,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319070636683,"flow_src_last_pkt_time":1484319070636683,"flow_dst_last_pkt_time":1484319070636683,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319070636683,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1926,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1484319070636683,"flow_dst_last_pkt_time":1484319070636683,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319070636683,"pkt":"gCqoTGHM5JjWH70UCABFAABAs25AAEAGoh\/AqAEHF\/YLhc\/aAFBx1HGxAAAAALAC\/\/84uwAAAgQFtAEDAwUBAQgKH2VGAgAAAAAEAgAA"}
+00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1929,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1484319070636683,"flow_dst_last_pkt_time":1484319070655089,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319070655089,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWnIX9guFwKgBBwBQz9pdV1SucdRxsqAS\/\/+\/OwAAAgQFtAEDAwkEAggKgYtW3h9lRgI="}
+00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1930,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1484319070656558,"flow_dst_last_pkt_time":1484319070655089,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319070656558,"pkt":"gCqoTGHM5JjWH70UCABFAAA0S\/NAAEAGCafAqAEHF\/YLhc\/aAFBx1HGyXVdUr4AQEBXd4QAAAQEICh9lRhWBi1be"}
+01192{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1931,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1484319070660268,"flow_dst_last_pkt_time":1484319070655089,"flow_idle_time":3285032704,"pkt_caplen":575,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":575,"pkt_l4_len":541,"thread_ts_usec":1484319070660268,"pkt":"gCqoTGHM5JjWH70UCABFAAIxzrJAAEAGhOrAqAEHF\/YLhc\/aAFBx1HGyXVdUr4AYEBUYkAAAAQEICh9lRhiBi1beR0VUIC8\/bz1BUUVmS3Eyb01yTFJpV0wxb3VWYUpwZVFMQldqR0xqU3NldTIzVjJIWDZrSWlVOUpwYkNhQnh4YUlvejIxcVFOS3VEVWFPSVp3ZFRseDIzRE1WeGFiYkN3bXZFbHVpcERXMnR2Rk1saE1SdHdkaGhWbGJ2OUtHRmFiaXU1S0gwU2x4MFZqT0tfd3pUaHBfN2xIaFdBNGtXOWdheVlFV3RqTk5LZSZ2PTMmZT0xNDg0MzQ3ODUwJnQ9SmZFZWY4MEswMnluSWpMTG9pLUhaQjF1UTEwIEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTMzDQpYLVBsYXliYWNrLVNlc3Npb24tSWQ6IDQzRERBRkI5LUZFMkYtNEM2RS05QjkxLUFCMERDNDY0ODdBMQ0KUmFuZ2U6IGJ5dGVzPTAtMjAxNg0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IEFwcGxlQ29yZU1lZGlhLzEuMC4wLjE0QzkyIChpUGhvbmU7IFU7IENQVSBPUyAxMF8yIGxpa2UgTWFjIE9TIFg7IGVuX3VzKQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cw0KQWNjZXB0LUVuY29kaW5nOiBpZGVudGl0eQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
+01420{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1931,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319070636683,"flow_src_last_pkt_time":1484319070660268,"flow_dst_last_pkt_time":1484319070655089,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":509,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":509,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319070660268,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.133","http": {"url":"23.246.11.133\/?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}}
+01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1932,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1484319070660268,"flow_dst_last_pkt_time":1484319070683948,"flow_idle_time":3285032704,"pkt_caplen":634,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":634,"pkt_l4_len":600,"thread_ts_usec":1484319070683948,"pkt":"5JjWH70UgCqoTGHMCABFIAJsAABAADsGWEIX9guFwKgBBwBQz9pdV1SvcdRzr4AQCALHHwAAAQEICoGLVvsfZUYYSFRUUC8xLjEgMjA2IFBhcnRpYWwgQ29udGVudA0KU2VydmVyOiBuZ2lueA0KRGF0ZTogRnJpLCAxMyBKYW4gMjAxNyAxNDo1MToxMCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMjAxNw0KTGFzdC1Nb2RpZmllZDogVGh1LCAwNiBBdWcgMjAxNSAwODo0OTozMiBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD03MjkyMTg0NzU7aDE9MzQ4NTc3ODU3MDtoMj00MTk0MzEzOTQzO2gzPTExOTYyNjI1MTY7aDQ9Mzc5NzQ1MzgwOTsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzIxMDthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KQ29udGVudC1SYW5nZTogYnl0ZXMgMC0yMDE2LzM1MzY4MzQ3DQoNCg=="}
+00954{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1975,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1484319033886061,"flow_src_last_pkt_time":1484319083007977,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1482,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319083007977,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
+00950{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1975,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1484319032865799,"flow_src_last_pkt_time":1484319032866374,"flow_dst_last_pkt_time":1484319032884052,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":329,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":562,"midstream":0,"thread_ts_usec":1484319083007977,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
+00949{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1975,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319036827113,"flow_src_last_pkt_time":1484319036827113,"flow_dst_last_pkt_time":1484319036847572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":95,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":95,"midstream":0,"thread_ts_usec":1484319083007977,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1975,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319035004050,"flow_src_last_pkt_time":1484319035004050,"flow_dst_last_pkt_time":1484319035024355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1484319083007977,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
+00950{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1975,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319032882949,"flow_src_last_pkt_time":1484319032882949,"flow_dst_last_pkt_time":1484319032884500,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":1484319083007977,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
+00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1978,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319091296070,"flow_src_last_pkt_time":1484319091296070,"flow_dst_last_pkt_time":1484319091296070,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319091296070,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1978,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1484319091296070,"flow_dst_last_pkt_time":1484319091296070,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319091296070,"pkt":"gCqoTGHM5JjWH70UCABFAABAakNAAEAG60LAqAEHF\/YLjc\/hAFDAgDYQAAAAALAC\/\/\/YUQAAAgQFtAEDAwUBAQgKH2WTUQAAAAAEAgAA"}
+00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1979,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1484319091296070,"flow_dst_last_pkt_time":1484319091309083,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319091309083,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz+FsswOfwIA2EaAS\/\/85DQAAAgQFtAEDAwkEAggK\/T5Cox9lk1E="}
+00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1980,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1484319091310850,"flow_dst_last_pkt_time":1484319091309083,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319091310850,"pkt":"gCqoTGHM5JjWH70UCABFAAA00UpAAEAGhEfAqAEHF\/YLjc\/hAFDAgDYRbLMDoIAQEBVXuAAAAQEICh9lk1\/9PkKj"}
+01192{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1981,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1484319091314892,"flow_dst_last_pkt_time":1484319091309083,"flow_idle_time":3285032704,"pkt_caplen":575,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":575,"pkt_l4_len":541,"thread_ts_usec":1484319091314892,"pkt":"gCqoTGHM5JjWH70UCABFAAIxbbBAAEAG5eTAqAEHF\/YLjc\/hAFDAgDYRbLMDoIAYEBVzYQAAAQEICh9lk2L9PkKjR0VUIC8\/bz1BUUVmS3Eyb01yTFJpV0wycHVOUUpKMlRMaHVpR0xqU3NldTIzVjJIWDZrSWlVOUpwYkNhQnh4YUlvejIxcVFOS3VEVWFPSVp3ZFRseDIzRE1WeGFiYkN3bXZFbHVpcERXMnR2Rk1saE1SdHdkaGhWbGJ2OUtHRmFiaXU1S0gwU2x4MFZqT0tfd3pUaHBQN2xIaFdBNGtXOWdheVlFV3RqTk5LZSZ2PTMmZT0xNDg0MzQ3ODUwJnQ9RGgyNzh1MlVwQXBPQ0dVajVSeFY4YXpOV1g4IEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTQxDQpYLVBsYXliYWNrLVNlc3Npb24tSWQ6IDQzRERBRkI5LUZFMkYtNEM2RS05QjkxLUFCMERDNDY0ODdBMQ0KUmFuZ2U6IGJ5dGVzPTAtMjA1OA0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IEFwcGxlQ29yZU1lZGlhLzEuMC4wLjE0QzkyIChpUGhvbmU7IFU7IENQVSBPUyAxMF8yIGxpa2UgTWFjIE9TIFg7IGVuX3VzKQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cw0KQWNjZXB0LUVuY29kaW5nOiBpZGVudGl0eQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
+01420{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1981,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319091296070,"flow_src_last_pkt_time":1484319091314892,"flow_dst_last_pkt_time":1484319091309083,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":509,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":509,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319091314892,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}}
+01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1982,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1484319091314892,"flow_dst_last_pkt_time":1484319091339356,"flow_idle_time":3285032704,"pkt_caplen":634,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":634,"pkt_l4_len":600,"thread_ts_usec":1484319091339356,"pkt":"5JjWH70UgCqoTGHMCABFIAJsAABAADsGWDoX9guNwKgBBwBQz+FsswOgwIA4DoAQCAJKIQAAAQEICv0+QsAfZZNiSFRUUC8xLjEgMjA2IFBhcnRpYWwgQ29udGVudA0KU2VydmVyOiBuZ2lueA0KRGF0ZTogRnJpLCAxMyBKYW4gMjAxNyAxNDo1MTozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMjA1OQ0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMDo1OTo1NyBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0yOTgzMTEwNzE7aDE9MzMxNjkzMDExMDtoMj0zNjA3NzYxMjI1O2gzPTE1NTc1ODQyMzk7aDQ9MTcxNjMzNjAwOTsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzIxNzthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KQ29udGVudC1SYW5nZTogYnl0ZXMgMC0yMDU4LzY4Mzk0NTQxDQoNCg=="}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2008,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319042988806,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319043002781,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":106,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":106,"midstream":0,"thread_ts_usec":1484319091694942,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
+00944{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2015,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319049641053,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049665892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1484319098014382,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2015,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319048757894,"flow_src_last_pkt_time":1484319048757894,"flow_dst_last_pkt_time":1484319048776187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":150,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":150,"midstream":0,"thread_ts_usec":1484319098014382,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2015,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319049645637,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049681348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":329,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":329,"midstream":0,"thread_ts_usec":1484319098014382,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
+00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2017,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319114365279,"flow_src_last_pkt_time":1484319114365279,"flow_dst_last_pkt_time":1484319114365279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319114365279,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2017,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1484319114365279,"flow_dst_last_pkt_time":1484319114365279,"flow_idle_time":200000000,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1484319114365279,"pkt":"gCqoTGHM5JjWH70UCABFAABCZ6UAAEARj63AqAEHwKgBAcmmADUALqajKFkBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAABAAE="}
+01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2017,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319114365279,"flow_src_last_pkt_time":1484319114365279,"flow_dst_last_pkt_time":1484319114365279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319114365279,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"ios.nccp.netflix.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2018,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1484319114365513,"flow_dst_last_pkt_time":1484319114365279,"flow_idle_time":200000000,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1484319114365513,"pkt":"gCqoTGHM5JjWH70UCABFAABCN7AAAEARv6LAqAEHwKgBAcmmADUALiWYqUkBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAE="}
+01054{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2018,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1484319114365279,"flow_src_last_pkt_time":1484319114365513,"flow_dst_last_pkt_time":1484319114365279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319114365513,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"ios.nccp.netflix.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00788{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2019,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_src_last_pkt_time":1484319114365513,"flow_dst_last_pkt_time":1484319114384308,"flow_idle_time":200000000,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_usec":1484319114384308,"pkt":"5JjWH70UgCqoTGHMCABFAAEF4UpAAEAR1UTAqAEBwKgBBwA1yaYA8aaTKFmBgAABAAoAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAABAAHADAAFAAEAAAAhAA8DaW9zBG5jY3ADZ2VvwBXAMgAFAAEAAAEXABwDaW9zBG5jY3AJdXMtd2VzdC0yBnByb2RhYcAVwE0AAQABAAAALwAENCAW1sBNAAEAAQAAAC8ABDQiMaPATQABAAEAAAAvAAQ0GyTuwE0AAQABAAAALwAENCJwJsBNAAEAAQAAAC8ABDQi04bATQABAAEAAAAvAAQ0GRpcwE0AAQABAAAALwAENCDSq8BNAAEAAQAAAC8ABDQi5lM="}
+01064{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2019,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1484319114365279,"flow_src_last_pkt_time":1484319114365513,"flow_dst_last_pkt_time":1484319114384308,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":233,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":233,"midstream":0,"thread_ts_usec":1484319114384308,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"ios.nccp.netflix.com","dns": {"num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":1,"rsp_addr":"52.32.22.214"}}}
+00916{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2020,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_src_last_pkt_time":1484319114365513,"flow_dst_last_pkt_time":1484319114400480,"flow_idle_time":200000000,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"thread_ts_usec":1484319114400480,"pkt":"5JjWH70UgCqoTGHMCABFAAFl4UtAAEAR1OPAqAEBwKgBBwA1yaYBUaZKqUmBgAABAAoAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAHADAAFAAEAAAAdAA8DaW9zBG5jY3ADZ2VvwBXAMgAFAAEAAAEZABwDaW9zBG5jY3AJdXMtd2VzdC0yBnByb2RhYcAVwE0AHAABAAAALQAQJiABCHAPAAAAAAAANpUfRMBNABwAAQAAAC0AECYgAQhwDwAAAAAAADaVT4rATQAcAAEAAAAtABAmIAEIcA8AAAAAAAA2uidXwE0AHAABAAAALQAQJiABCHAPAAAAAAAANroXx8BNABwAAQAAAC0AECYgAQhwDwAAAAAAADZE0xXATQAcAAEAAAAtABAmIAEIcA8AAAAAAAA2ummQwE0AHAABAAAALQAQJiABCHAPAAAAAAAANkTCZ8BNABwAAQAAAC0AECYgAQhwDwAAAAAAADa6im8="}
+00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2021,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114406347,"flow_dst_last_pkt_time":1484319114406347,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319114406347,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2021,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1484319114406347,"flow_dst_last_pkt_time":1484319114406347,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319114406347,"pkt":"gCqoTGHM5JjWH70UCABFAABAaktAAEAGw8fAqAEHNCAW1s\/2Abt+TgYJAAAAALAC\/\/\/LHgAAAgQFtAEDAwUBAQgKH2XpygAAAAAEAgAA"}
+00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2022,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1484319114406347,"flow_dst_last_pkt_time":1484319114455348,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319114455348,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGRPc0IBbWwKgBBwG7z\/ZJSmsOfk4GCqASOJAVRAAAAgQFtAQCCAq2sSMxH2XpygEDAwg="}
+00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2023,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1484319114457327,"flow_dst_last_pkt_time":1484319114455348,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319114457327,"pkt":"gCqoTGHM5JjWH70UCABFAAA03p5AAEAGT4DAqAEHNCAW1s\/2Abt+TgYKSUprD4AQEBVsWgAAAQEICh9l6fy2sSMx"}
+01204{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2024,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114455348,"flow_idle_time":3285032704,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319114464321,"pkt":"gCqoTGHM5JjWH70UCABFAAI5Y7ZAAEAGyGPAqAEHNCAW1s\/2Abt+TgYKSUprD4AYEBXEQwAAAQEICh9l6gK2sSMxFgMBAgABAAH8AwPYD50dwaa6SBFM+FER3hNsABrlY\/SCFZdiIuSkbU7v5QAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
+01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2024,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114455348,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319114464321,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2025,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114523056,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319114523056,"pkt":"5JjWH70UgCqoTGHMCABFIAA0SDFAACkG\/M00IBbWwKgBBwG7z\/ZJSmsPfk4ID4AQAD16GQAAAQEICraxIz8fZeoC"}
+01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2026,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114523585,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319114523585,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}}
+01616{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2027,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319114464321,"flow_dst_last_pkt_time":1484319114556754,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319114556754,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}}
+00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2048,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319117511945,"flow_src_last_pkt_time":1484319117511945,"flow_dst_last_pkt_time":1484319117511945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117511945,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2048,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1484319117511945,"flow_dst_last_pkt_time":1484319117511945,"flow_idle_time":200000000,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1484319117511945,"pkt":"gCqoTGHM5JjWH70UCABFAABT2RsAAP8RXyXAqAEHwKgBAct\/ADUAP5\/hcXUBAAABAAAAAAAACmFwaS1nbG9iYWwHbGF0ZW5jeQZwcm9kYWEHbmV0ZmxpeANjb20AAAEAAQ=="}
+01062{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2048,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319117511945,"flow_src_last_pkt_time":1484319117511945,"flow_dst_last_pkt_time":1484319117511945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117511945,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"api-global.latency.prodaa.netflix.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2049,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":1484319117511945,"flow_dst_last_pkt_time":1484319117538934,"flow_idle_time":200000000,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_usec":1484319117538934,"pkt":"5JjWH70UgCqoTGHMCABFAADT4UxAAEAR1XTAqAEBwKgBBwA1y38Av8eGcXWBgAABAAgAAAAACmFwaS1nbG9iYWwHbGF0ZW5jeQZwcm9kYWEHbmV0ZmxpeANjb20AAAEAAcAMAAEAAQAAACsABDQpHgXADAABAAEAAAArAAQ0KVZPwAwAAQABAAAAKwAENCnkd8AMAAEAAQAAACsABDQpn7bADAABAAEAAAArAAQ0J+8jwAwAAQABAAAAKwAENCc7i8AMAAEAAQAAACsABDQo+f3ADAABAAEAAAArAAQ0KRH0"}
+01077{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2049,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319117511945,"flow_src_last_pkt_time":1484319117511945,"flow_dst_last_pkt_time":1484319117538934,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1484319117538934,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"api-global.latency.prodaa.netflix.com","dns": {"num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.41.30.5"}}}
+00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2055,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117605859,"flow_dst_last_pkt_time":1484319117605859,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117605859,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2055,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1484319117605859,"flow_dst_last_pkt_time":1484319117605859,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319117605859,"pkt":"gCqoTGHM5JjWH70UCABFAABArFRAAEAGeobAqAEHNCkeBc\/3Abv7qhZTAAAAALAC\/\/8qUQAAAgQFtAEDAwUBAQgKH2X1uAAAAAAEAgAA"}
+00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2056,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117651396,"flow_dst_last_pkt_time":1484319117651396,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117651396,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2056,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1484319117651396,"flow_dst_last_pkt_time":1484319117651396,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319117651396,"pkt":"gCqoTGHM5JjWH70UCABFAABAO7RAAEAG8l7AqAEHNCAW1tAAAbtmeMEgAAAAALAC\/\/8btwAAAgQFtAEDAwUBAQgKH2X15gAAAAAEAgAA"}
+00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2058,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1484319117605859,"flow_dst_last_pkt_time":1484319117664151,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319117664151,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGPb80KR4FwKgBBwG7z\/fOmYqt+6oWVKASOJB9NwAAAgQFtAQCCAqh\/Yo1H2X1uAEDAwg="}
+00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2060,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1484319117667082,"flow_dst_last_pkt_time":1484319117664151,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117667082,"pkt":"gCqoTGHM5JjWH70UCABFAAA0nQxAAEAGidrAqAEHNCkeBc\/3Abv7qhZUzpmKroAQEBXUQwAAAQEICh9l9fSh\/Yo1"}
+01205{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2063,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117664151,"flow_idle_time":3285032704,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319117668880,"pkt":"gCqoTGHM5JjWH70UCABFAAI59gxAAEAGLtXAqAEHNCkeBc\/3Abv7qhZUzpmKroAYEBUUlAAAAQEICh9l9feh\/Yo1FgMBAgABAAH8AwNYeOmNAe5Q0hcaTI2Ej50ifhjlODvil\/8YZ4JhR3RxkSAlPalSNkR1ua99akikzzyiXtlC5nVNfalnaleVK1UZuQAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAAGNAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMzdAAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQAFAAUBAAAAAAASAAAAFwAAABUA+QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
+01150{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2063,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117664151,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117668880,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
+00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2064,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_src_last_pkt_time":1484319117651396,"flow_dst_last_pkt_time":1484319117703150,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319117703150,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGRPc0IBbWwKgBBwG70ABfA575ZnjBIaASOJAZDQAAAgQFtAQCCAq2sSZcH2X15gEDAwg="}
+00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2065,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_src_last_pkt_time":1484319117704525,"flow_dst_last_pkt_time":1484319117703150,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117704525,"pkt":"gCqoTGHM5JjWH70UCABFAAA0fsVAAEAGr1nAqAEHNCAW1tAAAbtmeMEhXwOe+oAQEBVwIwAAAQEICh9l9hi2sSZc"}
+01203{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2066,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117703150,"flow_idle_time":3285032704,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319117713351,"pkt":"gCqoTGHM5JjWH70UCABFAAI5taBAAEAGdnnAqAEHNCAW1tAAAbtmeMEhXwOe+oAYEBXylgAAAQEICh9l9hq2sSZcFgMBAgABAAH8AwN8q\/ZLhsSOm12ptnIT0OvNxxjn3f9+RlJ5hY7lfSkXAAAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
+01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2066,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117703150,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117713351,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2067,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117734717,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117734717,"pkt":"5JjWH70UgCqoTGHMCABFIAA0AOhAACkGPN80KR4FwKgBBwG7z\/fOmYqu+6oYWYAQAD3iAQAAAQEICqH9ikcfZfX3"}
+01210{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2068,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117737656,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319117737656,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
+01667{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2069,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319117668880,"flow_dst_last_pkt_time":1484319117738672,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319117738672,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}}
+00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2080,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":5,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117767728,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117767728,"pkt":"5JjWH70UgCqoTGHMCABFIAA0uJNAACkGjGs0IBbWwKgBBwG70ABfA576ZnjDJoAQAD194wAAAQEICraxJm0fZfYa"}
+01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2081,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117770085,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1484319117770085,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}}
+01616{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2082,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117713351,"flow_dst_last_pkt_time":1484319117771052,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2528,"midstream":0,"thread_ts_usec":1484319117771052,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ios.nccp.netflix.com","tls": {"version":"TLSv1.2","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}}
+00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2091,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319117826887,"flow_dst_last_pkt_time":1484319117826887,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117826887,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2091,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1484319117826887,"flow_dst_last_pkt_time":1484319117826887,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319117826887,"pkt":"gCqoTGHM5JjWH70UCABFAABAF8hAAEAGDxPAqAEHNCkeBdABAbshc+whAAAAALAC\/\/8t3QAAAgQFtAEDAwUBAQgKH2X2iwAAAAAEAgAA"}
+00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2092,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319117827967,"flow_dst_last_pkt_time":1484319117827967,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117827967,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2092,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1484319117827967,"flow_dst_last_pkt_time":1484319117827967,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319117827967,"pkt":"gCqoTGHM5JjWH70UCABFAABADR1AAEAGGb7AqAEHNCkeBdACAbuRqNIFAAAAALAC\/\/\/XwQAAAgQFtAEDAwUBAQgKH2X2jAAAAAAEAgAA"}
+00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2101,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1484319117826887,"flow_dst_last_pkt_time":1484319117879588,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319117879588,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGPL80KR4FwKgBBwG70AFaPMiyIXPsIqASOJC25AAAAgQFtAQCCAqh\/YpsH2X2iwEDAwg="}
+00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2102,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1484319117881117,"flow_dst_last_pkt_time":1484319117879588,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117881117,"pkt":"gCqoTGHM5JjWH70UCABFAAA0BiRAAEAGIMPAqAEHNCkeBdABAbshc+wiWjzIs4AQEBUN+QAAAQEICh9l9r+h\/Yps"}
+00794{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2103,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117879588,"flow_idle_time":3285032704,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1484319117885772,"pkt":"gCqoTGHM5JjWH70UCABFAAEEKuFAAEAG+zXAqAEHNCkeBdABAbshc+wiWjzIs4AYEBUAlAAAAQEICh9l9sOh\/YpsFgMBAMsBAADHAwNYeOmNxGxgi8I9EIqk5oJkWnJI9VweKmO\/JyQkao7GaCDcQ+\/FQ45c2bdXzP\/d5vWiRznU+6UwyhdZu7Y2G7JjpAAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="}
+01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2103,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117879588,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117885772,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2104,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1484319117827967,"flow_dst_last_pkt_time":1484319117886937,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319117886937,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGPb80KR4FwKgBBwG70ALhlhIJkajSBqASOJCQFwAAAgQFtAQCCAqh\/YptH2X2jAEDAwg="}
+00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2105,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_src_last_pkt_time":1484319117890575,"flow_dst_last_pkt_time":1484319117886937,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117890575,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Pr9AAEAG6CfAqAEHNCkeBdACAbuRqNIG4ZYSCoAQEBXnJgAAAQEICh9l9sWh\/Ypt"}
+00793{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2106,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117886937,"flow_idle_time":3285032704,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":1484319117892631,"pkt":"gCqoTGHM5JjWH70UCABFAAEEuTxAAEAGbNrAqAEHNCkeBdACAbuRqNIG4ZYSCoAYEBUMGAAAAQEICh9l9seh\/YptFgMBAMsBAADHAwNYeOmNE5tkHrD0G2XjxlOstOMmL3TKkSrM+b+7cNSu7CDcQ+\/FQ45c2bdXzP\/d5vWiRznU+6UwyhdZu7Y2G7JjpAAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="}
+01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2106,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117886937,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319117892631,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2112,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117929656,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117929656,"pkt":"5JjWH70UgCqoTGHMCABFIAA0QsRAACoG+gI0KR4FwKgBBwG70AFaPMizIXPs8oAQAD0c8QAAAQEICqH9ingfZfbD"}
+01274{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2113,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319117885772,"flow_dst_last_pkt_time":1484319117930548,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319117930548,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}}
+00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2119,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":5,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117941532,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319117941532,"pkt":"5JjWH70UgCqoTGHMCABFIAA0mHNAACkGpVM0KR4FwKgBBwG70ALhlhIKkajS1oAQAD32HgAAAQEICqH9insfZfbH"}
+01274{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2120,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319117892631,"flow_dst_last_pkt_time":1484319117942410,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":145,"midstream":0,"thread_ts_usec":1484319117942410,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}}
+02301{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2167,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319118140455,"flow_dst_last_pkt_time":1484319118145946,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2205,"flow_dst_tot_l4_payload_len":9578,"midstream":0,"thread_ts_usec":1484319118145946,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":140,"avg":20407.3,"max":141407,"stddev":28956.2,"var":838464256.0,"ent":3.9,"data": [52701,54230,4655,50068,892,45987,1145,402,2281,621,48897,36085,58570,140,1031,141407,13303,12185,4698,8739,8491,4498,3692,4536,12375,12816,15153,13884,6123,6182,6840]},"pktlen": {"min":52,"avg":420.8,"max":1500,"stddev":506.4,"var":256458.0,"ent":4.1,"data": [64,60,52,260,52,197,52,58,97,1500,550,52,52,1500,213,1500,52,545,52,991,52,425,52,1292,52,1392,52,646,52,794,52,707]},"bins": {"c_to_s": [12,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [4,0,0,0,1,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.494096756,5.269149303,5.100070000,6.003353119,5.215455055,6.547097206,5.138531685,5.182787418,6.044509888,7.866807461,7.609665394,5.140452385,5.215455055,7.873748302,6.994494438,7.847311020,5.138531685,7.632858276,5.138531685,7.760740280,5.176993370,7.540992260,5.061608315,7.843688965,5.176993370,7.880697250,5.138531685,7.689140797,5.100070000,7.779115677,5.138531685,7.737319469]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
+00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2180,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319118629811,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118629811,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118629811,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2180,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118629811,"flow_idle_time":200000000,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1484319118629811,"pkt":"gCqoTGHM5JjWH70UCABFAABDkmsAAP8RpeXAqAEHwKgBAd8FADUALzVHkfABAAABAAAAAAAABWExOTA3BGRzY2cGYWthbWFpA25ldAAAAQAB"}
+01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2180,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319118629811,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118629811,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118629811,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a1907.dscg.akamai.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2187,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118652959,"flow_idle_time":200000000,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_usec":1484319118652959,"pkt":"5JjWH70UgCqoTGHMCABFAABj4U1AAEAR1ePAqAEBwKgBBwA13wUATx78kfCBgAABAAIAAAAABWExOTA3BGRzY2cGYWthbWFpA25ldAAAAQABwAwAAQABAAAADAAEuBnMCsAMAAEAAQAAAAwABLgZzBk="}
+01057{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2187,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319118629811,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118652959,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":71,"midstream":0,"thread_ts_usec":1484319118652959,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a1907.dscg.akamai.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.10"}}}
+00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2190,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319118657433,"flow_src_last_pkt_time":1484319118657433,"flow_dst_last_pkt_time":1484319118657433,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118657433,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2190,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1484319118657433,"flow_dst_last_pkt_time":1484319118657433,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319118657433,"pkt":"gCqoTGHM5JjWH70UCABFAABAL91AAEAGxQfAqAEHuBnMCtADAFAmSxL9AAAAALAC\/\/\/OdwAAAgQFtAEDAwUBAQgKH2X5sAAAAAAEAgAA"}
+00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2191,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319118658049,"flow_src_last_pkt_time":1484319118658049,"flow_dst_last_pkt_time":1484319118658049,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118658049,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2191,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1484319118658049,"flow_dst_last_pkt_time":1484319118658049,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319118658049,"pkt":"gCqoTGHM5JjWH70UCABFAABAEThAAEAG46zAqAEHuBnMCtAEAFDFgkYhAAAAALAC\/\/\/8GgAAAgQFtAEDAwUBAQgKH2X5sAAAAAAEAgAA"}
+00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2193,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_src_last_pkt_time":1484319118657433,"flow_dst_last_pkt_time":1484319118672865,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319118672865,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Mi4GcwKwKgBBwBQ0APyPQT8JksS\/qAScSAMhgAAAgQFtAQCCAr\/\/WqNH2X5sAEDAwU="}
+00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2194,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_src_last_pkt_time":1484319118674195,"flow_dst_last_pkt_time":1484319118672865,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319118674195,"pkt":"gCqoTGHM5JjWH70UCABFAAA0XA9AAEAGmOHAqAEHuBnMCtADAFAmSxL+8j0E\/YAQEBWcSwAAAQEICh9l+cD\/\/WqN"}
+00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2195,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1484319118658049,"flow_dst_last_pkt_time":1484319118674728,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319118674728,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Mi4GcwKwKgBBwBQ0ASr4P0LxYJGIqAScSCIdgAAAgQFtAQCCAr\/\/WqNH2X5sAEDAwU="}
+00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2197,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_src_last_pkt_time":1484319118675789,"flow_dst_last_pkt_time":1484319118674728,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319118675789,"pkt":"gCqoTGHM5JjWH70UCABFAAA0us1AAEAGOiPAqAEHuBnMCtAEAFDFgkYiq+D9DIAQEBUYOwAAAQEICh9l+cH\/\/WqN"}
+00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2198,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":4,"flow_src_last_pkt_time":1484319118676250,"flow_dst_last_pkt_time":1484319118672865,"flow_idle_time":3285032704,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"thread_ts_usec":1484319118676250,"pkt":"gCqoTGHM5JjWH70UCABFAAEppeRAAEAGThfAqAEHuBnMCtADAFAmSxL+8j0E\/YAYEBUliAAAAQEICh9l+cH\/\/WqNR0VUIC80ZTM2ZC82Mjg5ODg5MDIwZDZjYzZkZmIzMDM4YzM1NTY0YTQxZTFjYTRlMzZkLmpwZyBIVFRQLzEuMQ0KSG9zdDogYXJ0LTEubmZseGltZy5uZXQNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTO3E9MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBBcmdvLzkuMS4wIChpUGhvbmU7IGlPUyAxMC4yOyBTY2FsZS8yLjAwKQ0KDQo="}
+01115{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2198,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319118657433,"flow_src_last_pkt_time":1484319118676250,"flow_dst_last_pkt_time":1484319118672865,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118676250,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net","http": {"url":"art-1.nflximg.net\/4e36d\/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}}
+00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2200,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_src_last_pkt_time":1484319118687774,"flow_dst_last_pkt_time":1484319118674728,"flow_idle_time":3285032704,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"thread_ts_usec":1484319118687774,"pkt":"gCqoTGHM5JjWH70UCABFAAEp1+JAAEAGHBnAqAEHuBnMCtAEAFDFgkYiq+D9DIAYEBXuKgAAAQEICh9l+cj\/\/WqNR0VUIC84YjFmYS9lYWExYjc4Y2Q3MmNhNGRiZGNhYjUyNzY5MWQyZmNhYjM3YzhiMWZhLmpwZyBIVFRQLzEuMQ0KSG9zdDogYXJ0LTEubmZseGltZy5uZXQNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTO3E9MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBBcmdvLzkuMS4wIChpUGhvbmU7IGlPUyAxMC4yOyBTY2FsZS8yLjAwKQ0KDQo="}
+01115{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2200,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319118658049,"flow_src_last_pkt_time":1484319118687774,"flow_dst_last_pkt_time":1484319118674728,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319118687774,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video","hostname":"art-1.nflximg.net","http": {"url":"art-1.nflximg.net\/8b1fa\/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}}
+00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2201,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":5,"flow_src_last_pkt_time":1484319118676250,"flow_dst_last_pkt_time":1484319118700093,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319118700093,"pkt":"5JjWH70UgCqoTGHMCABFIAA0blRAADwGiny4GcwKwKgBBwBQ0APyPQT9JksT84AQA6unowAAAQEICv\/9aqkfZfnB"}
+00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2205,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":5,"flow_src_last_pkt_time":1484319118687774,"flow_dst_last_pkt_time":1484319118713206,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319118713206,"pkt":"5JjWH70UgCqoTGHMCABFIAA0l79AADwGYRG4GcwKwKgBBwBQ0ASr4P0MxYJHF4AQA6sjgwAAAQEICv\/9arMfZfnI"}
+01976{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2213,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319118414034,"flow_dst_last_pkt_time":1484319118767393,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4896,"flow_dst_tot_l4_payload_len":7589,"midstream":0,"thread_ts_usec":1484319118767393,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":95,"avg":63539.0,"max":500942,"stddev":121518.7,"var":14766798848.0,"ent":3.3,"data": [58292,61223,1798,70566,2939,1016,71265,11570,12325,13054,147,95,65707,781,52265,3649,191,91649,51753,301,140150,3732,3446,3903,5462,6438,5030,437212,863,500942,291945]},"pktlen": {"min":52,"avg":442.8,"max":1500,"stddev":552.3,"var":305076.8,"ent":4.0,"data": [64,60,52,569,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,789,52,1500,476,52,448,52,751,52,86,52,1500,672,52,1500]},"bins": {"c_to_s": [10,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [5,2,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,0,1,0,1,0,1,0,0,0,1,1],"entropies": [4.586286545,5.335815430,5.169486523,4.098951340,5.025067329,7.251211166,7.301212311,5.207947731,7.012731075,5.246409416,6.273766041,5.113821983,5.990005016,5.132945538,5.992234230,5.246409893,7.870625973,7.755266190,5.171407223,7.853860855,7.522392750,5.169486046,7.574260712,5.131024361,7.742949009,5.207947731,5.956426620,5.207947731,7.856410503,7.668289185,5.038780212,7.883280277]}}
+01671{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2213,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319118414034,"flow_dst_last_pkt_time":1484319118767393,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4896,"flow_dst_tot_l4_payload_len":7589,"midstream":0,"thread_ts_usec":1484319118767393,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"api-global.netflix.com","tls": {"version":"TLSv1.2","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}}
+02208{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2257,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":26,"flow_first_seen":1484319118658049,"flow_src_last_pkt_time":1484319118854817,"flow_dst_last_pkt_time":1484319119584735,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":34752,"midstream":0,"thread_ts_usec":1484319119584735,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":508,"avg":36240.5,"max":99830,"stddev":21554.2,"var":464585632.0,"ent":4.7,"data": [16679,17740,11985,38478,508,12702,40101,27115,27112,58536,99830,81106,33879,23672,53768,53762,65076,48010,65429,13865,30914,13324,28733,40448,54528,28786,29443,29431,27518,25487,25489]},"pktlen": {"min":52,"avg":1146.7,"max":1500,"stddev":613.3,"var":376142.5,"ent":4.7,"data": [64,60,52,297,52,1500,1500,52,1500,52,1500,64,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500]},"bins": {"c_to_s": [5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.495864868,5.233453751,5.156889915,5.883365631,5.270353794,7.005603790,7.481070995,5.118428230,7.677317619,5.077241421,7.654481411,5.151865005,7.832942486,7.813632965,7.788673401,7.782803535,7.834435940,7.821334362,7.827250957,7.843655586,7.828696728,7.842951298,7.865435123,7.847778320,7.855163097,7.835734844,7.856423378,7.842322826,7.854029179,7.863353252,7.834544182,7.849704266]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+02200{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2282,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1484319118657433,"flow_src_last_pkt_time":1484319120611345,"flow_dst_last_pkt_time":1484319120609765,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":490,"flow_dst_tot_l4_payload_len":22387,"midstream":0,"thread_ts_usec":1484319120611345,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":241,"avg":126007.9,"max":1416280,"stddev":340787.6,"var":116136157184.0,"ent":2.6,"data": [15432,16762,2055,27228,957,1055,27336,38112,39355,39938,44658,83445,40664,236734,277719,1389753,1416280,268,12835,48683,241,12768,12757,15934,13837,16300,12778,12746,23173,13285,13156]},"pktlen": {"min":52,"avg":767.5,"max":1500,"stddev":698.9,"var":488505.9,"ent":4.3,"data": [64,60,52,297,52,1500,1500,52,1500,52,1500,1500,52,1500,719,52,297,1500,1500,1500,52,52,1500,1500,52,1500,52,1500,1500,52,1500,52]},"bins": {"c_to_s": [12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,0,0,1,1,1,0,0,1,1,0,1,0,1,1,0,1,0],"entropies": [4.464614868,5.187539101,5.079966545,5.914007187,5.270354271,7.264070511,7.801600933,5.195351601,7.847749710,5.032077789,7.834869862,7.811845303,5.118427753,7.846868038,7.676549435,5.195351124,5.834331989,6.944043159,7.534036636,7.785680771,5.062724590,4.993616104,7.810704231,7.840629101,5.024262428,7.853393078,4.863714218,7.836608410,7.849914551,5.062724113,7.841484547,5.053297043]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":8,"flow_first_seen":1484319036854344,"flow_src_last_pkt_time":1484319036977437,"flow_dst_last_pkt_time":1484319036976156,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1090,"flow_dst_tot_l4_payload_len":3533,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
+00908{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319034890998,"flow_src_last_pkt_time":1484319034890998,"flow_dst_last_pkt_time":1484319034890998,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319118629811,"flow_src_last_pkt_time":1484319118629811,"flow_dst_last_pkt_time":1484319118652959,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":71,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319042988806,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319043002781,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":106,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":106,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
+00767{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1484319032896759,"flow_src_last_pkt_time":1484319033215216,"flow_dst_last_pkt_time":1484319033213209,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2185,"flow_dst_tot_l4_payload_len":4385,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00768{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":13,"flow_first_seen":1484319049684933,"flow_src_last_pkt_time":1484319050696784,"flow_dst_last_pkt_time":1484319050693641,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4473,"flow_dst_tot_l4_payload_len":8193,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00901{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1484319030789585,"flow_src_last_pkt_time":1484319044993872,"flow_dst_last_pkt_time":1484319030789585,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00751{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1484319030789585,"flow_src_last_pkt_time":1484319044993872,"flow_dst_last_pkt_time":1484319030789585,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":46,"flow_dst_packets_processed":25,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319117874656,"flow_dst_last_pkt_time":1484319117873585,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":47170,"flow_dst_tot_l4_payload_len":6233,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
+01097{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":16,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319065592399,"flow_dst_last_pkt_time":1484319065588591,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9240,"flow_dst_tot_l4_payload_len":6786,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
+00960{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1484319049465573,"flow_src_last_pkt_time":1484319081182418,"flow_dst_last_pkt_time":1484319081180537,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9065,"flow_dst_tot_l4_payload_len":5638,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+00963{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":26,"flow_first_seen":1484319048780859,"flow_src_last_pkt_time":1484319080085510,"flow_dst_last_pkt_time":1484319080083748,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2612,"flow_dst_tot_l4_payload_len":27820,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+00765{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1484319032984566,"flow_src_last_pkt_time":1484319063913670,"flow_dst_last_pkt_time":1484319063911664,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":601,"flow_dst_tot_l4_payload_len":4205,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00962{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":75,"flow_dst_packets_processed":73,"flow_first_seen":1484319032986624,"flow_src_last_pkt_time":1484319080084561,"flow_dst_last_pkt_time":1484319080082639,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":26074,"flow_dst_tot_l4_payload_len":38104,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
+01092{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1484319033206431,"flow_src_last_pkt_time":1484319063914824,"flow_dst_last_pkt_time":1484319063913042,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":923,"flow_src_tot_l4_payload_len":502,"flow_dst_tot_l4_payload_len":1187,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
+00952{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1484319033886061,"flow_src_last_pkt_time":1484319113019284,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1976,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
+00956{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":32,"flow_first_seen":1484319043012652,"flow_src_last_pkt_time":1484319085476120,"flow_dst_last_pkt_time":1484319085460132,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":491,"flow_dst_tot_l4_payload_len":41992,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+00957{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":86,"flow_first_seen":1484319043013015,"flow_src_last_pkt_time":1484319077933957,"flow_dst_last_pkt_time":1484319077931072,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":119506,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+00956{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":11,"flow_first_seen":1484319043665565,"flow_src_last_pkt_time":1484319075730913,"flow_dst_last_pkt_time":1484319075722109,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":11584,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":13,"flow_first_seen":1484319049672494,"flow_src_last_pkt_time":1484319049930810,"flow_dst_last_pkt_time":1484319050538865,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":15928,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+00768{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1484319114406347,"flow_src_last_pkt_time":1484319117555613,"flow_dst_last_pkt_time":1484319117553842,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4406,"flow_dst_tot_l4_payload_len":4474,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00769{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1484319117651396,"flow_src_last_pkt_time":1484319117994811,"flow_dst_last_pkt_time":1484319117992103,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4361,"flow_dst_tot_l4_payload_len":4406,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":25,"flow_first_seen":1484319118657433,"flow_src_last_pkt_time":1484319120726362,"flow_dst_last_pkt_time":1484319120717893,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":490,"flow_dst_tot_l4_payload_len":31755,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":29,"flow_first_seen":1484319118658049,"flow_src_last_pkt_time":1484319120053813,"flow_dst_last_pkt_time":1484319119662360,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":39096,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","proto_id":"7.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
+00948{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1484319032865799,"flow_src_last_pkt_time":1484319032866374,"flow_dst_last_pkt_time":1484319032884052,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":329,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":562,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
+00947{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319036827113,"flow_src_last_pkt_time":1484319036827113,"flow_dst_last_pkt_time":1484319036847572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":95,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":95,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
+01097{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":18,"flow_first_seen":1484319035079531,"flow_src_last_pkt_time":1484319073564849,"flow_dst_last_pkt_time":1484319073562707,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4576,"flow_dst_tot_l4_payload_len":6263,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
+01098{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":39,"flow_first_seen":1484319035080111,"flow_src_last_pkt_time":1484319073578996,"flow_dst_last_pkt_time":1484319073576827,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4348,"flow_dst_tot_l4_payload_len":35028,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
+01097{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1484319035342783,"flow_src_last_pkt_time":1484319066108619,"flow_dst_last_pkt_time":1484319066106464,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2624,"flow_dst_tot_l4_payload_len":3919,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
+00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1484319114365279,"flow_src_last_pkt_time":1484319114365513,"flow_dst_last_pkt_time":1484319114400480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":329,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":562,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
+00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":26,"flow_first_seen":1484319117605859,"flow_src_last_pkt_time":1484319119338372,"flow_dst_last_pkt_time":1484319119162139,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4896,"flow_dst_tot_l4_payload_len":21553,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
+01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":27,"flow_first_seen":1484319117826887,"flow_src_last_pkt_time":1484319118687018,"flow_dst_last_pkt_time":1484319118675176,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":4272,"flow_dst_tot_l4_payload_len":18162,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
+01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1484319117827967,"flow_src_last_pkt_time":1484319118041692,"flow_dst_last_pkt_time":1484319118040132,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1384,"flow_dst_max_l4_payload_len":1000,"flow_src_tot_l4_payload_len":2158,"flow_dst_tot_l4_payload_len":2014,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
+00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319049641053,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049665892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319035004050,"flow_src_last_pkt_time":1484319035004050,"flow_dst_last_pkt_time":1484319035024355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
+00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319048757894,"flow_src_last_pkt_time":1484319048757894,"flow_dst_last_pkt_time":1484319048776187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":150,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":150,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
+00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319117511945,"flow_src_last_pkt_time":1484319117511945,"flow_dst_last_pkt_time":1484319117538934,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
+00948{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319032882949,"flow_src_last_pkt_time":1484319032882949,"flow_dst_last_pkt_time":1484319032884500,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
+00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319049645637,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049681348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":329,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":329,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
+01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":32,"flow_first_seen":1484319050652467,"flow_src_last_pkt_time":1484319052229556,"flow_dst_last_pkt_time":1484319052226562,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":41059,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":34,"flow_first_seen":1484319052216458,"flow_src_last_pkt_time":1484319054100433,"flow_dst_last_pkt_time":1484319054096359,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":42884,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01075{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":34,"flow_first_seen":1484319054101585,"flow_src_last_pkt_time":1484319056189450,"flow_dst_last_pkt_time":1484319056186291,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":354,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":354,"flow_dst_tot_l4_payload_len":42887,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":20,"flow_first_seen":1484319056204111,"flow_src_last_pkt_time":1484319063242076,"flow_dst_last_pkt_time":1484319063297170,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":21106,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":25,"flow_first_seen":1484319056210218,"flow_src_last_pkt_time":1484319062135981,"flow_dst_last_pkt_time":1484319062134494,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":28406,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":35,"flow_dst_packets_processed":19,"flow_first_seen":1484319056214323,"flow_src_last_pkt_time":1484319063597246,"flow_dst_last_pkt_time":1484319063594994,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":21166,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":22,"flow_first_seen":1484319056221799,"flow_src_last_pkt_time":1484319063369085,"flow_dst_last_pkt_time":1484319063367514,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":26582,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":21,"flow_first_seen":1484319056232857,"flow_src_last_pkt_time":1484319064277374,"flow_dst_last_pkt_time":1484319064275757,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":24061,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":23,"flow_first_seen":1484319056233255,"flow_src_last_pkt_time":1484319063240640,"flow_dst_last_pkt_time":1484319063283910,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":25147,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":22,"flow_first_seen":1484319056233602,"flow_src_last_pkt_time":1484319063764739,"flow_dst_last_pkt_time":1484319063789538,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":24062,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":29,"flow_first_seen":1484319056234960,"flow_src_last_pkt_time":1484319063566368,"flow_dst_last_pkt_time":1484319063564465,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":35622,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":21,"flow_first_seen":1484319056241489,"flow_src_last_pkt_time":1484319062003848,"flow_dst_last_pkt_time":1484319062000609,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":24062,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":20,"flow_first_seen":1484319056264215,"flow_src_last_pkt_time":1484319064484621,"flow_dst_last_pkt_time":1484319064524154,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":359,"flow_dst_tot_l4_payload_len":21057,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":25,"flow_first_seen":1484319056264541,"flow_src_last_pkt_time":1484319063421011,"flow_dst_last_pkt_time":1484319063419225,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":28406,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01077{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1484319064590230,"flow_src_last_pkt_time":1484319066598421,"flow_dst_last_pkt_time":1484319066637070,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":19417,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01079{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":75,"flow_dst_packets_processed":103,"flow_first_seen":1484319064593980,"flow_src_last_pkt_time":1484319070693375,"flow_dst_last_pkt_time":1484319070642260,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":516,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1540,"flow_dst_tot_l4_payload_len":143966,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01075{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":9,"flow_first_seen":1484319070636683,"flow_src_last_pkt_time":1484319070825326,"flow_dst_last_pkt_time":1484319070905880,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":515,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":8954,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01078{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":18,"flow_first_seen":1484319091296070,"flow_src_last_pkt_time":1484319091498293,"flow_dst_last_pkt_time":1484319091694942,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":518,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1027,"flow_dst_tot_l4_payload_len":22028,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00960{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":16,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319063911876,"flow_dst_last_pkt_time":1484319063910283,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1665,"flow_dst_tot_l4_payload_len":5170,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
+00961{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":15,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319064012018,"flow_dst_last_pkt_time":1484319064010312,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6334,"flow_dst_tot_l4_payload_len":4142,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
+00962{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":16,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319064790823,"flow_dst_last_pkt_time":1484319064782569,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6319,"flow_dst_tot_l4_payload_len":4171,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
+00962{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":17,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319096924088,"flow_dst_last_pkt_time":1484319096921856,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":20856,"flow_dst_tot_l4_payload_len":4094,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
+00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319064683828,"flow_src_last_pkt_time":1484319064683828,"flow_dst_last_pkt_time":1484319064699948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":206,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
+00573{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2291,"source":"netflix.pcap","alias":"nDPId-test","packets-captured":2291,"packets-processed":2291,"total-skipped-flows":0,"total-l4-payload-len":1266863,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":60,"total-detection-updates":61,"total-updates":9,"current-active-flows":0,"total-active-flows":61,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":554,"global_ts_usec":1484319120726362}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
-~~ packets captured/processed: 6999/6999
+~~ packets captured/processed: 2291/2291
 ~~ skipped flows.............: 0
-~~ total layer4 data length..: 5686857 bytes
+~~ total layer4 data length..: 1266863 bytes
 ~~ total detected protocols..: 60
 ~~ total active/idle flows...: 61/61
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 7194978 bytes
-~~ total memory freed........: 7194978 bytes
-~~ total allocations/frees...: 130507/130507
+~~ total memory allocated....: 7063917 bytes
+~~ total memory freed........: 7063917 bytes
+~~ total allocations/frees...: 125816/125816
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 2450 chars
diff --git a/test/results/netflow-fritz.pcap.out b/test/results/netflow-fritz.pcap.out
index e29c23d37..1effc7166 100644
--- a/test/results/netflow-fritz.pcap.out
+++ b/test/results/netflow-fritz.pcap.out
@@ -13,9 +13,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411775 bytes
-~~ total memory freed........: 6411775 bytes
-~~ total allocations/frees...: 122437/122437
+~~ total memory allocated....: 6416680 bytes
+~~ total memory freed........: 6416680 bytes
+~~ total allocations/frees...: 122447/122447
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 498 chars
 ~~ json string max len.......: 958 chars
diff --git a/test/results/netflowv9.pcap.out b/test/results/netflowv9.pcap.out
index 5b98097f2..25216d21a 100644
--- a/test/results/netflowv9.pcap.out
+++ b/test/results/netflowv9.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412036 bytes
-~~ total memory freed........: 6412036 bytes
-~~ total allocations/frees...: 122446/122446
+~~ total memory allocated....: 6416941 bytes
+~~ total memory freed........: 6416941 bytes
+~~ total allocations/frees...: 122456/122456
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 494 chars
 ~~ json string max len.......: 2341 chars
diff --git a/test/results/nfsv2.pcap.out b/test/results/nfsv2.pcap.out
index daa36a30a..1c621962c 100644
--- a/test/results/nfsv2.pcap.out
+++ b/test/results/nfsv2.pcap.out
@@ -48,9 +48,9 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6427070 bytes
-~~ total memory freed........: 6427070 bytes
-~~ total allocations/frees...: 122658/122658
+~~ total memory allocated....: 6432023 bytes
+~~ total memory freed........: 6432023 bytes
+~~ total allocations/frees...: 122668/122668
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 2100 chars
diff --git a/test/results/nfsv3.pcap.out b/test/results/nfsv3.pcap.out
index f2d10ef56..36489fda6 100644
--- a/test/results/nfsv3.pcap.out
+++ b/test/results/nfsv3.pcap.out
@@ -53,9 +53,9 @@
 ~~ total active/idle flows...: 8/8
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6428058 bytes
-~~ total memory freed........: 6428058 bytes
-~~ total allocations/frees...: 122641/122641
+~~ total memory allocated....: 6433019 bytes
+~~ total memory freed........: 6433019 bytes
+~~ total allocations/frees...: 122651/122651
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 2102 chars
diff --git a/test/results/nintendo.pcap.out b/test/results/nintendo.pcap.out
index 8e74f3eb6..91eed22ca 100644
--- a/test/results/nintendo.pcap.out
+++ b/test/results/nintendo.pcap.out
@@ -170,9 +170,9 @@
 ~~ total active/idle flows...: 21/21
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6494630 bytes
-~~ total memory freed........: 6494630 bytes
-~~ total allocations/frees...: 123670/123670
+~~ total memory allocated....: 6499695 bytes
+~~ total memory freed........: 6499695 bytes
+~~ total allocations/frees...: 123680/123680
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 493 chars
 ~~ json string max len.......: 2188 chars
diff --git a/test/results/nntp.pcap.out b/test/results/nntp.pcap.out
index ef76a3986..f3b5c9f62 100644
--- a/test/results/nntp.pcap.out
+++ b/test/results/nntp.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414722 bytes
-~~ total memory freed........: 6414722 bytes
-~~ total allocations/frees...: 122469/122469
+~~ total memory allocated....: 6419627 bytes
+~~ total memory freed........: 6419627 bytes
+~~ total allocations/frees...: 122479/122479
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 2177 chars
diff --git a/test/results/no_sni.pcap.out b/test/results/no_sni.pcap.out
index e9342ff28..22ed05cc1 100644
--- a/test/results/no_sni.pcap.out
+++ b/test/results/no_sni.pcap.out
@@ -83,9 +83,9 @@
 ~~ total active/idle flows...: 8/8
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6505015 bytes
-~~ total memory freed........: 6505015 bytes
-~~ total allocations/frees...: 123736/123736
+~~ total memory allocated....: 6509976 bytes
+~~ total memory freed........: 6509976 bytes
+~~ total allocations/frees...: 123746/123746
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 2154 chars
diff --git a/test/results/ocs.pcap.out b/test/results/ocs.pcap.out
index b643156ca..0c4cfc2e1 100644
--- a/test/results/ocs.pcap.out
+++ b/test/results/ocs.pcap.out
@@ -143,9 +143,9 @@
 ~~ total active/idle flows...: 20/20
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6484470 bytes
-~~ total memory freed........: 6484470 bytes
-~~ total allocations/frees...: 123624/123624
+~~ total memory allocated....: 6489527 bytes
+~~ total memory freed........: 6489527 bytes
+~~ total allocations/frees...: 123634/123634
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 487 chars
 ~~ json string max len.......: 2141 chars
diff --git a/test/results/ocsp.pcapng.out b/test/results/ocsp.pcapng.out
index b976a2f39..17dc6d190 100644
--- a/test/results/ocsp.pcapng.out
+++ b/test/results/ocsp.pcapng.out
@@ -99,9 +99,9 @@
 ~~ total active/idle flows...: 10/10
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6439554 bytes
-~~ total memory freed........: 6439554 bytes
-~~ total allocations/frees...: 122927/122927
+~~ total memory allocated....: 6444614 bytes
+~~ total memory freed........: 6444614 bytes
+~~ total allocations/frees...: 122946/122946
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 2280 chars
diff --git a/test/results/ookla.pcap.out b/test/results/ookla.pcap.out
index 22ed7132e..0373e0108 100644
--- a/test/results/ookla.pcap.out
+++ b/test/results/ookla.pcap.out
@@ -7,6 +7,7 @@
 00960{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1491069108794394,"flow_dst_last_pkt_time":1491069108793565,"flow_idle_time":3285032704,"pkt_caplen":408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":408,"pkt_l4_len":374,"thread_ts_usec":1491069108794394,"pkt":"gCqojWksxCwDBkn+CABFAAGKwIdAAEAGAADAqAEHLiz9u8gHAFAHQx4BUVDStoAYECzvEwAAAQEICg3eB8R\/4XDqR0VUIC9jcm9zc2RvbWFpbi54bWwgSFRUUC8xLjENCkhvc3Q6IG1hc3Nhcm9zYS0xLnNwZWVkdGVzdC53ZWxjb21laXRhbGlhLml0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQ6ICovKg0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTJfMykgQXBwbGVXZWJLaXQvNjAyLjQuOCAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vMTAuMC4zIFNhZmFyaS82MDIuNC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzDQpSZWZlcmVyOiBodHRwOi8vd3d3LnNwZWVkdGVzdC5uZXQvaXQvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCg0K"}
 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1491069108756336,"flow_src_last_pkt_time":1491069108794394,"flow_dst_last_pkt_time":1491069108793565,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":342,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":342,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491069108794394,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Ookla","proto_id":"7.191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"","http": {}}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1491069108794394,"flow_dst_last_pkt_time":1491069108878410,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1491069108878410,"pkt":"xCwDBkn+gCqojWksCABFAAA0okFAADMGt+suLP27wKgBBwBQyAdRUNK2B0MfV4AQAeZtzAAAAQEICn\/hcPcN3gfE"}
+01071{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1491069108756336,"flow_src_last_pkt_time":1491069108794394,"flow_dst_last_pkt_time":1491069108883236,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":342,"flow_dst_max_l4_payload_len":457,"flow_src_tot_l4_payload_len":342,"flow_dst_tot_l4_payload_len":457,"midstream":0,"thread_ts_usec":1491069108883236,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.Ookla","proto_id":"7.191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"","http": {}}}
 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1491069115107460,"flow_src_last_pkt_time":1491069115107460,"flow_dst_last_pkt_time":1491069115107460,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491069115107460,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1491069115107460,"flow_dst_last_pkt_time":1491069115107460,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1491069115107460,"pkt":"gCqojWksxCwDBkn+CABFAABAzJ5AAEAGAADAqAEHLiz9u8gPH5CtI6zKAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4f9gAAAAAEAgAA"}
 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1491069115107460,"flow_dst_last_pkt_time":1491069115144245,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1491069115144245,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBx+QyA8qkdUorSOsy6ASOJC7tQAAAgQFrAQCCAp\/4XceDd4f9gEDAwU="}
@@ -16,8 +17,8 @@
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1491069115172347,"flow_dst_last_pkt_time":1491069115208262,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1491069115208262,"pkt":"xCwDBkn+gCqojWksCABFAAA0og9AADMGuB0uLP27wKgBBx+QyA8qkdUprSOszoAQAcUg8AAAAQEICn\/hdy4N3iA2"}
 02149{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":52,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1491069115107460,"flow_src_last_pkt_time":1491069116003131,"flow_dst_last_pkt_time":1491069115908957,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":34,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":1491069116003131,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":72,"avg":54747.4,"max":137734,"stddev":32631.2,"var":1064798016.0,"ent":4.7,"data": [36785,36897,27990,64017,72,36059,38392,72665,34304,27134,61863,34745,97665,133205,35538,27694,63063,35336,68477,103729,35275,26006,61113,35107,103239,137734,34506,32637,67251,34614,94056]},"pktlen": {"min":52,"avg":63.9,"max":86,"stddev":9.7,"var":93.7,"ent":5.0,"data": [64,60,52,55,52,86,52,71,71,52,71,71,52,71,71,52,71,71,52,71,71,52,71,71,52,71,71,52,71,71,52,71]},"bins": {"c_to_s": [21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.484427452,5.279368877,5.115703106,5.192151546,5.207948208,5.516513824,5.077241421,5.383457661,5.524891853,5.024262905,5.400994301,5.542428493,5.077241421,5.485500813,5.524891853,5.077241421,5.439795971,5.648200035,5.077241421,5.411627769,5.609398842,5.115703106,5.485501289,5.524892330,4.961856365,5.485501289,5.648200035,5.115703106,5.496133804,5.530390263,5.000318050,5.390362263]},"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00967{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2202,"flow_dst_packets_processed":2864,"flow_first_seen":1491069115107460,"flow_src_last_pkt_time":1491069155086298,"flow_dst_last_pkt_time":1491069155251079,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":883752,"flow_dst_tot_l4_payload_len":3462381,"midstream":0,"thread_ts_usec":1491069155251079,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00952{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1491069108756336,"flow_src_last_pkt_time":1491069114050266,"flow_dst_last_pkt_time":1491069114084923,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":364,"flow_dst_max_l4_payload_len":457,"flow_src_tot_l4_payload_len":1434,"flow_dst_tot_l4_payload_len":1546,"midstream":0,"thread_ts_usec":1491069155251079,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Ookla","proto_id":"7.191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","packets-captured":5086,"packets-processed":5086,"total-skipped-flows":0,"total-l4-payload-len":4349113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1491069155251079}
+01082{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1491069108756336,"flow_src_last_pkt_time":1491069114050266,"flow_dst_last_pkt_time":1491069114084923,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":364,"flow_dst_max_l4_payload_len":457,"flow_src_tot_l4_payload_len":1434,"flow_dst_tot_l4_payload_len":1546,"midstream":0,"thread_ts_usec":1491069155251079,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.Ookla","proto_id":"7.191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","packets-captured":5086,"packets-processed":5086,"total-skipped-flows":0,"total-l4-payload-len":4349113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1491069155251079}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 5086/5086
 ~~ skipped flows.............: 0
@@ -26,10 +27,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6563134 bytes
-~~ total memory freed........: 6563134 bytes
-~~ total allocations/frees...: 127536/127536
+~~ total memory allocated....: 6568098 bytes
+~~ total memory freed........: 6568098 bytes
+~~ total allocations/frees...: 127548/127548
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 2154 chars
-~~ json string avg len.......: 1284 chars
+~~ json string avg len.......: 1288 chars
diff --git a/test/results/openvpn.pcap.out b/test/results/openvpn.pcap.out
index 7c4a7afbf..feafc799f 100644
--- a/test/results/openvpn.pcap.out
+++ b/test/results/openvpn.pcap.out
@@ -38,9 +38,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6426058 bytes
-~~ total memory freed........: 6426058 bytes
-~~ total allocations/frees...: 122758/122758
+~~ total memory allocated....: 6430979 bytes
+~~ total memory freed........: 6430979 bytes
+~~ total allocations/frees...: 122768/122768
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 2304 chars
diff --git a/test/results/oracle12.pcapng.out b/test/results/oracle12.pcapng.out
index de5c446b4..e6acbba4e 100644
--- a/test/results/oracle12.pcapng.out
+++ b/test/results/oracle12.pcapng.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414374 bytes
-~~ total memory freed........: 6414374 bytes
-~~ total allocations/frees...: 122457/122457
+~~ total memory allocated....: 6419279 bytes
+~~ total memory freed........: 6419279 bytes
+~~ total allocations/frees...: 122467/122467
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 495 chars
 ~~ json string max len.......: 928 chars
diff --git a/test/results/os_detected.pcapng.out b/test/results/os_detected.pcapng.out
index 770717bf8..fc12ab804 100644
--- a/test/results/os_detected.pcapng.out
+++ b/test/results/os_detected.pcapng.out
@@ -13,9 +13,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6422029 bytes
-~~ total memory freed........: 6422029 bytes
-~~ total allocations/frees...: 122460/122460
+~~ total memory allocated....: 6426934 bytes
+~~ total memory freed........: 6426934 bytes
+~~ total allocations/frees...: 122470/122470
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 498 chars
 ~~ json string max len.......: 2193 chars
diff --git a/test/results/ospfv2_add_new_prefix.pcap.out b/test/results/ospfv2_add_new_prefix.pcap.out
index 3185404fe..665636737 100644
--- a/test/results/ospfv2_add_new_prefix.pcap.out
+++ b/test/results/ospfv2_add_new_prefix.pcap.out
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411804 bytes
-~~ total memory freed........: 6411804 bytes
-~~ total allocations/frees...: 122438/122438
+~~ total memory allocated....: 6416709 bytes
+~~ total memory freed........: 6416709 bytes
+~~ total allocations/frees...: 122448/122448
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 506 chars
 ~~ json string max len.......: 922 chars
diff --git a/test/results/pgm.pcap.out b/test/results/pgm.pcap.out
index 5fd8d4ead..0446a9bef 100644
--- a/test/results/pgm.pcap.out
+++ b/test/results/pgm.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6440718 bytes
-~~ total memory freed........: 6440718 bytes
-~~ total allocations/frees...: 123435/123435
+~~ total memory allocated....: 6445623 bytes
+~~ total memory freed........: 6445623 bytes
+~~ total allocations/frees...: 123445/123445
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 488 chars
 ~~ json string max len.......: 2214 chars
diff --git a/test/results/pgsql.pcap.out b/test/results/pgsql.pcap.out
index 93dd34175..30801e9d1 100644
--- a/test/results/pgsql.pcap.out
+++ b/test/results/pgsql.pcap.out
@@ -14,21 +14,54 @@
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1103453983217721,"flow_dst_last_pkt_time":1103453983217769,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1103453983217769,"pkt":"AAAAAAAAAAAAAAAACABFAAA07zdAAEAGTYp\/AAABfwAAARU4s2vJSeIdyQGw44AQf\/\/J7gAAAQEIChNCDSwTQg0s"}
 00905{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1103453983214636,"flow_src_last_pkt_time":1103453983217592,"flow_dst_last_pkt_time":1103453983217889,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":13,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":13,"midstream":0,"thread_ts_usec":1103453983217889,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45930,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
 00905{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1103453983215699,"flow_src_last_pkt_time":1103453983217721,"flow_dst_last_pkt_time":1103453983217976,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":13,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":13,"midstream":0,"thread_ts_usec":1103453983217976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45931,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
-00950{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1103453983214636,"flow_src_last_pkt_time":1103453998615162,"flow_dst_last_pkt_time":1103453998615143,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":282,"flow_src_tot_l4_payload_len":566,"flow_dst_tot_l4_payload_len":864,"midstream":0,"thread_ts_usec":1103453998615162,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45930,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
-00948{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1103453983215699,"flow_src_last_pkt_time":1103453983338269,"flow_dst_last_pkt_time":1103453983299534,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":185,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":438,"midstream":0,"thread_ts_usec":1103453998615162,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45931,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
-00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"pgsql.pcap","alias":"nDPId-test","packets-captured":39,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":2103,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1103453998615162}
+00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"pgsql.pcap","alias":"nDPId-test","packets-captured":40,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":2103,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1576629230565518}
+00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576629230565518,"flow_src_last_pkt_time":1576629230565518,"flow_dst_last_pkt_time":1576629230565518,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576629230565518,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59036,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1576629230565518,"flow_dst_last_pkt_time":1576629230565518,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1576629230565518,"pkt":"CAAnw1r8CgAnAAAECABFAABAAABAAEAGuVisEBT0rBAUS+acFThi3YI3AAAAALDC\/\/9QBQAAAgQFtAEDAwYBAQgKmyLoygAAAAAEAgAA"}
+00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1576629230565518,"flow_dst_last_pkt_time":1576629230566452,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1576629230566452,"pkt":"CgAnAAAECAAnw1r8CABFAAA8AABAAEAGuVysEBRLrBAU9BU45py6PR0kYt2COKBScSBRGwAAAgQFtAQCCApyjFVOmyLoygEDAwc="}
+00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1576629230566520,"flow_dst_last_pkt_time":1576629230566452,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1576629230566520,"pkt":"CAAnw1r8CgAnAAAECABFAAA0AABAAEAGuWSsEBT0rBAUS+acFThi3YI4uj0dJYAQCArpPAAAAQEICpsi6MtyjFVO"}
+00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1576629230718184,"flow_dst_last_pkt_time":1576629230566452,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1576629230718184,"pkt":"CAAnw1r8CgAnAAAECABFAgA8AABAAEAGuVqsEBT0rBAUS+acFThi3YI4uj0dJYAYCArNqwAAAQEICpsi6UJyjFVOAAAACATSFjA="}
+00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1576629230718184,"flow_dst_last_pkt_time":1576629230718508,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1576629230718508,"pkt":"CgAnAAAECAAnw1r8CABFAAA0SGtAAEAGcPmsEBRLrBAU9BU45py6PR0lYt2CQIAQAOPvTAAAAQEICnKMVeabIulC"}
+00908{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1576629230565518,"flow_src_last_pkt_time":1576629230718184,"flow_dst_last_pkt_time":1576629230718684,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":1,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":1,"midstream":0,"thread_ts_usec":1576629230718684,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59036,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
+00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576629230719290,"flow_src_last_pkt_time":1576629230719290,"flow_dst_last_pkt_time":1576629230719290,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576629230719290,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59037,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1576629230719290,"flow_dst_last_pkt_time":1576629230719290,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1576629230719290,"pkt":"CAAnw1r8CgAnAAAECABFAABAAABAAEAGuVisEBT0rBAUS+adFThB0L5TAAAAALDC\/\/80fAAAAgQFtAEDAwYBAQgKmyLpQwAAAAAEAgAA"}
+00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1576629230719290,"flow_dst_last_pkt_time":1576629230719486,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1576629230719486,"pkt":"CgAnAAAECAAnw1r8CABFAAA8AABAAEAGuVysEBRLrBAU9BU45p2Ke8CTQdC+VKBScSDBSwAAAgQFtAQCCApyjFXnmyLpQwEDAwc="}
+00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1576629230719508,"flow_dst_last_pkt_time":1576629230719486,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1576629230719508,"pkt":"CAAnw1r8CgAnAAAECABFAAA0AABAAEAGuWSsEBT0rBAUS+adFThB0L5UinvAlIAQCApZbgAAAQEICpsi6UNyjFXn"}
+00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1576629230719531,"flow_dst_last_pkt_time":1576629230719486,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1576629230719531,"pkt":"CAAnw1r8CgAnAAAECABFAgA8AABAAEAGuVqsEBT0rBAUS+adFThB0L5UinvAlIAYCAo+VQAAAQEICpsi6UNyjFXnAAAACATSFi8="}
+00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1576629230719531,"flow_dst_last_pkt_time":1576629230720388,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1576629230720388,"pkt":"CgAnAAAECAAnw1r8CABFAAA0lXNAAEAGI\/GsEBRLrBAU9BU45p2Ke8CUQdC+XIAQAONgjAAAAQEICnKMVeibIulD"}
+00908{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1576629230719290,"flow_src_last_pkt_time":1576629230719531,"flow_dst_last_pkt_time":1576629230720483,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":1,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":1,"midstream":0,"thread_ts_usec":1576629230720483,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59037,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
+00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576629231599706,"flow_src_last_pkt_time":1576629231599706,"flow_dst_last_pkt_time":1576629231599706,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576629231599706,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59038,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1576629231599706,"flow_dst_last_pkt_time":1576629231599706,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1576629231599706,"pkt":"CAAnw1r8CgAnAAAECABFAABAAABAAEAGuVisEBT0rBAUS+aeFThYp3nnAAAAALDC\/\/9fRwAAAgQFtAEDAwYBAQgKmyLsDAAAAAAEAgAA"}
+00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1576629231599706,"flow_dst_last_pkt_time":1576629231600017,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1576629231600017,"pkt":"CgAnAAAECAAnw1r8CABFAAA8AABAAEAGuVysEBRLrBAU9BU45p59bstLWKd56KBScSDq+wAAAgQFtAQCCApyjFlXmyLsDAEDAwc="}
+00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1576629231600054,"flow_dst_last_pkt_time":1576629231600017,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1576629231600054,"pkt":"CAAnw1r8CgAnAAAECABFAAA0AABAAEAGuWSsEBT0rBAUS+aeFThYp3nofW7LTIAQCAqDHgAAAQEICpsi7AxyjFlX"}
+00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1576629231617811,"flow_dst_last_pkt_time":1576629231600017,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1576629231617811,"pkt":"CAAnw1r8CgAnAAAECABFAgA8AABAAEAGuVqsEBT0rBAUS+aeFThYp3nofW7LTIAYCApn8gAAAQEICpsi7B5yjFlXAAAACATSFjA="}
+00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1576629231617811,"flow_dst_last_pkt_time":1576629231618077,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1576629231618077,"pkt":"CgAnAAAECAAnw1r8CABFAAA0khtAAEAGJ0msEBRLrBAU9BU45p59bstMWKd58IAQAOOKGQAAAQEICnKMWWmbIuwe"}
+00908{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1576629231599706,"flow_src_last_pkt_time":1576629231617811,"flow_dst_last_pkt_time":1576629231618351,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":1,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":1,"midstream":0,"thread_ts_usec":1576629231618351,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59038,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
+00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576629231618664,"flow_src_last_pkt_time":1576629231618664,"flow_dst_last_pkt_time":1576629231618664,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576629231618664,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59039,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1576629231618664,"flow_dst_last_pkt_time":1576629231618664,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1576629231618664,"pkt":"CAAnw1r8CgAnAAAECABFAABAAABAAEAGuVisEBT0rBAUS+afFTjqE0VBAAAAALDC\/\/8CbgAAAgQFtAEDAwYBAQgKmyLsHgAAAAAEAgAA"}
+00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1576629231618664,"flow_dst_last_pkt_time":1576629231619335,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1576629231619335,"pkt":"CgAnAAAECAAnw1r8CABFAAA8AABAAEAGuVysEBRLrBAU9BU45p84Q6V26hNFQqBScSD5DgAAAgQFtAQCCApyjFlrmyLsHgEDAwc="}
+00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1576629231619367,"flow_dst_last_pkt_time":1576629231619335,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1576629231619367,"pkt":"CAAnw1r8CgAnAAAECABFAAA0AABAAEAGuWSsEBT0rBAUS+afFTjqE0VCOEOld4AQCAqRMAAAAQEICpsi7B9yjFlr"}
+00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1576629231619402,"flow_dst_last_pkt_time":1576629231619335,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1576629231619402,"pkt":"CAAnw1r8CgAnAAAECABFAgA8AABAAEAGuVqsEBT0rBAUS+afFTjqE0VCOEOld4AYCAp2FwAAAQEICpsi7B9yjFlrAAAACATSFi8="}
+00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1576629231619402,"flow_dst_last_pkt_time":1576629231620072,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1576629231620072,"pkt":"CgAnAAAECAAnw1r8CABFAAA0\/BxAAEAGvUesEBRLrBAU9BU45p84Q6V36hNFSoAQAOOYTwAAAQEICnKMWWubIuwf"}
+00908{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1576629231618664,"flow_src_last_pkt_time":1576629231619402,"flow_dst_last_pkt_time":1576629231621126,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":1,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":1,"midstream":0,"thread_ts_usec":1576629231621126,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59039,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
+00950{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1103453983214636,"flow_src_last_pkt_time":1103453998615162,"flow_dst_last_pkt_time":1103453998615143,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":282,"flow_src_tot_l4_payload_len":566,"flow_dst_tot_l4_payload_len":864,"midstream":0,"thread_ts_usec":1576629231631971,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45930,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
+00948{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1103453983215699,"flow_src_last_pkt_time":1103453983338269,"flow_dst_last_pkt_time":1103453983299534,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":185,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":438,"midstream":0,"thread_ts_usec":1576629231631971,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45931,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
+00946{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":88,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1576629230565518,"flow_src_last_pkt_time":1576629230721563,"flow_dst_last_pkt_time":1576629230721516,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":1,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":1,"midstream":0,"thread_ts_usec":1576629231631971,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59036,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
+00950{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":88,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1576629230719290,"flow_src_last_pkt_time":1576629230724239,"flow_dst_last_pkt_time":1576629230724197,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":25,"midstream":0,"thread_ts_usec":1576629231631971,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59037,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
+00946{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":88,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1576629231599706,"flow_src_last_pkt_time":1576629231620123,"flow_dst_last_pkt_time":1576629231620055,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":1,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":1,"midstream":0,"thread_ts_usec":1576629231631971,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59038,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
+00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1576629231618664,"flow_src_last_pkt_time":1576629231631971,"flow_dst_last_pkt_time":1576629231631919,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":109,"flow_dst_max_l4_payload_len":389,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":507,"midstream":0,"thread_ts_usec":1576629231631971,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59039,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
+00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"pgsql.pcap","alias":"nDPId-test","packets-captured":88,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":2993,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1576629231631971}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
-~~ packets captured/processed: 39/39
+~~ packets captured/processed: 88/88
 ~~ skipped flows.............: 0
-~~ total layer4 data length..: 2103 bytes
-~~ total detected protocols..: 2
-~~ total active/idle flows...: 2/2
+~~ total layer4 data length..: 2993 bytes
+~~ total detected protocols..: 6
+~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6418773 bytes
-~~ total memory freed........: 6418773 bytes
-~~ total allocations/frees...: 122488/122488
+~~ total memory allocated....: 6440531 bytes
+~~ total memory freed........: 6440531 bytes
+~~ total allocations/frees...: 122595/122595
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
-~~ json string max len.......: 955 chars
-~~ json string avg len.......: 716 chars
+~~ json string max len.......: 961 chars
+~~ json string avg len.......: 724 chars
diff --git a/test/results/pim.pcap.out b/test/results/pim.pcap.out
index 3ccf12ec1..0f86d8b36 100644
--- a/test/results/pim.pcap.out
+++ b/test/results/pim.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412008 bytes
-~~ total memory freed........: 6412008 bytes
-~~ total allocations/frees...: 122445/122445
+~~ total memory allocated....: 6416913 bytes
+~~ total memory freed........: 6416913 bytes
+~~ total allocations/frees...: 122455/122455
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 488 chars
 ~~ json string max len.......: 915 chars
diff --git a/test/results/pinterest.pcap.out b/test/results/pinterest.pcap.out
index e1f1d3880..b264aa6c4 100644
--- a/test/results/pinterest.pcap.out
+++ b/test/results/pinterest.pcap.out
@@ -17,302 +17,301 @@
 03075{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1605289713743557,"flow_src_last_pkt_time":1605289713802981,"flow_dst_last_pkt_time":1605289713803139,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5240,"midstream":0,"thread_ts_usec":1605289713803139,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.pinterest.fr","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}}
 01963{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":36,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605289713743557,"flow_src_last_pkt_time":1605289713845515,"flow_dst_last_pkt_time":1605289714059633,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1112,"flow_dst_tot_l4_payload_len":8219,"midstream":0,"thread_ts_usec":1605289714059633,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":13485.0,"max":172415,"stddev":32478.6,"var":1054859584.0,"ent":2.7,"data": [17629,17683,505,39969,1745,1,2,41182,41,13,234,2,0,175,23,26,7012,281,424,41621,1,1,33877,492,1,473,243,41960,172415,2,1]},"pktlen": {"min":72,"avg":364.1,"max":1120,"stddev":421.4,"var":177613.6,"ent":4.2,"data": [80,80,72,589,72,1120,1120,1120,72,72,72,1120,1120,154,72,72,72,165,171,437,72,72,330,72,138,72,72,110,72,1120,1120,549]},"bins": {"c_to_s": [10,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,2,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,1,1,0,0,1,1,1,1],"entropies": [4.847575665,5.229952335,5.179864883,4.532552719,5.045369625,6.786690235,4.454385281,6.617737293,5.179864883,5.207642555,5.263197899,7.131698132,7.585322857,6.331103802,5.207642555,5.150118828,5.137001514,6.091404438,6.368394852,7.380807877,5.073147297,5.045369625,7.067039967,5.263197899,6.187361240,5.128702641,5.207642555,5.611329079,5.128702641,7.815224648,7.838888168,7.557251453]}}
 03078{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":36,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605289713743557,"flow_src_last_pkt_time":1605289713845515,"flow_dst_last_pkt_time":1605289714059633,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1112,"flow_dst_tot_l4_payload_len":8219,"midstream":0,"thread_ts_usec":1605289714059633,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.pinterest.fr","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}}
-00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714142423,"flow_src_last_pkt_time":1605289714142423,"flow_dst_last_pkt_time":1605289714142423,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714142423,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714142423,"flow_dst_last_pkt_time":1605289714142423,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714142423,"pkt":"qtsDr8lk5EKm5WPyht1gBvDPACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnABu5Qp1R0AAAAAoAL9IJUzAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="}
-00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714142533,"flow_src_last_pkt_time":1605289714142533,"flow_dst_last_pkt_time":1605289714142533,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714142533,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714142533,"flow_dst_last_pkt_time":1605289714142533,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714142533,"pkt":"qtsDr8lk5EKm5WPyht1gAzjWACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnIBu3hJrMAAAAAAoAL9INluAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="}
-00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714142600,"flow_src_last_pkt_time":1605289714142600,"flow_dst_last_pkt_time":1605289714142600,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714142600,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714142600,"flow_dst_last_pkt_time":1605289714142600,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714142600,"pkt":"qtsDr8lk5EKm5WPyht1gDFiUACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnQBu8NFBoQAAAAAoAL9IDStAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="}
-00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714142665,"flow_src_last_pkt_time":1605289714142665,"flow_dst_last_pkt_time":1605289714142665,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714142665,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714142665,"flow_dst_last_pkt_time":1605289714142665,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714142665,"pkt":"qtsDr8lk5EKm5WPyht1gC2HAACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnYBu\/iHMGkAAAAAoAL9INWDAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="}
-00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714142728,"flow_src_last_pkt_time":1605289714142728,"flow_dst_last_pkt_time":1605289714142728,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714142728,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714142728,"flow_dst_last_pkt_time":1605289714142728,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714142728,"pkt":"qtsDr8lk5EKm5WPyht1gAI0zACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElngBu4oDE2UAAAAAoAL9IGEKAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="}
-00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714142790,"flow_src_last_pkt_time":1605289714142790,"flow_dst_last_pkt_time":1605289714142790,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714142790,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714142790,"flow_dst_last_pkt_time":1605289714142790,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714142790,"pkt":"qtsDr8lk5EKm5WPyht1gAoQZACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnoBuzJfNsQAAAAAoAL9IJVNAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714142423,"flow_dst_last_pkt_time":1605289714171633,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714171633,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWcPSVr2OUKdUeoBJXgLJJAAACBAV4AQMDAwQCCArCuSHy1mIgAw=="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714171727,"flow_dst_last_pkt_time":1605289714171633,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714171727,"pkt":"qtsDr8lk5EKm5WPyht1gBvDPACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnABu5Qp1R70la9kgBAB+zY+AAABAQgK1mIgIMK5IfI="}
-01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714172188,"flow_dst_last_pkt_time":1605289714171633,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714172188,"pkt":"qtsDr8lk5EKm5WPyht1gBvDPAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnABu5Qp1R70la9kgBgB+45nAAABAQgK1mIgIcK5IfIWAwECAAEAAfwDA8cIoCYavuvJ3cclYGmTzcO5vcPxdaWmTmcHbVFGmXkWIAQE24FGTaHp\/I8\/xYwpdYoJEv3RN4\/3JwS5BNqVh3JRACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZM6OgAAAAAAEQAPAAAMcy5waW5pbWcuY29tABcAAP8BAAEAAAoACgAI+voAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACn6+gABAAAdACDSU2T4PnFCVulVq04gCrqMt7ropfQriFF56F3nM1YPWAAtAAIBAQArAAsKSkoDBAMDAwIDAQAbAAMCAAJaWgABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714142423,"flow_src_last_pkt_time":1605289714172188,"flow_dst_last_pkt_time":1605289714171633,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714172188,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714142665,"flow_dst_last_pkt_time":1605289714180048,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714180048,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdpoDqe34hzBqoBJXgFKZAAACBAV4AQMDAwQCCArCuSH71mIgAw=="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714180086,"flow_dst_last_pkt_time":1605289714180048,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714180086,"pkt":"qtsDr8lk5EKm5WPyht1gC2HAACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnYBu\/iHMGqaA6nugBAB+9aEAAABAQgK1mIgKcK5Ifs="}
-01227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714180489,"flow_dst_last_pkt_time":1605289714180048,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714180489,"pkt":"qtsDr8lk5EKm5WPyht1gC2HAAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnYBu\/iHMGqaA6nugBgB+6ckAAABAQgK1mIgKcK5IfsWAwECAAEAAfwDA3otstUONYxJRqel+gxt59VketaZiqmW7lVOabrnGXmhICqghU9krTVUXocj19UIfg+9UNudtwL7W30g9XqDFIVFACCKihMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAEQAPAAAMcy5waW5pbWcuY29tABcAAP8BAAEAAAoACgAImpoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmamgABAAAdACAhW4o44F4ndRfnSItF1Arhn7vovTMKfZIOdsBS0bZaIwAtAAIBAQArAAsKysoDBAMDAwIDAQAbAAMCAAI6OgABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714142665,"flow_src_last_pkt_time":1605289714180489,"flow_dst_last_pkt_time":1605289714180048,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714180489,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714142600,"flow_dst_last_pkt_time":1605289714181434,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714181434,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdKO8RXbDRQaFoBJXgAyCAAACBAV4AQMDAwQCCArCuSH61mIgAw=="}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714142533,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714181435,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWchkTOMV4SazBoBJXgEidAAACBAV4AQMDAwQCCArCuSH71mIgAw=="}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714142790,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714181435,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWelCqgAoyXzbFoBJXgIWfAAACBAV4AQMDAwQCCArCuSH71mIgAw=="}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714142728,"flow_dst_last_pkt_time":1605289714181436,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714181436,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWeOms5zmKAxNmoBJXgFEqAAACBAV4AQMDAwQCCArCuSH71mIgAw=="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714181455,"flow_dst_last_pkt_time":1605289714181434,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714181455,"pkt":"qtsDr8lk5EKm5WPyht1gDFiUACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnQBu8NFBoWjvEV3gBAB+5BsAAABAQgK1mIgKsK5Ifo="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714181468,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714181468,"pkt":"qtsDr8lk5EKm5WPyht1gAzjWACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnIBu3hJrMEZEzjGgBAB+8yHAAABAQgK1mIgKsK5Ifs="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714181475,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714181475,"pkt":"qtsDr8lk5EKm5WPyht1gAoQZACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnoBuzJfNsVQqoALgBAB+wmKAAABAQgK1mIgKsK5Ifs="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714181483,"flow_dst_last_pkt_time":1605289714181436,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714181483,"pkt":"qtsDr8lk5EKm5WPyht1gAI0zACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElngBu4oDE2bprOc6gBAB+9UUAAABAQgK1mIgKsK5Ifs="}
-01226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714181782,"flow_dst_last_pkt_time":1605289714181434,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714181782,"pkt":"qtsDr8lk5EKm5WPyht1gDFiUAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnQBu8NFBoWjvEV3gBgB+wk+AAABAQgK1mIgKsK5IfoWAwECAAEAAfwDA8fZsDKFAYPeeYF9BoVFeH6xWP7zl+Qbpemo8n8iOkAJIO+2XqB5SswaLECoDV+oBWri05ofip0ijOA3Db6nod5MACDq6hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAEQAPAAAMcy5waW5pbWcuY29tABcAAP8BAAEAAAoACgAISkoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClKSgABAAAdACDQ8L+t6qDH4DBUOVwSU+oBURitYqBDp2YLq+UXdAtSdwAtAAIBAQArAAsKqqoDBAMDAwIDAQAbAAMCAALq6gABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714142600,"flow_src_last_pkt_time":1605289714181782,"flow_dst_last_pkt_time":1605289714181434,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714181782,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714182061,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714182061,"pkt":"qtsDr8lk5EKm5WPyht1gAzjWAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnIBu3hJrMEZEzjGgBgB++OVAAABAQgK1mIgKsK5IfsWAwECAAEAAfwDA92mJPo2aL01mOdVhpY2BeYgOuE8GqohhTbswcdXCK82ICwgtJPAcd3QemZipmKndqHXDNRTDLrVR4Gjwi9JNFNLACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAEQAPAAAMcy5waW5pbWcuY29tABcAAP8BAAEAAAoACgAIenoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACl6egABAAAdACBzyp4wXupLNzvb8sABuM2lxM\/IuPo3b96Pd8Zx+nF3SgAtAAIBAQArAAsKOjoDBAMDAwIDAQAbAAMCAAJaWgABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714142533,"flow_src_last_pkt_time":1605289714182061,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714182061,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714182319,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714182319,"pkt":"qtsDr8lk5EKm5WPyht1gAoQZAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnoBuzJfNsVQqoALgBgB+9eLAAABAQgK1mIgK8K5IfsWAwECAAEAAfwDAzRBzSt6OfaWQuGfefwEMKTHqbevEWh0CtAfd3bhvh5GIAWkfBE0ckrIGB0\/YhPYbfnnDbuNbUef6uRX74GQi5ybACC6uhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOamgAAAAAAEQAPAAAMcy5waW5pbWcuY29tABcAAP8BAAEAAAoACgAIKioAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkqKgABAAAdACD9g60FSOGoRydwCiPj9EEgHFxpxy17H17r2OahSqgiPgAtAAIBAQArAAsKysoDBAMDAwIDAQAbAAMCAAJKSgABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714142790,"flow_src_last_pkt_time":1605289714182319,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714182319,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714182602,"flow_dst_last_pkt_time":1605289714181436,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714182602,"pkt":"qtsDr8lk5EKm5WPyht1gAI0zAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElngBu4oDE2bprOc6gBgB+wr6AAABAQgK1mIgK8K5IfsWAwECAAEAAfwDA9ume65XMp2HeShH2kftPGfOVTrng6jVc48Y4obdoCMSICqZyhTW3xviLmKFiyEIbl\/Ph6q3MEMRNQtGI6WLlCCWACCamhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNaWgAAAAAAEQAPAAAMcy5waW5pbWcuY29tABcAAP8BAAEAAAoACgAIiooAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmKigABAAAdACCGaJJ6CznJgq2rWAQeyxX31Vt1ETNV3hVi2p78QO1VKwAtAAIBAQArAAsK6uoDBAMDAwIDAQAbAAMCAAKqqgABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714142728,"flow_src_last_pkt_time":1605289714182602,"flow_dst_last_pkt_time":1605289714181436,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714182602,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714172188,"flow_dst_last_pkt_time":1605289714202238,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714202238,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWcPSVr2SUKdcjgBALMCrlAAABAQgKwrkiENZiICE="}
-01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289714142423,"flow_src_last_pkt_time":1605289714172188,"flow_dst_last_pkt_time":1605289714204384,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714204384,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-03070{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1605289714142423,"flow_src_last_pkt_time":1605289714172188,"flow_dst_last_pkt_time":1605289714204387,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289714204387,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714180489,"flow_dst_last_pkt_time":1605289714211103,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714211103,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdpoDqe74hzJvgBALMMstAAABAQgKwrkiGNZiICk="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714181782,"flow_dst_last_pkt_time":1605289714211558,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714211558,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdKO8RXfDRQiKgBALMIUUAAABAQgKwrkiGNZiICo="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714212167,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714212167,"pkt":"qtsDr8lk5EKm5WPyht1gAzjWACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnIBu3hJrsYZEzjGgBEB+8piAAABAQgK1mIgScK5Ifs="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714212373,"flow_dst_last_pkt_time":1605289714181436,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714212373,"pkt":"qtsDr8lk5EKm5WPyht1gAI0zACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElngBu4oDFWvprOc6gBEB+9LvAAABAQgK1mIgScK5Ifs="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714212431,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714212431,"pkt":"qtsDr8lk5EKm5WPyht1gAoQZACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnoBuzJfOMpQqoALgBEB+wdlAAABAQgK1mIgScK5Ifs="}
-01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":127,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605289714142665,"flow_src_last_pkt_time":1605289714212316,"flow_dst_last_pkt_time":1605289714229512,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714229512,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-03070{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1605289714142665,"flow_src_last_pkt_time":1605289714212316,"flow_dst_last_pkt_time":1605289714229515,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289714229515,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}}
-01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605289714142600,"flow_src_last_pkt_time":1605289714212253,"flow_dst_last_pkt_time":1605289714229787,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714229787,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605289714142790,"flow_src_last_pkt_time":1605289714212431,"flow_dst_last_pkt_time":1605289714229788,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714229788,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-03070{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":138,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1605289714142790,"flow_src_last_pkt_time":1605289714212431,"flow_dst_last_pkt_time":1605289714229790,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289714229790,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}}
-01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":141,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605289714142533,"flow_src_last_pkt_time":1605289714212167,"flow_dst_last_pkt_time":1605289714229995,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714229995,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-03070{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1605289714142600,"flow_src_last_pkt_time":1605289714230062,"flow_dst_last_pkt_time":1605289714230365,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289714230365,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}}
-03070{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":150,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1605289714142533,"flow_src_last_pkt_time":1605289714230027,"flow_dst_last_pkt_time":1605289714230365,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289714230365,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}}
-01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":151,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605289714142728,"flow_src_last_pkt_time":1605289714212373,"flow_dst_last_pkt_time":1605289714230366,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714230366,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-03070{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":154,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1605289714142728,"flow_src_last_pkt_time":1605289714212373,"flow_dst_last_pkt_time":1605289714230369,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289714230369,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}}
-00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714250965,"flow_src_last_pkt_time":1605289714250965,"flow_dst_last_pkt_time":1605289714250965,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289714250965,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714250965,"flow_dst_last_pkt_time":1605289714250965,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714250965,"pkt":"qtsDr8lk5EKm5WPyht1gA+BkACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUgYQBu4mXWd7qkQRvgBAJlouHAAABAQgKz6oyaMK4cmQ="}
-00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714250997,"flow_src_last_pkt_time":1605289714250997,"flow_dst_last_pkt_time":1605289714250997,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289714250997,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714250997,"flow_dst_last_pkt_time":1605289714250997,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714250997,"pkt":"qtsDr8lk5EKm5WPyht1gCIReACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC5WYBu2PBi7kDA7Y3gBAB9bhLAAABAQgKDEf\/5cK4cls="}
-00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714251006,"flow_src_last_pkt_time":1605289714251006,"flow_dst_last_pkt_time":1605289714251006,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289714251006,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:13e2","src_port":34626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714251006,"flow_dst_last_pkt_time":1605289714251006,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714251006,"pkt":"qtsDr8lk5EKm5WPyht1gCQO3ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACs2RPih0IBu\/o5BzSfc9\/MgBAB9chlAAABAQgK4ziLg8K4a4Y="}
-02156{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":193,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1605289714142423,"flow_src_last_pkt_time":1605289714260622,"flow_dst_last_pkt_time":1605289714260607,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":954,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":2837,"flow_dst_tot_l4_payload_len":7034,"midstream":0,"thread_ts_usec":1605289714260622,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7625.3,"max":53871,"stddev":14761.3,"var":217895472.0,"ent":3.0,"data": [29210,29304,461,30605,2146,1,1,1,32223,44,9,7,7205,255,2012,156,139,311,354,53871,1,222,1,43618,1326,1,0,1343,231,798,527]},"pktlen": {"min":72,"avg":381.0,"max":1460,"stddev":486.9,"var":237029.2,"ent":4.1,"data": [80,80,72,589,72,1460,1460,1460,1230,72,72,72,72,165,171,363,383,350,1026,328,72,72,72,330,72,138,72,72,72,110,1460,72]},"bins": {"c_to_s": [9,1,1,1,0,0,0,0,2,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,1,1,1,0,0,1,0],"entropies": [4.621765614,5.087494850,5.064152718,4.449456215,4.904376030,6.379762650,5.172341347,7.343800068,7.630727291,5.109223843,5.043183804,5.081446171,5.109223843,6.011801243,6.221057415,7.200978279,7.082930088,6.925302982,7.362153053,6.891495228,4.942638397,4.914860725,4.942638397,7.062083721,5.109223843,6.069666862,4.887083054,4.970416069,5.109223843,5.576783180,7.859548092,5.109223843]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714250965,"flow_dst_last_pkt_time":1605289714281312,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714281312,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuBhOqRBG+Jl1nfgBAm9NLhAAABAQgKwrkiYM+oHbQ="}
-00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714250997,"flow_dst_last_pkt_time":1605289714288930,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714288930,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvlZgMDtjdjwYu6gBAMIRHEAAABAQgKwrkiZwxF7DU="}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714251006,"flow_dst_last_pkt_time":1605289714288932,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714288932,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAKzZE+IqAcsBIEmLB5kd7IUo3\/YpAbuHQp9z38z6OQc1gBALjSOBAAABAQgKwrkiaOM2b+4="}
-00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289714558209,"flow_dst_last_pkt_time":1605289714558209,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714558209,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714558209,"flow_dst_last_pkt_time":1605289714558209,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714558209,"pkt":"qtsDr8lk5EKm5WPyht1gA76\/ACgGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt7gBuycnOX0AAAAAoAL9IDgIAAACBAWgBAIICpXXZO8AAAAAAQMDBw=="}
-00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714558209,"flow_dst_last_pkt_time":1605289714581709,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714581709,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYAGQEAAHoLAAAAAAAAAAAqAcsBIEmLB5kd7IUo3\/YpAbu3uEYmtpAnJzl+oBJXgPrGAAACBAV4AQMDAwQCCArCuSOMlddk7w=="}
-00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714581729,"flow_dst_last_pkt_time":1605289714581709,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714581729,"pkt":"qtsDr8lk5EKm5WPyht1gA76\/ACAGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt7gBuycnOX5GJraRgBAB+37BAAABAQgKlddlBsK5I4w="}
-01232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714581951,"flow_dst_last_pkt_time":1605289714581709,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714581951,"pkt":"qtsDr8lk5EKm5WPyht1gA76\/AiUGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt7gBuycnOX5GJraRgBgB++f0AAABAQgKlddlBsK5I4wWAwECAAEAAfwDA7PLbVBgOtGRFhhfXAbYAkw+iamYdzT9SXPsS7L7okIYINk7eET2yUrnprJJWKNt0no0P\/s4mMGITC6JI+53t7c2ACBaWhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPKygAAAAAAGQAXAAAUc2Vzc2lvbnMuYnVnc25hZy5jb20AFwAA\/wEAAQAACgAKAAj6+gAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKfr6AAEAAB0AIEvxzjt0\/5GP3sZor6cdXi69M2D9HpE5Nb1aEh4mkXoQAC0AAgEBACsACwpaWgMEAwMDAgMBABsAAwIAAlpaAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289714581951,"flow_dst_last_pkt_time":1605289714581709,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714581951,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"sessions.bugsnag.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":494,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714590794,"flow_src_last_pkt_time":1605289714590794,"flow_dst_last_pkt_time":1605289714590794,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714590794,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714590794,"flow_dst_last_pkt_time":1605289714590794,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714590794,"pkt":"qtsDr8lk5EKm5WPyht1gDTn6ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnvYBu\/7qRGoAAAAAoAL9IGNfAAACBAWgBAIICskVTwYAAAAAAQMDBw=="}
-00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714581951,"flow_dst_last_pkt_time":1605289714613987,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714613987,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYAGQEAAHoLAAAAAAAAAAAqAcsBIEmLB5kd7IUo3\/YpAbu3uEYmtpEnJzuDgBALMHNnAAABAQgKwrkjrJXXZQY="}
-01239{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":505,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289714581951,"flow_dst_last_pkt_time":1605289714615889,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289714615889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"sessions.bugsnag.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714590794,"flow_dst_last_pkt_time":1605289714616815,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714616815,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbue9py+eGX+6kRroBJXgA2NAAACBAV4AQMDAwQCCArCuSOwyRVPBg=="}
-00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714616828,"flow_dst_last_pkt_time":1605289714616815,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714616828,"pkt":"qtsDr8lk5EKm5WPyht1gDTn6ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnvYBu\/7qRGucvnhmgBAB+5GEAAABAQgKyRVPIMK5I7A="}
-01235{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714617005,"flow_dst_last_pkt_time":1605289714616815,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714617005,"pkt":"qtsDr8lk5EKm5WPyht1gDTn6AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnvYBu\/7qRGucvnhmgBgB+6l5AAABAQgKyRVPIMK5I7AWAwECAAEAAfwDA\/Gk\/9Vg1\/Yj6dUUpOb5DX8WmaenXohw9y+Qd4DnqktzIAb2YuarrlKbgL6YLTJZPQe97f1AtvLN8fLaoxVIuyFiACAqKhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZO6ugAAAAAAEwARAAAOd3d3Lmdvb2dsZS5jb20AFwAA\/wEAAQAACgAKAAjq6gAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKerqAAEAAB0AIJML4p8NHh5Io\/9KcRl6BBOqQlWgp4uJ9mxBuu8Y\/4wPAC0AAgEBACsACwrq6gMEAwMDAgMBABsAAwIAAlpaAAEAABUAzgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01212{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714590794,"flow_src_last_pkt_time":1605289714617005,"flow_dst_last_pkt_time":1605289714616815,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714617005,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714617005,"flow_dst_last_pkt_time":1605289714651291,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714651291,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbue9py+eGb+6kZwgBALMIYoAAABAQgKwrkj0skVTyA="}
-00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":525,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714658043,"flow_dst_last_pkt_time":1605289714658043,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714658043,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714658043,"flow_dst_last_pkt_time":1605289714658043,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714658043,"pkt":"qtsDr8lk5EKm5WPyht1gCBesACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDSXwAAAAAoAL9ILsUAAACBAWgBAIICs+qM\/8AAAAAAQMDBw=="}
-01257{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":528,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289714590794,"flow_src_last_pkt_time":1605289714617005,"flow_dst_last_pkt_time":1605289714660765,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289714660765,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714658043,"flow_dst_last_pkt_time":1605289714697878,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714697878,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuCAAsx4c9qQ0l9oBJXgI0UAAACBAV4AQMDAwQCCArCuSQBz6oz\/w=="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714697936,"flow_dst_last_pkt_time":1605289714697878,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714697936,"pkt":"qtsDr8lk5EKm5WPyht1gCBesACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDSX0LMeHQgBAB+xD+AAABAQgKz6o0J8K5JAE="}
-01232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714698324,"flow_dst_last_pkt_time":1605289714697878,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714698324,"pkt":"qtsDr8lk5EKm5WPyht1gCBesAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDSX0LMeHQgBgB++hnAAABAQgKz6o0KMK5JAEWAwECAAEAAfwDA9jVKfntEh25nXj1BFZE6ZFc6lyzI+CshbYOPn0Jce38IK9kDSD6\/4FSA\/aOBvpuajY1lLZq5tukFPFFFO\/eMmwPACBKShMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAGwAZAAAWYWNjb3VudHMucGludGVyZXN0LmNvbQAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApSkoAAQAAHQAgyukN47oVi6AebwU11bCozo+bX5ZAWB5eRNnx4Nhm1GIALQACAQEAKwALCoqKAwQDAwMCAwEAGwADAgACamoAAQAAFQDGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714698324,"flow_dst_last_pkt_time":1605289714697878,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714698324,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"accounts.pinterest.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-02162{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":573,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605289714590794,"flow_src_last_pkt_time":1605289714712098,"flow_dst_last_pkt_time":1605289714737758,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1066,"flow_dst_tot_l4_payload_len":4645,"midstream":0,"thread_ts_usec":1605289714737758,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8653.8,"max":43788,"stddev":13864.0,"var":192210288.0,"ent":3.4,"data": [26021,26034,177,34476,9474,0,43788,3,51,24,2375,110,130,39176,1,238,310,37117,263,3095,2873,7183,1,0,7144,49,3,681,625,589,26257]},"pktlen": {"min":72,"avg":251.0,"max":1280,"stddev":327.8,"var":107441.1,"ent":4.1,"data": [80,80,72,589,72,1280,1280,72,72,289,72,136,164,395,72,72,72,652,72,103,103,72,493,818,267,72,72,72,111,72,111,72]},"bins": {"c_to_s": [12,1,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,1,1,0,0,0,1,0,0,1],"entropies": [4.845952034,5.276737213,5.243131161,4.473354340,5.090543747,7.802321434,7.843567848,5.288201809,5.260424137,7.108726978,5.260424137,6.180178165,6.552865028,7.368058681,5.107836723,5.135614395,5.097352028,7.652834892,5.232646942,5.827667713,5.769781590,5.232646942,7.502712727,7.757375717,7.029527187,5.232646465,5.260424137,5.288201809,5.925748348,5.260424137,5.889372826,5.107836723]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714698324,"flow_dst_last_pkt_time":1605289714737758,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714737758,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuCAAsx4dBqQ0uCgBALMAWbAAABAQgKwrkkKc+qNCg="}
-01303{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":575,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714698324,"flow_dst_last_pkt_time":1605289714739608,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605289714739608,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"accounts.pinterest.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-03083{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":583,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714739677,"flow_dst_last_pkt_time":1605289714740234,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5240,"midstream":0,"thread_ts_usec":1605289714740234,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"accounts.pinterest.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}}
-00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714782619,"flow_src_last_pkt_time":1605289714782619,"flow_dst_last_pkt_time":1605289714782619,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714782619,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714782619,"flow_dst_last_pkt_time":1605289714782619,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714782619,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LuqIAAAAAoAL9IEOtAAACBAWgBAIICnRgZN4AAAAAAQMDBw=="}
-02145{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":639,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289714795031,"flow_dst_last_pkt_time":1605289714793606,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1778,"flow_dst_tot_l4_payload_len":5802,"midstream":0,"thread_ts_usec":1605289714795031,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":15232.9,"max":132689,"stddev":29577.9,"var":874849472.0,"ent":3.1,"data": [23500,23520,222,32278,1902,1,0,33966,35,25,324,0,242,8,1731,75,102,35078,5741,3731,0,1,42641,14,135,39228,93613,132689,1225,118,74]},"pktlen": {"min":72,"avg":309.4,"max":1280,"stddev":401.1,"var":160869.7,"ent":4.1,"data": [80,80,72,589,72,1280,1280,1280,72,72,72,1280,173,72,72,136,164,451,72,72,652,103,72,72,72,103,72,330,72,111,229,571]},"bins": {"c_to_s": [11,1,2,0,1,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0],"entropies": [4.656593323,5.123788357,5.017778397,4.494572163,4.850525856,7.806178570,7.820445061,7.825618267,4.990000248,4.985159874,5.017777920,7.793226242,6.582598209,5.045556068,5.045556068,6.051473618,6.341272354,7.424715996,4.850525856,4.812263489,7.613498688,5.540113449,4.850525856,5.073333740,5.073333740,5.737332821,4.822747707,7.185048103,5.017778397,5.884420395,6.843392372,7.591670513]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714782619,"flow_dst_last_pkt_time":1605289714832909,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714832909,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAByAqAcsBIEmLB5kd7IUo3\/YpAbve2qyyOFrOS7qjoBJXgB0bAAACBAV4AQMDAwQCCArCuSSHdGBk3g=="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714832956,"flow_dst_last_pkt_time":1605289714832909,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714832956,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LuqOssjhbgBAB+6D6AAABAQgKdGBlEMK5JIc="}
-01232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":694,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714833176,"flow_dst_last_pkt_time":1605289714832909,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714833176,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LuqOssjhbgBgB+9wiAAABAQgKdGBlEcK5JIcWAwECAAEAAfwDA\/Ezw4mbUrI42jPHW\/R2JVq8HiENkzAbEci0fYqAxMkBIKC\/V9JydIygOtZAUS0JoPRGfzSMLpt5E5aZDM7pIRYPACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAGAAWAAATaW1hZ2VzLnVuc3BsYXNoLmNvbQAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApSkoAAQAAHQAgXafHcjSuu0lDRwVYnybRA+hptEDEqNkxm07M0aaWohAALQACAQEAKwALCsrKAwQDAwMCAwEAGwADAgACGhoAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714782619,"flow_src_last_pkt_time":1605289714833176,"flow_dst_last_pkt_time":1605289714832909,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714833176,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"images.unsplash.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":869,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714833176,"flow_dst_last_pkt_time":1605289714864628,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714864628,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAByAqAcsBIEmLB5kd7IUo3\/YpAbve2qyyOFvOS7yogBALMJWfAAABAQgKwrkkp3RgZRE="}
-01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":870,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289714782619,"flow_src_last_pkt_time":1605289714833176,"flow_dst_last_pkt_time":1605289714867730,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714867730,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"images.unsplash.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-03501{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":876,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1605289714782619,"flow_src_last_pkt_time":1605289714868409,"flow_dst_last_pkt_time":1605289714869584,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5552,"midstream":0,"thread_ts_usec":1605289714869584,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":1,"category":"Media","hostname":"images.unsplash.com","tls": {"version":"TLSv1.2","server_names":"imgix2.map.fastly.net,*.camp-fire.jp,*.carwow.co.uk,*.carwow.de,*.carwow.es,*.catchandrelease.com,*.dorothee-schumacher.com,*.footway.com,*.img-ikyu.com,*.imgix.drizly.com,*.instamotor.com,*.microdinc.com,*.msastaging.com,*.peddle.com,*.remax.ca,*.ustudio.com,*.vaping360.com,*.weber.com,article-image-ix.nikkei.com,assets.eberhardt-travel.de,assets.verishop.com,assets.verishop.xyz,cdn.airstream.com,cdn.elementthree.com,cdn.hashnode.com,cdn.naturalhealthyconcepts.com,cdn.parent.eu,cdn.phonehouse.es,cdn.shiplus.co.il,i.drop-cdn.com,i.upworthy.com,image.volunteerworld.com,imageproxy.themaven.net,images-dev.takeshape.io,images.101cookbooks.com,images.beano.com,images.businessoffashion.com,images.congstar.de,images.diesdas.digital,images.fandor.com,images.greetingsisland.com,images.malaecuia.com.br,images.omaze.com,images.roulottesgagnon.com,images.takeshape.io,images.thewanderful.co,images.unsplash.com,images.victoriaplum.com,images.vraiandoro.com,img-1.homely.com.au,img-stack.imagereflow.com,img.badshop.se,img.bernieandphyls.com,img.bioopticsworld.com,img.broadbandtechreport.com,img.broadwaybox.com,img.bygghemma.se,img.bygghjemme.no,img.byggshop.se,img.cablinginstall.com,img.dentaleconomics.com,img.dentistryiq.com,img.evaluationengineering.com,img.golvshop.se,img.grudado.com.br,img.industrial-lasers.com,img.induux.de,img.intelligent-aerospace.com,img.inturn.co,img.laserfocusworld.com,img.ledsmagazine.com,img.lightwaveonline.com,img.militaryaerospace.com,img.mychannels.video,img.officer.com,img.offshore-mag.com,img.ogj.com,img.perioimplantadvisory.com,img.plasticsmachinerymagazine.com,img.prevu.com,img.rdhmag.com,img.speedcurve.com,img.strategies-u.com,img.utilityproducts.com,img.vision-systems.com,img.waterworld.com,img.workbook.com,img.xlhemma.se,img1.nowpurchase.com,iw.induux.de,m.22slides.com,media.sailrace.com,media.useyourlocal.com,pictures.hideaways.dk,raven.contrado.com,resources.intuitive.com,static.doorsuperstore.co.uk","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=imgix2.map.fastly.net","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1F:BC:A1:79:48:96:70:32:B8:08:C1:38:D4:20:12:BE:D9:6F:14:B6"}}}
-01969{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":889,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714873020,"flow_dst_last_pkt_time":1605289714873010,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1043,"flow_dst_tot_l4_payload_len":6264,"midstream":0,"thread_ts_usec":1605289714873020,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":13869.2,"max":89623,"stddev":22425.8,"var":502918720.0,"ent":3.3,"data": [39835,39893,388,39880,1850,1,41296,35,60,0,18,4,565,0,563,29,2922,2605,564,39805,119,1086,1924,0,36819,15,203,49740,40102,0,89623]},"pktlen": {"min":72,"avg":300.8,"max":1120,"stddev":374.8,"var":140490.0,"ent":4.1,"data": [80,80,72,589,72,1120,1120,72,72,1120,1120,72,72,1120,154,72,72,165,171,368,72,72,72,330,138,72,72,110,72,516,246,72]},"bins": {"c_to_s": [11,1,1,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,2,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0],"entropies": [4.759509563,5.142373085,5.117740154,4.564804554,4.953123093,6.789499283,4.442035198,5.175263882,5.103079796,6.610801220,7.126421452,5.203041553,5.203041553,7.603042603,6.151700974,5.175263882,5.175263882,6.101224422,6.300935745,7.262635231,4.980900764,5.036456108,4.980900764,7.043718815,6.196548939,5.175263882,5.175263882,5.631328106,5.036456108,7.479037762,6.852047443,5.230819225]}}
-03086{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":889,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714873020,"flow_dst_last_pkt_time":1605289714873010,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1043,"flow_dst_tot_l4_payload_len":6264,"midstream":0,"thread_ts_usec":1605289714873020,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"accounts.pinterest.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}}
-01960{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1116,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289714782619,"flow_src_last_pkt_time":1605289714902517,"flow_dst_last_pkt_time":1605289714903070,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1077,"flow_dst_tot_l4_payload_len":12561,"midstream":0,"thread_ts_usec":1605289714903070,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7753.2,"max":50337,"stddev":15382.7,"var":236626480.0,"ent":2.9,"data": [50290,50337,220,31719,3102,0,34561,13,675,659,1179,1,1182,11,2643,116,155,32346,0,0,0,1,29460,6,548,1,0,514,15,6,589]},"pktlen": {"min":72,"avg":498.7,"max":1460,"stddev":595.9,"var":355070.7,"ent":4.0,"data": [80,80,72,589,72,1460,1460,72,72,1460,72,1460,1205,72,72,165,171,440,72,72,72,330,138,72,72,1460,1460,1460,72,72,72,1460]},"bins": {"c_to_s": [12,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,8,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,1,1,1,0,0,0,1],"entropies": [4.703702927,5.136080265,5.124309540,4.545345783,5.017591953,6.717867374,4.853471756,5.096531868,5.124309540,7.395221710,5.124309540,7.321218014,7.643990993,5.124309540,5.152087212,5.949683189,6.333797455,7.364598274,5.017591953,5.017591953,4.989814281,7.067564487,6.163845539,5.152087212,5.124309540,7.852941513,7.865815639,7.871354580,5.096531868,5.124309540,5.053668499,7.834792614]}}
-03506{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1116,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289714782619,"flow_src_last_pkt_time":1605289714902517,"flow_dst_last_pkt_time":1605289714903070,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1077,"flow_dst_tot_l4_payload_len":12561,"midstream":0,"thread_ts_usec":1605289714903070,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":1,"category":"Media","hostname":"images.unsplash.com","tls": {"version":"TLSv1.2","server_names":"imgix2.map.fastly.net,*.camp-fire.jp,*.carwow.co.uk,*.carwow.de,*.carwow.es,*.catchandrelease.com,*.dorothee-schumacher.com,*.footway.com,*.img-ikyu.com,*.imgix.drizly.com,*.instamotor.com,*.microdinc.com,*.msastaging.com,*.peddle.com,*.remax.ca,*.ustudio.com,*.vaping360.com,*.weber.com,article-image-ix.nikkei.com,assets.eberhardt-travel.de,assets.verishop.com,assets.verishop.xyz,cdn.airstream.com,cdn.elementthree.com,cdn.hashnode.com,cdn.naturalhealthyconcepts.com,cdn.parent.eu,cdn.phonehouse.es,cdn.shiplus.co.il,i.drop-cdn.com,i.upworthy.com,image.volunteerworld.com,imageproxy.themaven.net,images-dev.takeshape.io,images.101cookbooks.com,images.beano.com,images.businessoffashion.com,images.congstar.de,images.diesdas.digital,images.fandor.com,images.greetingsisland.com,images.malaecuia.com.br,images.omaze.com,images.roulottesgagnon.com,images.takeshape.io,images.thewanderful.co,images.unsplash.com,images.victoriaplum.com,images.vraiandoro.com,img-1.homely.com.au,img-stack.imagereflow.com,img.badshop.se,img.bernieandphyls.com,img.bioopticsworld.com,img.broadbandtechreport.com,img.broadwaybox.com,img.bygghemma.se,img.bygghjemme.no,img.byggshop.se,img.cablinginstall.com,img.dentaleconomics.com,img.dentistryiq.com,img.evaluationengineering.com,img.golvshop.se,img.grudado.com.br,img.industrial-lasers.com,img.induux.de,img.intelligent-aerospace.com,img.inturn.co,img.laserfocusworld.com,img.ledsmagazine.com,img.lightwaveonline.com,img.militaryaerospace.com,img.mychannels.video,img.officer.com,img.offshore-mag.com,img.ogj.com,img.perioimplantadvisory.com,img.plasticsmachinerymagazine.com,img.prevu.com,img.rdhmag.com,img.speedcurve.com,img.strategies-u.com,img.utilityproducts.com,img.vision-systems.com,img.waterworld.com,img.workbook.com,img.xlhemma.se,img1.nowpurchase.com,iw.induux.de,m.22slides.com,media.sailrace.com,media.useyourlocal.com,pictures.hideaways.dk,raven.contrado.com,resources.intuitive.com,static.doorsuperstore.co.uk","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=imgix2.map.fastly.net","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1F:BC:A1:79:48:96:70:32:B8:08:C1:38:D4:20:12:BE:D9:6F:14:B6"}}}
-00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2206,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289715133578,"flow_src_last_pkt_time":1605289715133578,"flow_dst_last_pkt_time":1605289715133578,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715133578,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2206,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1605289715133578,"flow_dst_last_pkt_time":1605289715133578,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715133578,"pkt":"qtsDr8lk5EKm5WPyht1gAUyOACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyX4Bu+HPmfcAAAAAoAL9IJHxAAACBAWgBAIICjiITggAAAAAAQMDBw=="}
-00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2778,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1605289715133578,"flow_dst_last_pkt_time":1605289715210396,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715210396,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvJfoEpGV7hz5n4oBJXgLSTAAACBAV4AQMDAwQCCArCuSXYOIhOCA=="}
-00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2781,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1605289715210445,"flow_dst_last_pkt_time":1605289715210396,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715210445,"pkt":"qtsDr8lk5EKm5WPyht1gAUyOACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyX4Bu+HPmfiBKRlfgBAB+zhYAAABAQgKOIhOVcK5Jdg="}
-01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2792,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1605289715212290,"flow_dst_last_pkt_time":1605289715210396,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289715212290,"pkt":"qtsDr8lk5EKm5WPyht1gAUyOAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyX4Bu+HPmfiBKRlfgBgB+6OKAAABAQgKOIhOV8K5JdgWAwECAAEAAfwDAyko5RIhdw7iSMvL+JxYqZMyWbwdT4mua+Aq4PLn7o6AIHiamGncKVvaC4Qe+Wkd02CeOTDRVPAoUdvjHzZzHWAnACD6+hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOKigAAAAAAFAASAAAPd3d3LmdzdGF0aWMuY29tABcAAP8BAAEAAAoACgAIWloAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClaWgABAAAdACCRstqE9fnS4cN2o44Xylwq4VObB7JF4wgnATR+54QtdwAtAAIBAQArAAsKuroDBAMDAwIDAQAbAAMCAAL6+gABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2792,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715133578,"flow_src_last_pkt_time":1605289715212290,"flow_dst_last_pkt_time":1605289715210396,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715212290,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2896,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289715221747,"flow_src_last_pkt_time":1605289715221747,"flow_dst_last_pkt_time":1605289715221747,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715221747,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2896,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1605289715221747,"flow_dst_last_pkt_time":1605289715221747,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715221747,"pkt":"qtsDr8lk5EKm5WPyht1gDRmqACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1JABu7b0CzwAAAAAoAL9ILgWAAACBAWgBAIICnB0noAAAAAAAQMDBw=="}
-00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3283,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1605289715212290,"flow_dst_last_pkt_time":1605289715257682,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715257682,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvJfoEpGV\/hz5v9gBALMCzUAAABAQgKwrkmIDiITlc="}
-00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3385,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1605289715221747,"flow_dst_last_pkt_time":1605289715273354,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715273354,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvUkNYqBSe29As9oBJXgJmfAAACBAV4AQMDAwQCCArCuSYncHSegA=="}
-00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3387,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1605289715273482,"flow_dst_last_pkt_time":1605289715273354,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715273482,"pkt":"qtsDr8lk5EKm5WPyht1gDRmqACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1JABu7b0Cz3WKgUogBAB+x19AAABAQgKcHSetMK5Jic="}
-01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3394,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1605289715274121,"flow_dst_last_pkt_time":1605289715273354,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289715274121,"pkt":"qtsDr8lk5EKm5WPyht1gDRmqAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1JABu7b0Cz3WKgUogBgB+5ZOAAABAQgKcHSetcK5JicWAwECAAEAAfwDA\/Wo9zH9kIsC3p0+x0Ogp3CBXjA+aSeyGzEE6vb9ZTk9IJABGD2ndVeTf+odvyDjSMzv7BNGBBHaaAJBgxYc9sAYACDKyhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAFAASAAAPYXBpcy5nb29nbGUuY29tABcAAP8BAAEAAAoACgAIqqoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmqqgABAAAdACB2WXZxKMS9tF781JcLrIeE0V3s7s7Xei6L\/wVkpPzjGAAtAAIBAQArAAsK+voDBAMDAwIDAQAbAAMCAALq6gABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3394,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715221747,"flow_src_last_pkt_time":1605289715274121,"flow_dst_last_pkt_time":1605289715273354,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715274121,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apis.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3395,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289715274358,"flow_src_last_pkt_time":1605289715274358,"flow_dst_last_pkt_time":1605289715274358,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715274358,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3395,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1605289715274358,"flow_dst_last_pkt_time":1605289715274358,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715274358,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuACgGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vIYAAAAAoAL9IIqeAAACBAWgBAIICrhM3AoAAAAAAQMDBw=="}
-01259{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3513,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715133578,"flow_src_last_pkt_time":1605289715212290,"flow_dst_last_pkt_time":1605289715287643,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289715287643,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3659,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1605289715274358,"flow_dst_last_pkt_time":1605289715301345,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715301345,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoDKIDwMAAT+s6wDAAAAAMqAcsBIEmLB5kd7IUo3\/YpAbvIXBJtCi5yubyHoBJXgCqsAAACBAV4AQMDAwQCCArCuSZZuEzcCg=="}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3660,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1605289715274121,"flow_dst_last_pkt_time":1605289715301345,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715301345,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvUkNYqBSi29A1CgBALMBIOAAABAQgKwrkmW3B0nrU="}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3662,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1605289715301435,"flow_dst_last_pkt_time":1605289715301345,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715301435,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuACAGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vIcSbQovgBAB+66iAAABAQgKuEzcJcK5Jlk="}
-01234{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3667,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1605289715301671,"flow_dst_last_pkt_time":1605289715301345,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289715301671,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuAiUGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vIcSbQovgBgB+0gHAAABAQgKuEzcJcK5JlkWAwECAAEAAfwDA5gekqpKhlC2ipL2zI8L5\/kv3e0nxnbXEmgavka1LHWVIBeXyfu8UN0TfZ\/W27lJZzaKDZAJHcd7oBhNLgsTwfr\/ACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAGQAXAAAUY29ubmVjdC5mYWNlYm9vay5uZXQAFwAA\/wEAAQAACgAKAAi6ugAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKbq6AAEAAB0AIGc+3YDJXOpck3uyogqFw1bonkkYAWZ3xkO5tRdYSBRhAC0AAgEBACsACwoaGgMEAwMDAgMBABsAAwIAAurqAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01230{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3667,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715274358,"flow_src_last_pkt_time":1605289715301671,"flow_dst_last_pkt_time":1605289715301345,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715301671,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"connect.facebook.net","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01259{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3797,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715221747,"flow_src_last_pkt_time":1605289715274121,"flow_dst_last_pkt_time":1605289715321807,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289715321807,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apis.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3818,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1605289715301671,"flow_dst_last_pkt_time":1605289715333683,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715333683,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoDKIDwMAAT+s6wDAAAAAMqAcsBIEmLB5kd7IUo3\/YpAbvIXBJtCi9yub6MgBALMKNIAAABAQgKwrkmebhM3CU="}
-01275{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3820,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715274358,"flow_src_last_pkt_time":1605289715301671,"flow_dst_last_pkt_time":1605289715333684,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1380,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1380,"midstream":0,"thread_ts_usec":1605289715333684,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"connect.facebook.net","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-02142{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3889,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289715133578,"flow_src_last_pkt_time":1605289715335705,"flow_dst_last_pkt_time":1605289715335669,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":987,"flow_dst_tot_l4_payload_len":9735,"midstream":0,"thread_ts_usec":1605289715335705,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":13039.3,"max":76867,"stddev":25126.2,"var":631323968.0,"ent":2.8,"data": [76818,76867,1845,47286,29961,0,0,75361,6,2,2110,577,1618,47934,0,0,88,0,1,0,1,1,1,0,43713,12,4,2,3,3,4]},"pktlen": {"min":72,"avg":407.6,"max":1280,"stddev":486.0,"var":236213.0,"ent":4.1,"data": [80,80,72,589,72,1280,1280,342,72,72,72,136,164,386,72,72,72,652,103,470,1280,1280,1280,1280,1280,72,72,72,72,72,72,72]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0],"entropies": [4.791396141,5.261173248,5.175122738,4.488063812,5.118321419,7.805737019,7.818699837,7.306349754,5.164638519,5.175123215,5.175123215,6.012620926,6.475091934,7.352373600,5.107836723,5.135614395,5.163392067,7.573746204,5.684781551,7.517905235,7.836332798,7.835289955,7.831481934,7.851193428,7.838675499,5.164638519,5.126376152,5.230678558,5.185607433,5.230678558,5.175123215,5.230678558]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-02167{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":4871,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289715221747,"flow_src_last_pkt_time":1605289715430506,"flow_dst_last_pkt_time":1605289715430565,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":965,"flow_dst_tot_l4_payload_len":10223,"midstream":0,"thread_ts_usec":1605289715430565,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":13470.2,"max":79486,"stddev":22212.4,"var":493390560.0,"ent":3.3,"data": [51607,51735,639,27991,20462,0,1,47699,14,8,3349,184,136,69956,1,28,13172,79486,329,8681,8388,16746,3,2,2,16717,40,14,21,164,2]},"pktlen": {"min":72,"avg":422.1,"max":1280,"stddev":496.1,"var":246097.6,"ent":4.1,"data": [80,80,72,589,72,1280,1280,312,72,72,72,136,164,333,72,72,72,652,72,103,103,72,988,1280,1280,1280,72,72,72,72,1280,1280]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,1,1,1,0,0,0,0,1,1],"entropies": [4.905388832,5.201737404,5.194384098,4.447809696,5.069574356,7.796703339,7.816472054,7.245393753,5.222161770,5.194384098,5.194384098,6.221469402,6.666475773,7.225831985,5.059089661,5.086867332,5.097352028,7.629415512,5.222161770,5.833802700,5.730946064,5.211677074,7.792719841,7.812408924,7.862325191,7.810635090,5.211677074,5.249939442,5.222161770,5.222161770,7.816607952,7.836236000]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-02163{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":5465,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1605289715274358,"flow_src_last_pkt_time":1605289715471680,"flow_dst_last_pkt_time":1605289715427326,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1380,"flow_src_tot_l4_payload_len":1347,"flow_dst_tot_l4_payload_len":5004,"midstream":0,"thread_ts_usec":1605289715471680,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":11299.7,"max":93180,"stddev":21751.5,"var":473125984.0,"ent":3.0,"data": [26987,27077,236,32338,1,0,32042,17,3873,399,116,64739,93180,2,1,290,2,3,2,24343,46,12,9,157,3,2,82,23,41,4388,39879]},"pktlen": {"min":72,"avg":271.0,"max":1452,"stddev":368.4,"var":135732.3,"ent":4.1,"data": [80,80,72,589,72,1452,979,72,72,136,164,330,330,72,72,72,251,152,116,653,72,72,72,72,483,1452,114,72,72,72,103,199]},"bins": {"c_to_s": [12,0,2,1,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,1,1,0,0,0,0,0],"entropies": [5.086080074,5.358260632,5.421088219,4.582517624,5.325077534,7.824724197,7.800261974,5.487128258,5.459350586,6.217577457,6.494597435,7.339631081,7.344889641,5.269522190,5.231259823,5.286815166,7.021345615,6.361854553,5.947217464,7.648275852,5.393310547,5.421088219,5.393310547,5.448865891,7.531715393,7.878327370,6.086453915,5.448865891,5.421088219,5.365532398,5.884278774,6.731818199]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6497,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289715782853,"flow_src_last_pkt_time":1605289715782853,"flow_dst_last_pkt_time":1605289715782853,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715782853,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6497,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1605289715782853,"flow_dst_last_pkt_time":1605289715782853,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715782853,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEACgGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2RbtWoAAAAAoAL9IBbyAAACBAWgBAIICmcfa8wAAAAAAQMDBw=="}
-00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6878,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1605289715782853,"flow_dst_last_pkt_time":1605289715833903,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715833903,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoDKIDxHwCD+s6wDAAAJd4qAcsBIEmLB5kd7IUo3\/YpAbvrtAAp+EJkW7VroBJXgNkoAAACBAV4AQMDAwQCCArCuShfZx9rzA=="}
-00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6886,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1605289715833970,"flow_dst_last_pkt_time":1605289715833903,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715833970,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEACAGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2RbtWsAKfhDgBAB+10HAAABAQgKZx9r\/8K5KF8="}
-01233{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6914,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1605289715834672,"flow_dst_last_pkt_time":1605289715833903,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289715834672,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEAiUGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2RbtWsAKfhDgBgB+\/QzAAABAQgKZx9sAMK5KF8WAwECAAEAAfwDA15ScC6cz0Mm40ZOuOfJU9tsVGcffyVHK66YSdKRGbaAIPaARvdX8cCHMx9rMsZJhiJlEhn0QL88TbX34lqqt\/OKACDa2hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAFQATAAAQd3d3LmZhY2Vib29rLmNvbQAXAAD\/AQABAAAKAAoACCoqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApKioAAQAAHQAgpYv7qRG6do7VtNy5242ZZbX6mD8VP8lQEUUuZeSYdj0ALQACAQEAKwALCsrKAwQDAwMCAwEAGwADAgACCgoAAQAAFQDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6914,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715782853,"flow_src_last_pkt_time":1605289715834672,"flow_dst_last_pkt_time":1605289715833903,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715834672,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7909,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289715966342,"flow_dst_last_pkt_time":1605289715966342,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715966342,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7909,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1605289715966342,"flow_dst_last_pkt_time":1605289715966342,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715966342,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7B4AAAAAoAL9IFQFAAACBAWgBAIICqkvSd0AAAAAAQMDBw=="}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8856,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1605289715834672,"flow_dst_last_pkt_time":1605289716018193,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289716018193,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoDKIDxHwCD+s6wDAAAJd4qAcsBIEmLB5kd7IUo3\/YpAbvrtAAp+ENkW7dwgBALMFGYAAABAQgKwrkok2cfbAA="}
-01274{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8857,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715782853,"flow_src_last_pkt_time":1605289715834672,"flow_dst_last_pkt_time":1605289716018194,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1380,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1380,"midstream":0,"thread_ts_usec":1605289716018194,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8901,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1605289715966342,"flow_dst_last_pkt_time":1605289716021823,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289716021823,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbu6rg79HT9v4ewfoBJXgOHBAAACBAV4AQMDAwQCCArCuSkJqS9J3Q=="}
-00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8902,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1605289716021899,"flow_dst_last_pkt_time":1605289716021823,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289716021899,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7B8O\/R1AgBAB+2WcAAABAQgKqS9KFMK5KQk="}
-01232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8903,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1605289716024503,"flow_dst_last_pkt_time":1605289716021823,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289716024503,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7B8O\/R1AgBgB+960AAABAQgKqS9KF8K5KQkWAwECAAEAAfwDAz7PSjjgfHJf+nCfn3DPMxydUwVUjvYQFiNHK08caRmgIChBHphlkCrDONZuzjKATga3CNpgPdLG1nC8FJaIcfu7ACDa2hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAJAAiAAAfY29udGVudC1hdXRvZmlsbC5nb29nbGVhcGlzLmNvbQAXAAD\/AQABAAAKAAoACGpqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApamoAAQAAHQAgphW3bcEnLefm+sIpksFu2OouFtq8r6bigf0SizCebCQALQACAQEAKwALCpqaAwQDAwMCAwEAGwADAgACCgoAAQAAFQC9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8903,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289716024503,"flow_dst_last_pkt_time":1605289716021823,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289716024503,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8917,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1605289716024503,"flow_dst_last_pkt_time":1605289716066903,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289716066903,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbu6rg79HUBv4e4kgBALMFoOAAABAQgKwrkpWqkvShc="}
-01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8994,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289716024503,"flow_dst_last_pkt_time":1605289716084706,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289716084706,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9522,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289716168715,"flow_src_last_pkt_time":1605289716168715,"flow_dst_last_pkt_time":1605289716168715,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289716168715,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9522,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1605289716168715,"flow_dst_last_pkt_time":1605289716168715,"flow_idle_time":3285032704,"pkt_caplen":244,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":244,"pkt_l4_len":190,"thread_ts_usec":1605289716168715,"pkt":"qtsDr8lk5EKm5WPyht1gB32\/AL4GQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACADqioBu9lam\/a\/4e68gBgE1TyJAAABAQgKZPSVcMK4jAQXAwMAmbA2YtBqXOwsPZhf0xplQUhs5uebiQ6HrXX0rQcB3CzDNqt6KEFEtOrnLbiyKoAl0\/PfpLU5lSyfN4b6GWAPMuxRzKK1mYHeU6cm19ssJsGj28uoKpDNJuLbc68jHie5jcE8\/swMHjb\/rsshDlUuBkbS0PBg+fBq\/uDg8aBU7dQCoscpqfDhz7OaLw8PBcid6Woaoneonk0XRQ=="}
-00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9522,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289716168715,"flow_src_last_pkt_time":1605289716168715,"flow_dst_last_pkt_time":1605289716168715,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289716168715,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9523,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1605289716168917,"flow_dst_last_pkt_time":1605289716168715,"flow_idle_time":3285032704,"pkt_caplen":209,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":209,"pkt_l4_len":155,"thread_ts_usec":1605289716168917,"pkt":"qtsDr8lk5EKm5WPyht1gB32\/AJsGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACADqioBu9lanJS\/4e68gBgE1YEBAAABAQgKZPSVcMK4jAQXAwMAT0+KQ56NjlMHGW+d6G5ddduewRHnDyQJNOhFGSBeS16m4KVAja7XHlyuQrxKoq24Sn8bLVvUYgiRl0ogV926yAF+\/eBnK0DefdFCPgWpP6kXAwMAIh\/Eke2gVwnwKuWIWa9HbFAoJdRk5f1TigycRztSwvhmbFo="}
-00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9663,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1605289716168917,"flow_dst_last_pkt_time":1605289716192184,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289716192184,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbuqKr\/h7rzZWpyUgBALf8h0AAABAQgKwrkp2GT0lXA="}
-00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9666,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1605289716168917,"flow_dst_last_pkt_time":1605289716192344,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289716192344,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbuqKr\/h7rzZWp0PgBALj8fpAAABAQgKwrkp2GT0lXA="}
-00802{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9717,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1605289716168917,"flow_dst_last_pkt_time":1605289716197451,"flow_idle_time":3285032704,"pkt_caplen":277,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":277,"pkt_l4_len":223,"thread_ts_usec":1605289716197451,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAN8GPSoAFFBABwgFAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbuqKr\/h7rzZWp0PgBgLjwvfAAABAQgKwrkp2WT0lXAXAwMAuvbpCprhIHZOm+s71xjln8W5wRXAEZMMYHzFfgrc8Qz4ihOFNdXXrcK7V3sZoCmBJ+9UP9pq7hG1hJyCeP+MFNZTxO2gaK55QvARJT791YHr2a9N\/48L6BIqY0g9tYfn4yZI8zlroZ226D4je2OGOYeBFXAt\/SWtduBHYRboL2SojJhXdPVjX\/gNGYSfvf2cQ4Gmy4NkAXucZYn6wYVA\/ALz1WSrztJHvD8qTVY2ZZ3gbVGKtvonmOvlwA=="}
-02131{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":9768,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":23,"flow_first_seen":1605289716168715,"flow_src_last_pkt_time":1605289716199465,"flow_dst_last_pkt_time":1605289716199511,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":21058,"midstream":1,"thread_ts_usec":1605289716199511,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":1985.4,"max":28590,"stddev":6415.7,"var":41161208.0,"ent":1.8,"data": [202,23469,160,5107,2,28590,251,1,1,2,214,4,31,0,19,391,1,0,1,397,8,1304,0,0,1,0,1316,72,1,1,0]},"pktlen": {"min":72,"avg":738.8,"max":1280,"stddev":578.2,"var":334348.7,"ent":4.5,"data": [230,195,72,72,263,1280,72,1280,1280,1280,1280,72,72,1280,1280,72,1280,1280,1280,1280,72,72,1280,1280,237,111,199,72,1280,1280,1280,1280]},"bins": {"c_to_s": [7,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,1,1,1,0,0,1,1,1,1,1,0,1,1,1,1],"entropies": [6.948834896,6.675073147,5.125129700,5.125129700,6.977108479,7.855700493,5.182512760,7.824506283,7.846910477,7.827116013,7.838431835,5.116472721,5.137442112,7.839233875,7.849976540,5.154735088,7.852743149,7.835449219,7.826992035,7.859686375,5.182512760,5.182512760,7.806921482,7.824195862,6.883517742,5.810838699,6.706934929,5.109664440,7.833899021,7.836830139,7.838667870,7.830160618]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14612,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289717548570,"flow_dst_last_pkt_time":1605289717548570,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289717548570,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14612,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1605289717548570,"flow_dst_last_pkt_time":1605289717548570,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289717548570,"pkt":"qtsDr8lk5EKm5WPyht1gD67DACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PaD4AAAAAoAL9ID+FAAACBAWgBAIICjGG9eUAAAAAAQMDBw=="}
-00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14613,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1605289717548570,"flow_dst_last_pkt_time":1605289717572004,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289717572004,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIA0qAcsBIEmLB5kd7IUo3\/YpAbufvovR75juz2g\/oBJXgHfiAAACBAV4AQMDAwQCCArCuS86MYb15Q=="}
-00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14614,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1605289717572182,"flow_dst_last_pkt_time":1605289717572004,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289717572182,"pkt":"qtsDr8lk5EKm5WPyht1gD67DACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PaD+L0e+ZgBAB+\/vbAAABAQgKMYb1\/cK5Lzo="}
-01232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14615,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1605289717572787,"flow_dst_last_pkt_time":1605289717572004,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289717572787,"pkt":"qtsDr8lk5EKm5WPyht1gD67DAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PaD+L0e+ZgBgB+0DvAAABAQgKMYb1\/cK5LzoWAwECAAEAAfwDA800cC9OVh30oKukmv7TjuGOfIQsAXjOcIds0bgi09HFIBoSrrmErFO1TCZKJVvIhS6wQO5Ret2I7u3t0EJASsOHACBaWhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAGAAWAAATYWNjb3VudHMuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAoACHp6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApenoAAQAAHQAg3SQzsRLwlL1ZHWLzcJyUxb7R5EthsHkv9Gz6Dx5HIhsALQACAQEAKwALCoqKAwQDAwMCAwEAGwADAgACysoAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01219{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14615,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289717572787,"flow_dst_last_pkt_time":1605289717572004,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289717572787,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14616,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1605289717572787,"flow_dst_last_pkt_time":1605289717599829,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289717599829,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIA0qAcsBIEmLB5kd7IUo3\/YpAbufvovR75nuz2pEgBALMPCFAAABAQgKwrkvVjGG9f0="}
-01264{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14617,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289717572787,"flow_dst_last_pkt_time":1605289717605090,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289717605090,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-02191{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":14635,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289717653626,"flow_dst_last_pkt_time":1605289716195463,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":4020,"midstream":0,"thread_ts_usec":1605289717653626,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":61819.5,"max":1485939,"stddev":260701.6,"var":67965321216.0,"ent":1.6,"data": [55481,55557,2604,45080,17803,15,60231,16,286,275,9398,2484,606,42880,0,228,1,30633,193,14864,14650,23014,0,23014,8,85,0,70,1606,29384,1485939]},"pktlen": {"min":72,"avg":238.1,"max":1280,"stddev":317.7,"var":100919.6,"ent":4.1,"data": [80,80,72,589,72,1280,1280,72,72,573,72,136,164,444,72,72,72,652,72,103,103,72,462,135,72,72,111,72,72,111,72,237]},"bins": {"c_to_s": [11,1,2,0,0,1,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,0],"entropies": [4.830388546,5.236173153,5.083273411,4.664566517,5.024503708,7.801916599,7.849427700,5.232646465,5.204868793,7.603487968,5.204868793,6.090775967,6.470489025,7.520395279,5.107836723,5.107836723,5.080059052,7.600295067,5.194384098,5.756132126,5.672693253,5.166606426,7.483500957,6.249640465,5.177091122,5.204868793,5.886195660,5.135614395,5.204868793,5.955920696,5.135614395,6.860337257]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-02168{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":14645,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289717681759,"flow_dst_last_pkt_time":1605289717681662,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":959,"flow_dst_tot_l4_payload_len":10121,"midstream":0,"thread_ts_usec":1605289717681759,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8589.7,"max":42968,"stddev":12964.6,"var":168080032.0,"ent":3.5,"data": [23434,23612,605,27825,5261,2,0,32335,48,7,3191,171,159,42968,880,1,157,40413,894,3393,2534,21369,1,21337,22,7799,1,0,1,7829,32]},"pktlen": {"min":72,"avg":418.8,"max":1280,"stddev":492.4,"var":242485.9,"ent":4.1,"data": [80,80,72,589,72,1280,1280,322,72,72,72,136,164,327,72,72,72,652,72,103,103,72,876,1280,72,72,1280,1280,1280,1280,72,72]},"bins": {"c_to_s": [12,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,1,0,0,1,1,1,1,0,0],"entropies": [4.905389309,5.361174107,5.232646465,4.557852268,5.107836723,7.817549706,7.840916157,7.180346489,5.232646465,5.260424137,5.260424137,6.185771942,6.393667221,7.196280479,5.107836723,5.107836723,5.107836723,7.630718231,5.204868793,5.782878876,5.796528339,5.222161770,7.750598431,7.833017826,5.260424137,5.260424137,7.845281124,7.848848343,7.857541561,7.841633797,5.194384098,5.232646465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-02203{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":14705,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289715782853,"flow_src_last_pkt_time":1605289717682629,"flow_dst_last_pkt_time":1605289717754541,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1380,"flow_src_tot_l4_payload_len":1620,"flow_dst_tot_l4_payload_len":4362,"midstream":0,"thread_ts_usec":1605289717754541,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":124885.9,"max":1522186,"stddev":365675.9,"var":133718884352.0,"ent":2.3,"data": [51050,51117,702,184290,1,0,183671,66,7538,8559,3870,48706,3,10603,0,1,1,39192,55,6,1700,5826,4025,34675,42375,77042,1489773,1522186,1,32460,71970]},"pktlen": {"min":72,"avg":259.4,"max":1452,"stddev":363.6,"var":132225.8,"ent":4.1,"data": [80,80,72,589,72,1452,980,72,72,136,164,442,72,72,72,243,152,103,72,72,72,103,107,72,72,492,72,618,72,107,72,1374]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,0,1,1,0,0,1,1,0,1],"entropies": [5.147778988,5.386569977,5.363564491,4.530324936,5.275225163,7.856009483,7.774714947,5.419119835,5.348239422,6.266700268,6.486256123,7.484294891,5.260424137,5.260424137,5.232646465,6.926154137,6.485898972,5.898414135,5.275390625,5.325302124,5.275390625,5.898528576,5.995410442,5.391342163,5.286815166,7.551696301,5.363564491,7.633099079,5.342370510,6.001532078,5.391342163,7.830712318]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14833,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289718346936,"flow_src_last_pkt_time":1605289718346936,"flow_dst_last_pkt_time":1605289718346936,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289718346936,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14833,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1605289718346936,"flow_dst_last_pkt_time":1605289718346936,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289718346936,"pkt":"qtsDr8lk5EKm5WPyht1gDn7LACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3mwBu1MbKQQ2nwhTgBBf5ZGnAAABAQgKdGByysK4e5A="}
-00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14834,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289718347032,"flow_src_last_pkt_time":1605289718347032,"flow_dst_last_pkt_time":1605289718347032,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289718347032,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14834,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1605289718347032,"flow_dst_last_pkt_time":1605289718347032,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289718347032,"pkt":"qtsDr8lk5EKm5WPyht1gAqmhACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyRABu5dQgwPxqZaUgBAHqUTfAAABAQgKOIhalcK4e5A="}
-00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14835,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289718347050,"flow_src_last_pkt_time":1605289718347050,"flow_dst_last_pkt_time":1605289718347050,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289718347050,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14835,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1605289718347050,"flow_dst_last_pkt_time":1605289718347050,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289718347050,"pkt":"qtsDr8lk5EKm5WPyht1gA2s5ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1CQBu69kJZnLb6S2gBAFvhEdAAABAQgKcHSqtcK4e5A="}
-00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14836,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289718347065,"flow_src_last_pkt_time":1605289718347065,"flow_dst_last_pkt_time":1605289718347065,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289718347065,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14836,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1605289718347065,"flow_dst_last_pkt_time":1605289718347065,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289718347065,"pkt":"qtsDr8lk5EKm5WPyht1gAtTRACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACAK3yoBu80FVZetwjn1gBAB9Q24AAABAQgKVxL7HMK4e4A="}
-00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14837,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1605289718346936,"flow_dst_last_pkt_time":1605289718372054,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289718372054,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAByAqAcsBIEmLB5kd7IUo3\/YpAbvebDafCFNTGykFgBALfUzsAAABAQgKwrkyWnReVSQ="}
-00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14838,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1605289718347065,"flow_dst_last_pkt_time":1605289718378827,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289718378827,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgMAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbvfKq3COfXNBVWYgBALvWWfAAABAQgKwrkyYVcQ4ow="}
-00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14839,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1605289718347032,"flow_dst_last_pkt_time":1605289718378828,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289718378828,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvJEPGplpSXUIMEgBALh6bdAAABAQgKwrkyYTiGPeg="}
-00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14840,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1605289718347050,"flow_dst_last_pkt_time":1605289718378828,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289718378828,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvUJMtvpLavZCWagBAL1W6tAAABAQgKwrkyYnBykDw="}
-00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14887,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289720502835,"flow_src_last_pkt_time":1605289720502835,"flow_dst_last_pkt_time":1605289720502835,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289720502835,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14887,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1605289720502835,"flow_dst_last_pkt_time":1605289720502835,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289720502835,"pkt":"qtsDr8lk5EKm5WPyht1gDE+lACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElgIBuwZ3AS1n9K5wgBAD7qJGAAABAQgK1mI428K4iuQ="}
-00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14888,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1605289720502835,"flow_dst_last_pkt_time":1605289720592524,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289720592524,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWAmf0rnAGdwEugBAMdPzqAAABAQgKwrk63tZgJbc="}
-00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14889,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289722442860,"flow_src_last_pkt_time":1605289722442860,"flow_dst_last_pkt_time":1605289722442860,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289722442860,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14889,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1605289722442860,"flow_dst_last_pkt_time":1605289722442860,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289722442860,"pkt":"qtsDr8lk5EKm5WPyht1gCa8jACAGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt0YBu4XaMRXguiMogBAB9ZuaAAABAQgKldeDu8K4iwE="}
-00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14890,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289722610839,"flow_src_last_pkt_time":1605289722610839,"flow_dst_last_pkt_time":1605289722610839,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289722610839,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14890,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1605289722610839,"flow_dst_last_pkt_time":1605289722610839,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289722610839,"pkt":"qtsDr8lk5EKm5WPyht1gDvD\/ACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElgYBu\/ADYY+SLdnAgBBf+pZ\/AAABAQgK1mJBF8K4kuY="}
-00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14891,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1605289722442860,"flow_dst_last_pkt_time":1605289722621701,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289722621701,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYAGQEAAHoLAAAAAAAAAAAqAcsBIEmLB5kd7IUo3\/YpAbu3RuC6IyiF2jEWgBAM4PFAAAABAQgKwrlC85XVazg="}
-00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14892,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1605289722610839,"flow_dst_last_pkt_time":1605289722642415,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289722642415,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWBpIt2cDwA2GQgBAQS035AAABAQgKwrlDCNZgKSs="}
-00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14986,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289726574867,"flow_src_last_pkt_time":1605289726574867,"flow_dst_last_pkt_time":1605289726574867,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289726574867,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14986,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1605289726574867,"flow_dst_last_pkt_time":1605289726574867,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289726574867,"pkt":"qtsDr8lk5EKm5WPyht1gD7DqACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyPYBuy7xct5PemhygBASWTvxAAABAQgKOIh6ucK4opo="}
-00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14987,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289726582828,"flow_src_last_pkt_time":1605289726582828,"flow_dst_last_pkt_time":1605289726582828,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289726582828,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14987,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1605289726582828,"flow_dst_last_pkt_time":1605289726582828,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289726582828,"pkt":"qtsDr8lk5EKm5WPyht1gBy5HACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKukIBu0Ah3sUn+OyVgBAB9Rf+AAABAQgKqS9zVcK4oqI="}
-00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14988,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1605289726574867,"flow_dst_last_pkt_time":1605289726621964,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289726621964,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvI9k96aHIu8XLfgBAL06eYAAABAQgKwrlSlDiGZZ4="}
-00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14989,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1605289726582828,"flow_dst_last_pkt_time":1605289726637788,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289726637788,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbu6Qif47JVAId7GgBALvHMdAAABAQgKwrlSpKktXm0="}
-00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14990,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289728586958,"flow_src_last_pkt_time":1605289728586958,"flow_dst_last_pkt_time":1605289728586958,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289728586958,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14990,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1605289728586958,"flow_dst_last_pkt_time":1605289728586958,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289728586958,"pkt":"qtsDr8lk5EKm5WPyht1gDHlsACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACADvvoBu4vV8Grv31OMgBACdmBfAAABAQgK5dFc6cK4oqI="}
-00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14991,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289728586992,"flow_src_last_pkt_time":1605289728586992,"flow_dst_last_pkt_time":1605289728586992,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289728586992,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14991,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1605289728586992,"flow_dst_last_pkt_time":1605289728586992,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289728586992,"pkt":"qtsDr8lk5EKm5WPyht1gCU2wACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnnABu1oBJQ4\/rrWNgBAQLrKDAAABAQgKyRWFssK4oqI="}
-00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14992,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1605289728586958,"flow_dst_last_pkt_time":1605289728804207,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289728804207,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgVAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu++u\/fU4yL1fBrgBALkLtnAAABAQgKwrla3eXPQIw="}
-00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14993,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1605289728586992,"flow_dst_last_pkt_time":1605289728804556,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289728804556,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbuecD+utY1aASUPgBAZXAuxAAABAQgKwrla48kTaxY="}
-00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15567,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289732959160,"flow_dst_last_pkt_time":1605289732959160,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289732959160,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15567,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1605289732959160,"flow_dst_last_pkt_time":1605289732959160,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289732959160,"pkt":"qtsDr8lk5EKm5WPyht1gBE+4ACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElpIBuyNNp7gAAAAAoAL9IOnRAAACBAWgBAIICtZiaYQAAAAAAQMDBw=="}
-00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15691,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289732972740,"flow_src_last_pkt_time":1605289732972740,"flow_dst_last_pkt_time":1605289732972740,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289732972740,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15691,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1605289732972740,"flow_dst_last_pkt_time":1605289732972740,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289732972740,"pkt":"qtsDr8lk5EKm5WPyht1gD7s\/ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsEYBuwu8HIoAAAAAoAL9IMybAAACBAWgBAIIClhuYDIAAAAAAQMDBw=="}
-00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15845,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1605289732959160,"flow_dst_last_pkt_time":1605289733005669,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289733005669,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWkkELYhojTae5oBJXgL46AAACBAV4AQMDAwQCCArCuWtz1mJphA=="}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15850,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1605289733005713,"flow_dst_last_pkt_time":1605289733005669,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289733005713,"pkt":"qtsDr8lk5EKm5WPyht1gBE+4ACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElpIBuyNNp7lBC2IbgBAB+0IeAAABAQgK1mJpssK5a3M="}
-01233{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15854,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1605289733006105,"flow_dst_last_pkt_time":1605289733005669,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289733006105,"pkt":"qtsDr8lk5EKm5WPyht1gBE+4AiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElpIBuyNNp7lBC2IbgBgB+9rPAAABAQgK1mJps8K5a3MWAwECAAEAAfwDA+FylCmx+RqDY+2Dyo1rIa8zFwFxgekrVpZ57dzQTQpcIGR5x9GwiLhejRSyDSJCULhaEPuWcuSSd\/4qtnhsMGhMACAqKhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOKigAAAAAAGQAXAAAUYXNzZXRzLnBpbnRlcmVzdC5jb20AFwAA\/wEAAQAACgAKAAiKigAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKYqKAAEAAB0AIL6rS5lo+mbnIbk9M9oSvrL6u11X7ZgUutxoF0rBS5t\/AC0AAgEBACsACwpqagMEAwMDAgMBABsAAwIAApqaAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15854,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289733006105,"flow_dst_last_pkt_time":1605289733005669,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289733006105,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"assets.pinterest.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15960,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1605289732972740,"flow_dst_last_pkt_time":1605289733019634,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289733019634,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgKAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbuwRmgG99MLvByLoBJXgOQ\/AAACBAV4AQMDAwQCCArCuWuDWG5gMg=="}
-00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15964,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_src_last_pkt_time":1605289733019649,"flow_dst_last_pkt_time":1605289733019634,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289733019649,"pkt":"qtsDr8lk5EKm5WPyht1gD7s\/ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsEYBuwu8HItoBvfUgBAB+2giAAABAQgKWG5gYcK5a4M="}
-01233{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15967,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1605289733019850,"flow_dst_last_pkt_time":1605289733019634,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289733019850,"pkt":"qtsDr8lk5EKm5WPyht1gD7s\/AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsEYBuwu8HItoBvfUgBgB+1dmAAABAQgKWG5gYcK5a4MWAwECAAEAAfwDA\/e7AWI4IOqe24e3Dy8GtjgX\/HGd3ql+YvtlwSVKxHHMIG0UA7UP8cWM1+OIpoJabPxwYFuj3vVPyVClxgciYoq4ACAqKhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZM6OgAAAAAAHQAbAAAYd3d3Lmdvb2dsZS1hbmFseXRpY3MuY29tABcAAP8BAAEAAAoACgAISkoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClKSgABAAAdACB3ZVhMGdknHjr8mYsq4A0iDM3P9MVWSPmKERKJV0rOKQAtAAIBAQArAAsKuroDBAMDAwIDAQAbAAMCAAL6+gABAAAVAMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15967,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289732972740,"flow_src_last_pkt_time":1605289733019850,"flow_dst_last_pkt_time":1605289733019634,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289733019850,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16175,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1605289733006105,"flow_dst_last_pkt_time":1605289733055452,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289733055452,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWkkELYhsjTam+gBALMDa6AAABAQgKwrlrnNZiabM="}
-01301{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16214,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289733006105,"flow_dst_last_pkt_time":1605289733059043,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289733059043,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"assets.pinterest.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-03081{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16230,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289733059060,"flow_dst_last_pkt_time":1605289733060311,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289733060311,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"assets.pinterest.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}}
-00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16374,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1605289733019850,"flow_dst_last_pkt_time":1605289733131664,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289733131664,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbuwRmgG99QLvB6QgBALMFy2AAABAQgKwrlrtVhuYGE="}
-01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16506,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289732972740,"flow_src_last_pkt_time":1605289733019850,"flow_dst_last_pkt_time":1605289733177092,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289733177092,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-02166{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":16731,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605289732972740,"flow_src_last_pkt_time":1605289733216831,"flow_dst_last_pkt_time":1605289733216812,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":969,"flow_dst_tot_l4_payload_len":9927,"midstream":0,"thread_ts_usec":1605289733216831,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":15747.2,"max":157269,"stddev":35268.1,"var":1243837184.0,"ent":2.7,"data": [46894,46909,201,112030,45428,0,2,157269,9,5,2935,270,2964,37660,1,0,1100,1,0,32562,12,3,631,955,1,0,0,308,7,3,3]},"pktlen": {"min":72,"avg":413.0,"max":1280,"stddev":486.7,"var":236885.8,"ent":4.1,"data": [80,80,72,589,72,1280,1280,549,72,72,72,136,164,337,72,72,72,652,486,1280,72,72,72,103,1280,1280,1280,1280,72,72,72,72]},"bins": {"c_to_s": [13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0],"entropies": [4.855388165,5.286173344,5.149313450,4.600729942,5.080059052,7.797164440,7.832664490,7.507453918,5.138828754,5.081305504,5.166606903,6.092433929,6.575641632,7.259848118,5.043183804,5.097352505,5.052281380,7.626473904,7.461633682,7.832756042,5.149313450,5.132019997,5.083273411,5.775549889,7.833918095,7.851273537,7.839205742,7.857754707,5.121535778,5.177091122,5.111051083,5.177091122]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
-01968{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":17210,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289733287022,"flow_dst_last_pkt_time":1605289733341107,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1151,"flow_dst_tot_l4_payload_len":10308,"midstream":0,"thread_ts_usec":1605289733341107,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":22897.1,"max":135965,"stddev":39614.3,"var":1569289984.0,"ent":3.2,"data": [46509,46553,392,49783,3591,0,52945,10,1267,1,1272,3,2358,266,496,109019,0,0,1,0,1,105909,5,6,6499,35807,111148,135965,1,2,0]},"pktlen": {"min":72,"avg":430.6,"max":1460,"stddev":544.3,"var":296293.8,"ent":4.0,"data": [80,80,72,589,72,1460,1460,72,72,1460,1230,72,72,165,171,338,72,72,330,138,72,570,72,72,72,110,72,210,72,1460,1460,1460]},"bins": {"c_to_s": [9,1,1,1,1,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,6,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,0,1,1,1,1],"entropies": [4.684510231,5.128057957,5.091930866,4.525407314,4.980900764,6.391155720,5.165083408,5.175263882,5.175263882,7.346390247,7.633969307,5.175263882,5.109223843,6.098253250,6.329233170,7.209453583,5.008678436,4.970416069,7.086939812,6.058278084,4.925345421,7.519527912,5.175263882,5.147486210,5.175263882,5.594966412,4.980900764,6.689027309,4.980900764,7.853739262,7.845409870,7.847467899]}}
-03085{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":17210,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289733287022,"flow_dst_last_pkt_time":1605289733341107,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1151,"flow_dst_tot_l4_payload_len":10308,"midstream":0,"thread_ts_usec":1605289733341107,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"assets.pinterest.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}}
-00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17592,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733399863,"flow_dst_last_pkt_time":1605289733399863,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289733399863,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17592,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1605289733399863,"flow_dst_last_pkt_time":1605289733399863,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289733399863,"pkt":"qtsDr8lk5EKm5WPyht1gBe6sACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXpunLIBuwBxlgkAAAAAoAL9IKzvAAACBAWgBAIICsW6TI0AAAAAAQMDBw=="}
-00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17595,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1605289733399863,"flow_dst_last_pkt_time":1605289733420828,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289733420828,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdlem4qAcsBIEmLB5kd7IUo3\/YpAbucsmOjoioAcZYKoBJXgB0AAAACBAV4AQMDAwQCCArCuW0jxbpMjQ=="}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17596,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_src_last_pkt_time":1605289733420877,"flow_dst_last_pkt_time":1605289733420828,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289733420877,"pkt":"qtsDr8lk5EKm5WPyht1gBe6sACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXpunLIBuwBxlgpjo6IrgBAB+6D8AAABAQgKxbpMosK5bSM="}
-01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17597,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1605289733421383,"flow_dst_last_pkt_time":1605289733420828,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289733421383,"pkt":"qtsDr8lk5EKm5WPyht1gBe6sAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXpunLIBuwBxlgpjo6IrgBgB+675AAABAQgKxbpMo8K5bSMWAwECAAEAAfwDA7uZ92OCVBC1xHN5t0YDziRYjgNrfeva8SX+HQQ5ROpDIGM8p3TwGS60madRKYlLsuurfXOUOAhO6IRjgC5z9cQPACCamhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAGgAYAAAVanMtYWdlbnQubmV3cmVsaWMuY29tABcAAP8BAAEAAAoACgAIqqoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmqqgABAAAdACDbqzY6q3LDK4eXjQESdTDrPCFqSpzdCjXjZG6IpYhacgAtAAIBAQArAAsKmpoDBAMDAwIDAQAbAAMCAAL6+gABAAAVAMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01198{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17597,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733421383,"flow_dst_last_pkt_time":1605289733420828,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289733421383,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"js-agent.newrelic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17599,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1605289733421383,"flow_dst_last_pkt_time":1605289733457928,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289733457928,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdlem4qAcsBIEmLB5kd7IUo3\/YpAbucsmOjoisAcZgPgBALMJWdAAABAQgKwrltR8W6TKM="}
-01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":17600,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733421383,"flow_dst_last_pkt_time":1605289733466833,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605289733466833,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"js-agent.newrelic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-03145{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":17606,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733466898,"flow_dst_last_pkt_time":1605289733468841,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5240,"midstream":0,"thread_ts_usec":1605289733468841,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":1,"category":"Media","hostname":"js-agent.newrelic.com","tls": {"version":"TLSv1.2","server_names":"f4.shared.global.fastly.net,*.500px.com,*.500px.net,*.500px.org,*.acceptance.habitat.sh,*.api.swiftype.com,*.art19.com,*.brave.com,*.chef.co,*.chef.io,*.cookpad.com,*.evbstatic.com,*.eventbrite.com,*.experiencepoint.com,*.fs.pastbook.com,*.fs.quploads.com,*.ftcdn.net,*.fubo.tv,*.getchef.com,*.githash.fubo.tv,*.habitat.sh,*.inspec.io,*.issuu.com,*.isu.pub,*.jimdo-dev-staging.com,*.jimdo-stable-staging.com,*.lulus.com,*.mansion-market.com,*.marfeel.com,*.massrel.io,*.meetu.ps,*.meetup.com,*.meetupstatic.com,*.newrelic.com,*.opscode.com,*.perimeterx.net,*.production.cdn.art19.com,*.staging.art19.com,*.staging.cdn.art19.com,*.swiftype.com,*.tissuu.com,*.video.franklyinc.com,*.wikihow.com,*.worldnow.com,500px.com,500px.net,500px.org,a1.awin1.com,acceptance.habitat.sh,api.swiftype.com,app.birchbox.com,app.staging.birchbox.com,app.staging.birchbox.es,art19.com,brave.com,cdn-f.adsmoloco.com,cdn.evbuc.com,cdn.polyfills.io,chef.co,chef.io,content.gamefuel.info,evbuc.com,experiencepoint.com,fast.appcues.com,fast.wistia.com,fast.wistia.net,fast.wistia.st,fubo.tv,getchef.com,githash.fubo.tv,habitat.sh,hbbtv.6play.fr,houstontexans.com,insight.atpi.com,inspec.io,jimdo-dev-staging.com,jimdo-stable-staging.com,link.sg.booking.com,mansion-market.com,media.bunited.com,meetu.ps,meetup.com,meetupstatic.com,onairhls.malimarcdn.net,opscode.com,perimeterx.net,polyfill.webservices.ft.com,qa.polyfills.io,raiders.com,s.sg.booking.com,s.swiftypecdn.com,static.birchbox.com,swiftype.com,viverepiusani.it,wikihow.com,wistia.com,www.dwin2.com,www.houstontexans.com,www.raiders.com,www.wada-ama.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f4.shared.global.fastly.net","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"BE:28:82:77:5B:06:41:1F:70:84:BD:A4:B9:FB:F0:BC:B1:B5:E3:A0"}}}
-01964{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":17626,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733500742,"flow_dst_last_pkt_time":1605289733511200,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":8749,"midstream":0,"thread_ts_usec":1605289733511200,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":6845.7,"max":45476,"stddev":12150.2,"var":147627232.0,"ent":3.2,"data": [20965,21014,506,37100,8905,1,45476,39,2004,2,1,1,1959,29,12,7,90,33,7803,454,394,31006,1,387,1,22756,38,359,8296,2575,2]},"pktlen": {"min":72,"avg":377.7,"max":1120,"stddev":441.2,"var":194656.5,"ent":4.1,"data": [80,80,72,589,72,1120,1120,72,72,1120,1120,1120,1120,72,72,72,72,113,72,165,171,342,72,72,330,138,72,72,110,72,1120,1120]},"bins": {"c_to_s": [11,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,0,0,0,1,1,1],"entropies": [4.809510231,5.143908501,5.203041553,4.540377140,5.064233780,6.870509624,5.058271885,5.230819225,5.230819225,6.720662117,7.193079948,7.346520901,7.621092319,5.230819225,5.137001038,5.203041553,5.175263882,5.649272442,5.175263405,6.019917488,6.380431175,7.094295502,5.064233780,5.064233780,7.049797535,6.150704861,5.203041077,5.203041553,5.667691708,5.008678436,7.799199581,7.796170235]}}
-03148{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":17626,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733500742,"flow_dst_last_pkt_time":1605289733511200,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":8749,"midstream":0,"thread_ts_usec":1605289733511200,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":1,"category":"Media","hostname":"js-agent.newrelic.com","tls": {"version":"TLSv1.2","server_names":"f4.shared.global.fastly.net,*.500px.com,*.500px.net,*.500px.org,*.acceptance.habitat.sh,*.api.swiftype.com,*.art19.com,*.brave.com,*.chef.co,*.chef.io,*.cookpad.com,*.evbstatic.com,*.eventbrite.com,*.experiencepoint.com,*.fs.pastbook.com,*.fs.quploads.com,*.ftcdn.net,*.fubo.tv,*.getchef.com,*.githash.fubo.tv,*.habitat.sh,*.inspec.io,*.issuu.com,*.isu.pub,*.jimdo-dev-staging.com,*.jimdo-stable-staging.com,*.lulus.com,*.mansion-market.com,*.marfeel.com,*.massrel.io,*.meetu.ps,*.meetup.com,*.meetupstatic.com,*.newrelic.com,*.opscode.com,*.perimeterx.net,*.production.cdn.art19.com,*.staging.art19.com,*.staging.cdn.art19.com,*.swiftype.com,*.tissuu.com,*.video.franklyinc.com,*.wikihow.com,*.worldnow.com,500px.com,500px.net,500px.org,a1.awin1.com,acceptance.habitat.sh,api.swiftype.com,app.birchbox.com,app.staging.birchbox.com,app.staging.birchbox.es,art19.com,brave.com,cdn-f.adsmoloco.com,cdn.evbuc.com,cdn.polyfills.io,chef.co,chef.io,content.gamefuel.info,evbuc.com,experiencepoint.com,fast.appcues.com,fast.wistia.com,fast.wistia.net,fast.wistia.st,fubo.tv,getchef.com,githash.fubo.tv,habitat.sh,hbbtv.6play.fr,houstontexans.com,insight.atpi.com,inspec.io,jimdo-dev-staging.com,jimdo-stable-staging.com,link.sg.booking.com,mansion-market.com,media.bunited.com,meetu.ps,meetup.com,meetupstatic.com,onairhls.malimarcdn.net,opscode.com,perimeterx.net,polyfill.webservices.ft.com,qa.polyfills.io,raiders.com,s.sg.booking.com,s.swiftypecdn.com,static.birchbox.com,swiftype.com,viverepiusani.it,wikihow.com,wistia.com,www.dwin2.com,www.houstontexans.com,www.raiders.com,www.wada-ama.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f4.shared.global.fastly.net","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"BE:28:82:77:5B:06:41:1F:70:84:BD:A4:B9:FB:F0:BC:B1:B5:E3:A0"}}}
-00942{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289712203025,"flow_src_last_pkt_time":1605289712203025,"flow_dst_last_pkt_time":1605289712420176,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:807::200a","src_port":40876,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289712203025,"flow_src_last_pkt_time":1605289712203025,"flow_dst_last_pkt_time":1605289712420176,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:807::200a","src_port":40876,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":21,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289715028550,"flow_dst_last_pkt_time":1605289715083530,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1817,"flow_dst_tot_l4_payload_len":6047,"midstream":0,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":52,"flow_dst_packets_processed":74,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289731068178,"flow_dst_last_pkt_time":1605289731068352,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2450,"flow_src_tot_l4_payload_len":1960,"flow_dst_tot_l4_payload_len":47763,"midstream":0,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":35,"flow_first_seen":1605289732972740,"flow_src_last_pkt_time":1605289733369116,"flow_dst_last_pkt_time":1605289733399291,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1420,"flow_dst_tot_l4_payload_len":23429,"midstream":0,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
-00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":26,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733513603,"flow_dst_last_pkt_time":1605289733529878,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":17914,"midstream":0,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":1,"category":"Media"}}
-00943{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289726574867,"flow_src_last_pkt_time":1605289726574867,"flow_dst_last_pkt_time":1605289726621964,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289726574867,"flow_src_last_pkt_time":1605289726574867,"flow_dst_last_pkt_time":1605289726621964,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00943{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347032,"flow_src_last_pkt_time":1605289718347032,"flow_dst_last_pkt_time":1605289718378828,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347032,"flow_src_last_pkt_time":1605289718347032,"flow_dst_last_pkt_time":1605289718378828,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":78,"flow_dst_packets_processed":146,"flow_first_seen":1605289715133578,"flow_src_last_pkt_time":1605289716095989,"flow_dst_last_pkt_time":1605289716126540,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":31408,"flow_src_tot_l4_payload_len":1542,"flow_dst_tot_l4_payload_len":304543,"midstream":0,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289720502835,"flow_src_last_pkt_time":1605289720502835,"flow_dst_last_pkt_time":1605289720592524,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289720502835,"flow_src_last_pkt_time":1605289720502835,"flow_dst_last_pkt_time":1605289720592524,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289722610839,"flow_src_last_pkt_time":1605289722610839,"flow_dst_last_pkt_time":1605289722642415,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289722610839,"flow_src_last_pkt_time":1605289722610839,"flow_dst_last_pkt_time":1605289722642415,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":33,"flow_first_seen":1605289716168715,"flow_src_last_pkt_time":1605289716200922,"flow_dst_last_pkt_time":1605289716373420,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":31865,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00943{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289726582828,"flow_src_last_pkt_time":1605289726582828,"flow_dst_last_pkt_time":1605289726637788,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289726582828,"flow_src_last_pkt_time":1605289726582828,"flow_dst_last_pkt_time":1605289726637788,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":43,"flow_first_seen":1605289715274358,"flow_src_last_pkt_time":1605289715612656,"flow_dst_last_pkt_time":1605289715612650,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":12420,"flow_src_tot_l4_payload_len":1347,"flow_dst_tot_l4_payload_len":65670,"midstream":0,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718346936,"flow_src_last_pkt_time":1605289718346936,"flow_dst_last_pkt_time":1605289718372054,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00791{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718346936,"flow_src_last_pkt_time":1605289718346936,"flow_dst_last_pkt_time":1605289718372054,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2091,"flow_dst_packets_processed":10687,"flow_first_seen":1605289714142423,"flow_src_last_pkt_time":1605289717307557,"flow_dst_last_pkt_time":1605289717307514,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":65236,"flow_src_tot_l4_payload_len":19375,"flow_dst_tot_l4_payload_len":20119016,"midstream":0,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1605289714142533,"flow_src_last_pkt_time":1605289714258503,"flow_dst_last_pkt_time":1605289714258482,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1605289714142600,"flow_src_last_pkt_time":1605289714259836,"flow_dst_last_pkt_time":1605289714259806,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1605289714142665,"flow_src_last_pkt_time":1605289714258112,"flow_dst_last_pkt_time":1605289714258039,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1605289714142728,"flow_src_last_pkt_time":1605289714258540,"flow_dst_last_pkt_time":1605289714258483,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1605289714142790,"flow_src_last_pkt_time":1605289714259884,"flow_dst_last_pkt_time":1605289714259808,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":29,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289733342911,"flow_dst_last_pkt_time":1605289733342856,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1151,"flow_dst_tot_l4_payload_len":25827,"midstream":0,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":30,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289733369025,"flow_dst_last_pkt_time":1605289733391818,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1665,"flow_dst_tot_l4_payload_len":4693,"midstream":0,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":372,"flow_dst_packets_processed":436,"flow_first_seen":1605289714782619,"flow_src_last_pkt_time":1605289715303259,"flow_dst_last_pkt_time":1605289715303255,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":16656,"flow_src_tot_l4_payload_len":1115,"flow_dst_tot_l4_payload_len":1780521,"midstream":0,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":1,"category":"Media"}}
-00937{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289714251006,"flow_src_last_pkt_time":1605289714251006,"flow_dst_last_pkt_time":1605289714288932,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:13e2","src_port":34626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00792{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289714251006,"flow_src_last_pkt_time":1605289714251006,"flow_dst_last_pkt_time":1605289714288932,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:13e2","src_port":34626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00943{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347050,"flow_src_last_pkt_time":1605289718347050,"flow_dst_last_pkt_time":1605289718378828,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347050,"flow_src_last_pkt_time":1605289718347050,"flow_dst_last_pkt_time":1605289718378828,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":76,"flow_first_seen":1605289715221747,"flow_src_last_pkt_time":1605289715710408,"flow_dst_last_pkt_time":1605289715740902,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":16912,"flow_src_tot_l4_payload_len":1197,"flow_dst_tot_l4_payload_len":131805,"midstream":0,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00937{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289714250965,"flow_src_last_pkt_time":1605289714250965,"flow_dst_last_pkt_time":1605289714281312,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00792{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289714250965,"flow_src_last_pkt_time":1605289714250965,"flow_dst_last_pkt_time":1605289714281312,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289710318889,"flow_src_last_pkt_time":1605289710318889,"flow_dst_last_pkt_time":1605289710576735,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00791{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289710318889,"flow_src_last_pkt_time":1605289710318889,"flow_dst_last_pkt_time":1605289710576735,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00943{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289714250997,"flow_src_last_pkt_time":1605289714250997,"flow_dst_last_pkt_time":1605289714288930,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289714250997,"flow_src_last_pkt_time":1605289714250997,"flow_dst_last_pkt_time":1605289714288930,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":73,"flow_dst_packets_processed":98,"flow_first_seen":1605289715782853,"flow_src_last_pkt_time":1605289724655124,"flow_dst_last_pkt_time":1605289724655056,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":599,"flow_dst_max_l4_payload_len":12420,"flow_src_tot_l4_payload_len":3465,"flow_dst_tot_l4_payload_len":146662,"midstream":0,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":914,"flow_dst_packets_processed":1890,"flow_first_seen":1605289713743557,"flow_src_last_pkt_time":1605289734948586,"flow_dst_last_pkt_time":1605289734948542,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":13624,"flow_src_tot_l4_payload_len":65906,"flow_dst_tot_l4_payload_len":3605809,"midstream":0,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714873042,"flow_dst_last_pkt_time":1605289714873010,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1043,"flow_dst_tot_l4_payload_len":6264,"midstream":0,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00943{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289728586992,"flow_src_last_pkt_time":1605289728586992,"flow_dst_last_pkt_time":1605289728804556,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289728586992,"flow_src_last_pkt_time":1605289728586992,"flow_dst_last_pkt_time":1605289728804556,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":64,"flow_first_seen":1605289714590794,"flow_src_last_pkt_time":1605289716450552,"flow_dst_last_pkt_time":1605289716476438,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":7739,"flow_dst_tot_l4_payload_len":31241,"midstream":0,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00943{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289728586958,"flow_src_last_pkt_time":1605289728586958,"flow_dst_last_pkt_time":1605289728804207,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289728586958,"flow_src_last_pkt_time":1605289728586958,"flow_dst_last_pkt_time":1605289728804207,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00943{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347065,"flow_src_last_pkt_time":1605289718347065,"flow_dst_last_pkt_time":1605289718378827,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347065,"flow_src_last_pkt_time":1605289718347065,"flow_dst_last_pkt_time":1605289718378827,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289722442860,"flow_src_last_pkt_time":1605289722442860,"flow_dst_last_pkt_time":1605289722621701,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00791{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289722442860,"flow_src_last_pkt_time":1605289722442860,"flow_dst_last_pkt_time":1605289722621701,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289734948586,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00580{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","packets-captured":17657,"packets-processed":17657,"total-skipped-flows":0,"total-l4-payload-len":26490343,"total-not-detected-flows":0,"total-guessed-flows":16,"total-detected-flows":21,"total-detection-updates":36,"total-updates":0,"current-active-flows":0,"total-active-flows":37,"total-idle-flows":37,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":303,"global_ts_usec":1605289734948586}
+00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714142423,"flow_src_last_pkt_time":1605289714142423,"flow_dst_last_pkt_time":1605289714142423,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714142423,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714142423,"flow_dst_last_pkt_time":1605289714142423,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714142423,"pkt":"qtsDr8lk5EKm5WPyht1gBvDPACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnABu5Qp1R0AAAAAoAL9IJUzAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="}
+00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714142533,"flow_src_last_pkt_time":1605289714142533,"flow_dst_last_pkt_time":1605289714142533,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714142533,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714142533,"flow_dst_last_pkt_time":1605289714142533,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714142533,"pkt":"qtsDr8lk5EKm5WPyht1gAzjWACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnIBu3hJrMAAAAAAoAL9INluAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="}
+00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714142600,"flow_src_last_pkt_time":1605289714142600,"flow_dst_last_pkt_time":1605289714142600,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714142600,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714142600,"flow_dst_last_pkt_time":1605289714142600,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714142600,"pkt":"qtsDr8lk5EKm5WPyht1gDFiUACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnQBu8NFBoQAAAAAoAL9IDStAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="}
+00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714142665,"flow_src_last_pkt_time":1605289714142665,"flow_dst_last_pkt_time":1605289714142665,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714142665,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714142665,"flow_dst_last_pkt_time":1605289714142665,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714142665,"pkt":"qtsDr8lk5EKm5WPyht1gC2HAACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnYBu\/iHMGkAAAAAoAL9INWDAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="}
+00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714142728,"flow_src_last_pkt_time":1605289714142728,"flow_dst_last_pkt_time":1605289714142728,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714142728,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714142728,"flow_dst_last_pkt_time":1605289714142728,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714142728,"pkt":"qtsDr8lk5EKm5WPyht1gAI0zACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElngBu4oDE2UAAAAAoAL9IGEKAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="}
+00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714142790,"flow_src_last_pkt_time":1605289714142790,"flow_dst_last_pkt_time":1605289714142790,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714142790,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714142790,"flow_dst_last_pkt_time":1605289714142790,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714142790,"pkt":"qtsDr8lk5EKm5WPyht1gAoQZACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnoBuzJfNsQAAAAAoAL9IJVNAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714142423,"flow_dst_last_pkt_time":1605289714171633,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714171633,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWcPSVr2OUKdUeoBJXgLJJAAACBAV4AQMDAwQCCArCuSHy1mIgAw=="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714171727,"flow_dst_last_pkt_time":1605289714171633,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714171727,"pkt":"qtsDr8lk5EKm5WPyht1gBvDPACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnABu5Qp1R70la9kgBAB+zY+AAABAQgK1mIgIMK5IfI="}
+01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714172188,"flow_dst_last_pkt_time":1605289714171633,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714172188,"pkt":"qtsDr8lk5EKm5WPyht1gBvDPAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnABu5Qp1R70la9kgBgB+45nAAABAQgK1mIgIcK5IfIWAwECAAEAAfwDA8cIoCYavuvJ3cclYGmTzcO5vcPxdaWmTmcHbVFGmXkWIAQE24FGTaHp\/I8\/xYwpdYoJEv3RN4\/3JwS5BNqVh3JRACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZM6OgAAAAAAEQAPAAAMcy5waW5pbWcuY29tABcAAP8BAAEAAAoACgAI+voAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACn6+gABAAAdACDSU2T4PnFCVulVq04gCrqMt7ropfQriFF56F3nM1YPWAAtAAIBAQArAAsKSkoDBAMDAwIDAQAbAAMCAAJaWgABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714142423,"flow_src_last_pkt_time":1605289714172188,"flow_dst_last_pkt_time":1605289714171633,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714172188,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714142665,"flow_dst_last_pkt_time":1605289714180048,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714180048,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdpoDqe34hzBqoBJXgFKZAAACBAV4AQMDAwQCCArCuSH71mIgAw=="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714180086,"flow_dst_last_pkt_time":1605289714180048,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714180086,"pkt":"qtsDr8lk5EKm5WPyht1gC2HAACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnYBu\/iHMGqaA6nugBAB+9aEAAABAQgK1mIgKcK5Ifs="}
+01227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714180489,"flow_dst_last_pkt_time":1605289714180048,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714180489,"pkt":"qtsDr8lk5EKm5WPyht1gC2HAAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnYBu\/iHMGqaA6nugBgB+6ckAAABAQgK1mIgKcK5IfsWAwECAAEAAfwDA3otstUONYxJRqel+gxt59VketaZiqmW7lVOabrnGXmhICqghU9krTVUXocj19UIfg+9UNudtwL7W30g9XqDFIVFACCKihMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAEQAPAAAMcy5waW5pbWcuY29tABcAAP8BAAEAAAoACgAImpoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmamgABAAAdACAhW4o44F4ndRfnSItF1Arhn7vovTMKfZIOdsBS0bZaIwAtAAIBAQArAAsKysoDBAMDAwIDAQAbAAMCAAI6OgABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714142665,"flow_src_last_pkt_time":1605289714180489,"flow_dst_last_pkt_time":1605289714180048,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714180489,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714142600,"flow_dst_last_pkt_time":1605289714181434,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714181434,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdKO8RXbDRQaFoBJXgAyCAAACBAV4AQMDAwQCCArCuSH61mIgAw=="}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714142533,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714181435,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWchkTOMV4SazBoBJXgEidAAACBAV4AQMDAwQCCArCuSH71mIgAw=="}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714142790,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714181435,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWelCqgAoyXzbFoBJXgIWfAAACBAV4AQMDAwQCCArCuSH71mIgAw=="}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714142728,"flow_dst_last_pkt_time":1605289714181436,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714181436,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWeOms5zmKAxNmoBJXgFEqAAACBAV4AQMDAwQCCArCuSH71mIgAw=="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714181455,"flow_dst_last_pkt_time":1605289714181434,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714181455,"pkt":"qtsDr8lk5EKm5WPyht1gDFiUACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnQBu8NFBoWjvEV3gBAB+5BsAAABAQgK1mIgKsK5Ifo="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714181468,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714181468,"pkt":"qtsDr8lk5EKm5WPyht1gAzjWACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnIBu3hJrMEZEzjGgBAB+8yHAAABAQgK1mIgKsK5Ifs="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714181475,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714181475,"pkt":"qtsDr8lk5EKm5WPyht1gAoQZACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnoBuzJfNsVQqoALgBAB+wmKAAABAQgK1mIgKsK5Ifs="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714181483,"flow_dst_last_pkt_time":1605289714181436,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714181483,"pkt":"qtsDr8lk5EKm5WPyht1gAI0zACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElngBu4oDE2bprOc6gBAB+9UUAAABAQgK1mIgKsK5Ifs="}
+01226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714181782,"flow_dst_last_pkt_time":1605289714181434,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714181782,"pkt":"qtsDr8lk5EKm5WPyht1gDFiUAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnQBu8NFBoWjvEV3gBgB+wk+AAABAQgK1mIgKsK5IfoWAwECAAEAAfwDA8fZsDKFAYPeeYF9BoVFeH6xWP7zl+Qbpemo8n8iOkAJIO+2XqB5SswaLECoDV+oBWri05ofip0ijOA3Db6nod5MACDq6hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAEQAPAAAMcy5waW5pbWcuY29tABcAAP8BAAEAAAoACgAISkoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClKSgABAAAdACDQ8L+t6qDH4DBUOVwSU+oBURitYqBDp2YLq+UXdAtSdwAtAAIBAQArAAsKqqoDBAMDAwIDAQAbAAMCAALq6gABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714142600,"flow_src_last_pkt_time":1605289714181782,"flow_dst_last_pkt_time":1605289714181434,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714181782,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714182061,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714182061,"pkt":"qtsDr8lk5EKm5WPyht1gAzjWAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnIBu3hJrMEZEzjGgBgB++OVAAABAQgK1mIgKsK5IfsWAwECAAEAAfwDA92mJPo2aL01mOdVhpY2BeYgOuE8GqohhTbswcdXCK82ICwgtJPAcd3QemZipmKndqHXDNRTDLrVR4Gjwi9JNFNLACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAEQAPAAAMcy5waW5pbWcuY29tABcAAP8BAAEAAAoACgAIenoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACl6egABAAAdACBzyp4wXupLNzvb8sABuM2lxM\/IuPo3b96Pd8Zx+nF3SgAtAAIBAQArAAsKOjoDBAMDAwIDAQAbAAMCAAJaWgABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714142533,"flow_src_last_pkt_time":1605289714182061,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714182061,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714182319,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714182319,"pkt":"qtsDr8lk5EKm5WPyht1gAoQZAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnoBuzJfNsVQqoALgBgB+9eLAAABAQgK1mIgK8K5IfsWAwECAAEAAfwDAzRBzSt6OfaWQuGfefwEMKTHqbevEWh0CtAfd3bhvh5GIAWkfBE0ckrIGB0\/YhPYbfnnDbuNbUef6uRX74GQi5ybACC6uhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOamgAAAAAAEQAPAAAMcy5waW5pbWcuY29tABcAAP8BAAEAAAoACgAIKioAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkqKgABAAAdACD9g60FSOGoRydwCiPj9EEgHFxpxy17H17r2OahSqgiPgAtAAIBAQArAAsKysoDBAMDAwIDAQAbAAMCAAJKSgABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714142790,"flow_src_last_pkt_time":1605289714182319,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714182319,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714182602,"flow_dst_last_pkt_time":1605289714181436,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714182602,"pkt":"qtsDr8lk5EKm5WPyht1gAI0zAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElngBu4oDE2bprOc6gBgB+wr6AAABAQgK1mIgK8K5IfsWAwECAAEAAfwDA9ume65XMp2HeShH2kftPGfOVTrng6jVc48Y4obdoCMSICqZyhTW3xviLmKFiyEIbl\/Ph6q3MEMRNQtGI6WLlCCWACCamhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNaWgAAAAAAEQAPAAAMcy5waW5pbWcuY29tABcAAP8BAAEAAAoACgAIiooAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmKigABAAAdACCGaJJ6CznJgq2rWAQeyxX31Vt1ETNV3hVi2p78QO1VKwAtAAIBAQArAAsK6uoDBAMDAwIDAQAbAAMCAAKqqgABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714142728,"flow_src_last_pkt_time":1605289714182602,"flow_dst_last_pkt_time":1605289714181436,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714182602,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714172188,"flow_dst_last_pkt_time":1605289714202238,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714202238,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWcPSVr2SUKdcjgBALMCrlAAABAQgKwrkiENZiICE="}
+01289{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289714142423,"flow_src_last_pkt_time":1605289714172188,"flow_dst_last_pkt_time":1605289714204384,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714204384,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+03069{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1605289714142423,"flow_src_last_pkt_time":1605289714172188,"flow_dst_last_pkt_time":1605289714204387,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289714204387,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714180489,"flow_dst_last_pkt_time":1605289714211103,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714211103,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdpoDqe74hzJvgBALMMstAAABAQgKwrkiGNZiICk="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714181782,"flow_dst_last_pkt_time":1605289714211558,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714211558,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdKO8RXfDRQiKgBALMIUUAAABAQgKwrkiGNZiICo="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714212167,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714212167,"pkt":"qtsDr8lk5EKm5WPyht1gAzjWACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnIBu3hJrsYZEzjGgBEB+8piAAABAQgK1mIgScK5Ifs="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714212373,"flow_dst_last_pkt_time":1605289714181436,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714212373,"pkt":"qtsDr8lk5EKm5WPyht1gAI0zACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElngBu4oDFWvprOc6gBEB+9LvAAABAQgK1mIgScK5Ifs="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714212431,"flow_dst_last_pkt_time":1605289714181435,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714212431,"pkt":"qtsDr8lk5EKm5WPyht1gAoQZACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnoBuzJfOMpQqoALgBEB+wdlAAABAQgK1mIgScK5Ifs="}
+01289{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605289714142665,"flow_src_last_pkt_time":1605289714212316,"flow_dst_last_pkt_time":1605289714229512,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714229512,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+03069{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1605289714142665,"flow_src_last_pkt_time":1605289714212316,"flow_dst_last_pkt_time":1605289714229515,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289714229515,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}}
+01289{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":95,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605289714142600,"flow_src_last_pkt_time":1605289714212253,"flow_dst_last_pkt_time":1605289714229787,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714229787,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01289{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605289714142790,"flow_src_last_pkt_time":1605289714212431,"flow_dst_last_pkt_time":1605289714229788,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714229788,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+03069{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":99,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1605289714142790,"flow_src_last_pkt_time":1605289714212431,"flow_dst_last_pkt_time":1605289714229790,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289714229790,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}}
+01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605289714142533,"flow_src_last_pkt_time":1605289714212167,"flow_dst_last_pkt_time":1605289714229995,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714229995,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+03070{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":110,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1605289714142600,"flow_src_last_pkt_time":1605289714230062,"flow_dst_last_pkt_time":1605289714230365,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289714230365,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}}
+03070{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1605289714142533,"flow_src_last_pkt_time":1605289714230027,"flow_dst_last_pkt_time":1605289714230365,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289714230365,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}}
+01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605289714142728,"flow_src_last_pkt_time":1605289714212373,"flow_dst_last_pkt_time":1605289714230366,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714230366,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+03070{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":115,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1605289714142728,"flow_src_last_pkt_time":1605289714212373,"flow_dst_last_pkt_time":1605289714230369,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289714230369,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"s.pinimg.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}}
+00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714250965,"flow_src_last_pkt_time":1605289714250965,"flow_dst_last_pkt_time":1605289714250965,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289714250965,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714250965,"flow_dst_last_pkt_time":1605289714250965,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714250965,"pkt":"qtsDr8lk5EKm5WPyht1gA+BkACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUgYQBu4mXWd7qkQRvgBAJlouHAAABAQgKz6oyaMK4cmQ="}
+00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714250997,"flow_src_last_pkt_time":1605289714250997,"flow_dst_last_pkt_time":1605289714250997,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289714250997,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714250997,"flow_dst_last_pkt_time":1605289714250997,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714250997,"pkt":"qtsDr8lk5EKm5WPyht1gCIReACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC5WYBu2PBi7kDA7Y3gBAB9bhLAAABAQgKDEf\/5cK4cls="}
+00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714251006,"flow_src_last_pkt_time":1605289714251006,"flow_dst_last_pkt_time":1605289714251006,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289714251006,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:13e2","src_port":34626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714251006,"flow_dst_last_pkt_time":1605289714251006,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714251006,"pkt":"qtsDr8lk5EKm5WPyht1gCQO3ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACs2RPih0IBu\/o5BzSfc9\/MgBAB9chlAAABAQgK4ziLg8K4a4Y="}
+02156{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":154,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1605289714142423,"flow_src_last_pkt_time":1605289714260622,"flow_dst_last_pkt_time":1605289714260607,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":954,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":2837,"flow_dst_tot_l4_payload_len":7034,"midstream":0,"thread_ts_usec":1605289714260622,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7625.3,"max":53871,"stddev":14761.3,"var":217895472.0,"ent":3.0,"data": [29210,29304,461,30605,2146,1,1,1,32223,44,9,7,7205,255,2012,156,139,311,354,53871,1,222,1,43618,1326,1,0,1343,231,798,527]},"pktlen": {"min":72,"avg":381.0,"max":1460,"stddev":486.9,"var":237029.2,"ent":4.1,"data": [80,80,72,589,72,1460,1460,1460,1230,72,72,72,72,165,171,363,383,350,1026,328,72,72,72,330,72,138,72,72,72,110,1460,72]},"bins": {"c_to_s": [9,1,1,1,0,0,0,0,2,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,1,1,1,0,0,1,0],"entropies": [4.621765614,5.087494850,5.064152718,4.449456215,4.904376030,6.379762650,5.172341347,7.343800068,7.630727291,5.109223843,5.043183804,5.081446171,5.109223843,6.011801243,6.221057415,7.200978279,7.082930088,6.925302982,7.362153053,6.891495228,4.942638397,4.914860725,4.942638397,7.062083721,5.109223843,6.069666862,4.887083054,4.970416069,5.109223843,5.576783180,7.859548092,5.109223843]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714250965,"flow_dst_last_pkt_time":1605289714281312,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714281312,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuBhOqRBG+Jl1nfgBAm9NLhAAABAQgKwrkiYM+oHbQ="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714250997,"flow_dst_last_pkt_time":1605289714288930,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714288930,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvlZgMDtjdjwYu6gBAMIRHEAAABAQgKwrkiZwxF7DU="}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714251006,"flow_dst_last_pkt_time":1605289714288932,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714288932,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAKzZE+IqAcsBIEmLB5kd7IUo3\/YpAbuHQp9z38z6OQc1gBALjSOBAAABAQgKwrkiaOM2b+4="}
+00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289714558209,"flow_dst_last_pkt_time":1605289714558209,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714558209,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714558209,"flow_dst_last_pkt_time":1605289714558209,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714558209,"pkt":"qtsDr8lk5EKm5WPyht1gA76\/ACgGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt7gBuycnOX0AAAAAoAL9IDgIAAACBAWgBAIICpXXZO8AAAAAAQMDBw=="}
+00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714558209,"flow_dst_last_pkt_time":1605289714581709,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714581709,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYAGQEAAHoLAAAAAAAAAAAqAcsBIEmLB5kd7IUo3\/YpAbu3uEYmtpAnJzl+oBJXgPrGAAACBAV4AQMDAwQCCArCuSOMlddk7w=="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714581729,"flow_dst_last_pkt_time":1605289714581709,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714581729,"pkt":"qtsDr8lk5EKm5WPyht1gA76\/ACAGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt7gBuycnOX5GJraRgBAB+37BAAABAQgKlddlBsK5I4w="}
+01232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714581951,"flow_dst_last_pkt_time":1605289714581709,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714581951,"pkt":"qtsDr8lk5EKm5WPyht1gA76\/AiUGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt7gBuycnOX5GJraRgBgB++f0AAABAQgKlddlBsK5I4wWAwECAAEAAfwDA7PLbVBgOtGRFhhfXAbYAkw+iamYdzT9SXPsS7L7okIYINk7eET2yUrnprJJWKNt0no0P\/s4mMGITC6JI+53t7c2ACBaWhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPKygAAAAAAGQAXAAAUc2Vzc2lvbnMuYnVnc25hZy5jb20AFwAA\/wEAAQAACgAKAAj6+gAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKfr6AAEAAB0AIEvxzjt0\/5GP3sZor6cdXi69M2D9HpE5Nb1aEh4mkXoQAC0AAgEBACsACwpaWgMEAwMDAgMBABsAAwIAAlpaAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289714581951,"flow_dst_last_pkt_time":1605289714581709,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714581951,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"sessions.bugsnag.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714590794,"flow_src_last_pkt_time":1605289714590794,"flow_dst_last_pkt_time":1605289714590794,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714590794,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714590794,"flow_dst_last_pkt_time":1605289714590794,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714590794,"pkt":"qtsDr8lk5EKm5WPyht1gDTn6ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnvYBu\/7qRGoAAAAAoAL9IGNfAAACBAWgBAIICskVTwYAAAAAAQMDBw=="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714581951,"flow_dst_last_pkt_time":1605289714613987,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714613987,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYAGQEAAHoLAAAAAAAAAAAqAcsBIEmLB5kd7IUo3\/YpAbu3uEYmtpEnJzuDgBALMHNnAAABAQgKwrkjrJXXZQY="}
+01239{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289714581951,"flow_dst_last_pkt_time":1605289714615889,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289714615889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"sessions.bugsnag.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714590794,"flow_dst_last_pkt_time":1605289714616815,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714616815,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbue9py+eGX+6kRroBJXgA2NAAACBAV4AQMDAwQCCArCuSOwyRVPBg=="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714616828,"flow_dst_last_pkt_time":1605289714616815,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714616828,"pkt":"qtsDr8lk5EKm5WPyht1gDTn6ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnvYBu\/7qRGucvnhmgBAB+5GEAAABAQgKyRVPIMK5I7A="}
+01235{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714617005,"flow_dst_last_pkt_time":1605289714616815,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714617005,"pkt":"qtsDr8lk5EKm5WPyht1gDTn6AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnvYBu\/7qRGucvnhmgBgB+6l5AAABAQgKyRVPIMK5I7AWAwECAAEAAfwDA\/Gk\/9Vg1\/Yj6dUUpOb5DX8WmaenXohw9y+Qd4DnqktzIAb2YuarrlKbgL6YLTJZPQe97f1AtvLN8fLaoxVIuyFiACAqKhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZO6ugAAAAAAEwARAAAOd3d3Lmdvb2dsZS5jb20AFwAA\/wEAAQAACgAKAAjq6gAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKerqAAEAAB0AIJML4p8NHh5Io\/9KcRl6BBOqQlWgp4uJ9mxBuu8Y\/4wPAC0AAgEBACsACwrq6gMEAwMDAgMBABsAAwIAAlpaAAEAABUAzgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01212{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714590794,"flow_src_last_pkt_time":1605289714617005,"flow_dst_last_pkt_time":1605289714616815,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714617005,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714617005,"flow_dst_last_pkt_time":1605289714651291,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714651291,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbue9py+eGb+6kZwgBALMIYoAAABAQgKwrkj0skVTyA="}
+00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":190,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714658043,"flow_dst_last_pkt_time":1605289714658043,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714658043,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714658043,"flow_dst_last_pkt_time":1605289714658043,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714658043,"pkt":"qtsDr8lk5EKm5WPyht1gCBesACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDSXwAAAAAoAL9ILsUAAACBAWgBAIICs+qM\/8AAAAAAQMDBw=="}
+01257{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":193,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289714590794,"flow_src_last_pkt_time":1605289714617005,"flow_dst_last_pkt_time":1605289714660765,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289714660765,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714658043,"flow_dst_last_pkt_time":1605289714697878,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714697878,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuCAAsx4c9qQ0l9oBJXgI0UAAACBAV4AQMDAwQCCArCuSQBz6oz\/w=="}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714697936,"flow_dst_last_pkt_time":1605289714697878,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714697936,"pkt":"qtsDr8lk5EKm5WPyht1gCBesACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDSX0LMeHQgBAB+xD+AAABAQgKz6o0J8K5JAE="}
+01232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714698324,"flow_dst_last_pkt_time":1605289714697878,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714698324,"pkt":"qtsDr8lk5EKm5WPyht1gCBesAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDSX0LMeHQgBgB++hnAAABAQgKz6o0KMK5JAEWAwECAAEAAfwDA9jVKfntEh25nXj1BFZE6ZFc6lyzI+CshbYOPn0Jce38IK9kDSD6\/4FSA\/aOBvpuajY1lLZq5tukFPFFFO\/eMmwPACBKShMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAGwAZAAAWYWNjb3VudHMucGludGVyZXN0LmNvbQAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApSkoAAQAAHQAgyukN47oVi6AebwU11bCozo+bX5ZAWB5eRNnx4Nhm1GIALQACAQEAKwALCoqKAwQDAwMCAwEAGwADAgACamoAAQAAFQDGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714698324,"flow_dst_last_pkt_time":1605289714697878,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714698324,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"accounts.pinterest.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+02162{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":227,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605289714590794,"flow_src_last_pkt_time":1605289714712098,"flow_dst_last_pkt_time":1605289714737758,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1066,"flow_dst_tot_l4_payload_len":4645,"midstream":0,"thread_ts_usec":1605289714737758,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8653.8,"max":43788,"stddev":13864.0,"var":192210288.0,"ent":3.4,"data": [26021,26034,177,34476,9474,0,43788,3,51,24,2375,110,130,39176,1,238,310,37117,263,3095,2873,7183,1,0,7144,49,3,681,625,589,26257]},"pktlen": {"min":72,"avg":251.0,"max":1280,"stddev":327.8,"var":107441.1,"ent":4.1,"data": [80,80,72,589,72,1280,1280,72,72,289,72,136,164,395,72,72,72,652,72,103,103,72,493,818,267,72,72,72,111,72,111,72]},"bins": {"c_to_s": [12,1,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,1,1,0,0,0,1,0,0,1],"entropies": [4.845952034,5.276737213,5.243131161,4.473354340,5.090543747,7.802321434,7.843567848,5.288201809,5.260424137,7.108726978,5.260424137,6.180178165,6.552865028,7.368058681,5.107836723,5.135614395,5.097352028,7.652834892,5.232646942,5.827667713,5.769781590,5.232646942,7.502712727,7.757375717,7.029527187,5.232646465,5.260424137,5.288201809,5.925748348,5.260424137,5.889372826,5.107836723]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714698324,"flow_dst_last_pkt_time":1605289714737758,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714737758,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuCAAsx4dBqQ0uCgBALMAWbAAABAQgKwrkkKc+qNCg="}
+01303{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714698324,"flow_dst_last_pkt_time":1605289714739608,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605289714739608,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"accounts.pinterest.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+03083{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714739677,"flow_dst_last_pkt_time":1605289714740234,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5240,"midstream":0,"thread_ts_usec":1605289714740234,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"accounts.pinterest.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}}
+00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714782619,"flow_src_last_pkt_time":1605289714782619,"flow_dst_last_pkt_time":1605289714782619,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714782619,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714782619,"flow_dst_last_pkt_time":1605289714782619,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714782619,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LuqIAAAAAoAL9IEOtAAACBAWgBAIICnRgZN4AAAAAAQMDBw=="}
+02145{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":258,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289714795031,"flow_dst_last_pkt_time":1605289714793606,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1778,"flow_dst_tot_l4_payload_len":5802,"midstream":0,"thread_ts_usec":1605289714795031,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":15232.9,"max":132689,"stddev":29577.9,"var":874849472.0,"ent":3.1,"data": [23500,23520,222,32278,1902,1,0,33966,35,25,324,0,242,8,1731,75,102,35078,5741,3731,0,1,42641,14,135,39228,93613,132689,1225,118,74]},"pktlen": {"min":72,"avg":309.4,"max":1280,"stddev":401.1,"var":160869.7,"ent":4.1,"data": [80,80,72,589,72,1280,1280,1280,72,72,72,1280,173,72,72,136,164,451,72,72,652,103,72,72,72,103,72,330,72,111,229,571]},"bins": {"c_to_s": [11,1,2,0,1,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0],"entropies": [4.656593323,5.123788357,5.017778397,4.494572163,4.850525856,7.806178570,7.820445061,7.825618267,4.990000248,4.985159874,5.017777920,7.793226242,6.582598209,5.045556068,5.045556068,6.051473618,6.341272354,7.424715996,4.850525856,4.812263489,7.613498688,5.540113449,4.850525856,5.073333740,5.073333740,5.737332821,4.822747707,7.185048103,5.017778397,5.884420395,6.843392372,7.591670513]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714782619,"flow_dst_last_pkt_time":1605289714832909,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714832909,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAByAqAcsBIEmLB5kd7IUo3\/YpAbve2qyyOFrOS7qjoBJXgB0bAAACBAV4AQMDAwQCCArCuSSHdGBk3g=="}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714832956,"flow_dst_last_pkt_time":1605289714832909,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714832956,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LuqOssjhbgBAB+6D6AAABAQgKdGBlEMK5JIc="}
+01232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714833176,"flow_dst_last_pkt_time":1605289714832909,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714833176,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LuqOssjhbgBgB+9wiAAABAQgKdGBlEcK5JIcWAwECAAEAAfwDA\/Ezw4mbUrI42jPHW\/R2JVq8HiENkzAbEci0fYqAxMkBIKC\/V9JydIygOtZAUS0JoPRGfzSMLpt5E5aZDM7pIRYPACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAGAAWAAATaW1hZ2VzLnVuc3BsYXNoLmNvbQAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApSkoAAQAAHQAgXafHcjSuu0lDRwVYnybRA+hptEDEqNkxm07M0aaWohAALQACAQEAKwALCsrKAwQDAwMCAwEAGwADAgACGhoAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714782619,"flow_src_last_pkt_time":1605289714833176,"flow_dst_last_pkt_time":1605289714832909,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714833176,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"images.unsplash.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714833176,"flow_dst_last_pkt_time":1605289714864628,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714864628,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAByAqAcsBIEmLB5kd7IUo3\/YpAbve2qyyOFvOS7yogBALMJWfAAABAQgKwrkkp3RgZRE="}
+01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289714782619,"flow_src_last_pkt_time":1605289714833176,"flow_dst_last_pkt_time":1605289714867730,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289714867730,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"images.unsplash.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+03501{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":273,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1605289714782619,"flow_src_last_pkt_time":1605289714868409,"flow_dst_last_pkt_time":1605289714869584,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5552,"midstream":0,"thread_ts_usec":1605289714869584,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":1,"category":"Media","hostname":"images.unsplash.com","tls": {"version":"TLSv1.2","server_names":"imgix2.map.fastly.net,*.camp-fire.jp,*.carwow.co.uk,*.carwow.de,*.carwow.es,*.catchandrelease.com,*.dorothee-schumacher.com,*.footway.com,*.img-ikyu.com,*.imgix.drizly.com,*.instamotor.com,*.microdinc.com,*.msastaging.com,*.peddle.com,*.remax.ca,*.ustudio.com,*.vaping360.com,*.weber.com,article-image-ix.nikkei.com,assets.eberhardt-travel.de,assets.verishop.com,assets.verishop.xyz,cdn.airstream.com,cdn.elementthree.com,cdn.hashnode.com,cdn.naturalhealthyconcepts.com,cdn.parent.eu,cdn.phonehouse.es,cdn.shiplus.co.il,i.drop-cdn.com,i.upworthy.com,image.volunteerworld.com,imageproxy.themaven.net,images-dev.takeshape.io,images.101cookbooks.com,images.beano.com,images.businessoffashion.com,images.congstar.de,images.diesdas.digital,images.fandor.com,images.greetingsisland.com,images.malaecuia.com.br,images.omaze.com,images.roulottesgagnon.com,images.takeshape.io,images.thewanderful.co,images.unsplash.com,images.victoriaplum.com,images.vraiandoro.com,img-1.homely.com.au,img-stack.imagereflow.com,img.badshop.se,img.bernieandphyls.com,img.bioopticsworld.com,img.broadbandtechreport.com,img.broadwaybox.com,img.bygghemma.se,img.bygghjemme.no,img.byggshop.se,img.cablinginstall.com,img.dentaleconomics.com,img.dentistryiq.com,img.evaluationengineering.com,img.golvshop.se,img.grudado.com.br,img.industrial-lasers.com,img.induux.de,img.intelligent-aerospace.com,img.inturn.co,img.laserfocusworld.com,img.ledsmagazine.com,img.lightwaveonline.com,img.militaryaerospace.com,img.mychannels.video,img.officer.com,img.offshore-mag.com,img.ogj.com,img.perioimplantadvisory.com,img.plasticsmachinerymagazine.com,img.prevu.com,img.rdhmag.com,img.speedcurve.com,img.strategies-u.com,img.utilityproducts.com,img.vision-systems.com,img.waterworld.com,img.workbook.com,img.xlhemma.se,img1.nowpurchase.com,iw.induux.de,m.22slides.com,media.sailrace.com,media.useyourlocal.com,pictures.hideaways.dk,raven.contrado.com,resources.intuitive.com,static.doorsuperstore.co.uk","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=imgix2.map.fastly.net","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1F:BC:A1:79:48:96:70:32:B8:08:C1:38:D4:20:12:BE:D9:6F:14:B6"}}}
+01969{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":282,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714873020,"flow_dst_last_pkt_time":1605289714873010,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1043,"flow_dst_tot_l4_payload_len":6264,"midstream":0,"thread_ts_usec":1605289714873020,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":13869.2,"max":89623,"stddev":22425.8,"var":502918720.0,"ent":3.3,"data": [39835,39893,388,39880,1850,1,41296,35,60,0,18,4,565,0,563,29,2922,2605,564,39805,119,1086,1924,0,36819,15,203,49740,40102,0,89623]},"pktlen": {"min":72,"avg":300.8,"max":1120,"stddev":374.8,"var":140490.0,"ent":4.1,"data": [80,80,72,589,72,1120,1120,72,72,1120,1120,72,72,1120,154,72,72,165,171,368,72,72,72,330,138,72,72,110,72,516,246,72]},"bins": {"c_to_s": [11,1,1,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,2,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0],"entropies": [4.759509563,5.142373085,5.117740154,4.564804554,4.953123093,6.789499283,4.442035198,5.175263882,5.103079796,6.610801220,7.126421452,5.203041553,5.203041553,7.603042603,6.151700974,5.175263882,5.175263882,6.101224422,6.300935745,7.262635231,4.980900764,5.036456108,4.980900764,7.043718815,6.196548939,5.175263882,5.175263882,5.631328106,5.036456108,7.479037762,6.852047443,5.230819225]}}
+03086{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":282,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714873020,"flow_dst_last_pkt_time":1605289714873010,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1043,"flow_dst_tot_l4_payload_len":6264,"midstream":0,"thread_ts_usec":1605289714873020,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"accounts.pinterest.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}}
+01959{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":297,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289714782619,"flow_src_last_pkt_time":1605289714902517,"flow_dst_last_pkt_time":1605289714903070,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1077,"flow_dst_tot_l4_payload_len":12561,"midstream":0,"thread_ts_usec":1605289714903070,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7753.2,"max":50337,"stddev":15382.7,"var":236626480.0,"ent":2.9,"data": [50290,50337,220,31719,3102,0,34561,13,675,659,1179,1,1182,11,2643,116,155,32346,0,0,0,1,29460,6,548,1,0,514,15,6,589]},"pktlen": {"min":72,"avg":498.7,"max":1460,"stddev":595.9,"var":355070.7,"ent":4.0,"data": [80,80,72,589,72,1460,1460,72,72,1460,72,1460,1205,72,72,165,171,440,72,72,72,330,138,72,72,1460,1460,1460,72,72,72,1460]},"bins": {"c_to_s": [12,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,8,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,1,1,1,0,0,0,1],"entropies": [4.703702927,5.136080265,5.124309540,4.545345783,5.017591953,6.717867374,4.853471756,5.096531868,5.124309540,7.395221710,5.124309540,7.321218014,7.643990993,5.124309540,5.152087212,5.949683189,6.333797455,7.364598274,5.017591953,5.017591953,4.989814281,7.067564487,6.163845539,5.152087212,5.124309540,7.852941513,7.865815639,7.871354580,5.096531868,5.124309540,5.053668499,7.834792614]}}
+03505{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289714782619,"flow_src_last_pkt_time":1605289714902517,"flow_dst_last_pkt_time":1605289714903070,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1077,"flow_dst_tot_l4_payload_len":12561,"midstream":0,"thread_ts_usec":1605289714903070,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":1,"category":"Media","hostname":"images.unsplash.com","tls": {"version":"TLSv1.2","server_names":"imgix2.map.fastly.net,*.camp-fire.jp,*.carwow.co.uk,*.carwow.de,*.carwow.es,*.catchandrelease.com,*.dorothee-schumacher.com,*.footway.com,*.img-ikyu.com,*.imgix.drizly.com,*.instamotor.com,*.microdinc.com,*.msastaging.com,*.peddle.com,*.remax.ca,*.ustudio.com,*.vaping360.com,*.weber.com,article-image-ix.nikkei.com,assets.eberhardt-travel.de,assets.verishop.com,assets.verishop.xyz,cdn.airstream.com,cdn.elementthree.com,cdn.hashnode.com,cdn.naturalhealthyconcepts.com,cdn.parent.eu,cdn.phonehouse.es,cdn.shiplus.co.il,i.drop-cdn.com,i.upworthy.com,image.volunteerworld.com,imageproxy.themaven.net,images-dev.takeshape.io,images.101cookbooks.com,images.beano.com,images.businessoffashion.com,images.congstar.de,images.diesdas.digital,images.fandor.com,images.greetingsisland.com,images.malaecuia.com.br,images.omaze.com,images.roulottesgagnon.com,images.takeshape.io,images.thewanderful.co,images.unsplash.com,images.victoriaplum.com,images.vraiandoro.com,img-1.homely.com.au,img-stack.imagereflow.com,img.badshop.se,img.bernieandphyls.com,img.bioopticsworld.com,img.broadbandtechreport.com,img.broadwaybox.com,img.bygghemma.se,img.bygghjemme.no,img.byggshop.se,img.cablinginstall.com,img.dentaleconomics.com,img.dentistryiq.com,img.evaluationengineering.com,img.golvshop.se,img.grudado.com.br,img.industrial-lasers.com,img.induux.de,img.intelligent-aerospace.com,img.inturn.co,img.laserfocusworld.com,img.ledsmagazine.com,img.lightwaveonline.com,img.militaryaerospace.com,img.mychannels.video,img.officer.com,img.offshore-mag.com,img.ogj.com,img.perioimplantadvisory.com,img.plasticsmachinerymagazine.com,img.prevu.com,img.rdhmag.com,img.speedcurve.com,img.strategies-u.com,img.utilityproducts.com,img.vision-systems.com,img.waterworld.com,img.workbook.com,img.xlhemma.se,img1.nowpurchase.com,iw.induux.de,m.22slides.com,media.sailrace.com,media.useyourlocal.com,pictures.hideaways.dk,raven.contrado.com,resources.intuitive.com,static.doorsuperstore.co.uk","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=imgix2.map.fastly.net","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1F:BC:A1:79:48:96:70:32:B8:08:C1:38:D4:20:12:BE:D9:6F:14:B6"}}}
+00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289715133578,"flow_src_last_pkt_time":1605289715133578,"flow_dst_last_pkt_time":1605289715133578,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715133578,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1605289715133578,"flow_dst_last_pkt_time":1605289715133578,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715133578,"pkt":"qtsDr8lk5EKm5WPyht1gAUyOACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyX4Bu+HPmfcAAAAAoAL9IJHxAAACBAWgBAIICjiITggAAAAAAQMDBw=="}
+00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1605289715133578,"flow_dst_last_pkt_time":1605289715210396,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715210396,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvJfoEpGV7hz5n4oBJXgLSTAAACBAV4AQMDAwQCCArCuSXYOIhOCA=="}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1605289715210445,"flow_dst_last_pkt_time":1605289715210396,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715210445,"pkt":"qtsDr8lk5EKm5WPyht1gAUyOACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyX4Bu+HPmfiBKRlfgBAB+zhYAAABAQgKOIhOVcK5Jdg="}
+01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1605289715212290,"flow_dst_last_pkt_time":1605289715210396,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289715212290,"pkt":"qtsDr8lk5EKm5WPyht1gAUyOAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyX4Bu+HPmfiBKRlfgBgB+6OKAAABAQgKOIhOV8K5JdgWAwECAAEAAfwDAyko5RIhdw7iSMvL+JxYqZMyWbwdT4mua+Aq4PLn7o6AIHiamGncKVvaC4Qe+Wkd02CeOTDRVPAoUdvjHzZzHWAnACD6+hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOKigAAAAAAFAASAAAPd3d3LmdzdGF0aWMuY29tABcAAP8BAAEAAAoACgAIWloAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClaWgABAAAdACCRstqE9fnS4cN2o44Xylwq4VObB7JF4wgnATR+54QtdwAtAAIBAQArAAsKuroDBAMDAwIDAQAbAAMCAAL6+gABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01213{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715133578,"flow_src_last_pkt_time":1605289715212290,"flow_dst_last_pkt_time":1605289715210396,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715212290,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289715221747,"flow_src_last_pkt_time":1605289715221747,"flow_dst_last_pkt_time":1605289715221747,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715221747,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1605289715221747,"flow_dst_last_pkt_time":1605289715221747,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715221747,"pkt":"qtsDr8lk5EKm5WPyht1gDRmqACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1JABu7b0CzwAAAAAoAL9ILgWAAACBAWgBAIICnB0noAAAAAAAQMDBw=="}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1605289715212290,"flow_dst_last_pkt_time":1605289715257682,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715257682,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvJfoEpGV\/hz5v9gBALMCzUAAABAQgKwrkmIDiITlc="}
+00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1605289715221747,"flow_dst_last_pkt_time":1605289715273354,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715273354,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvUkNYqBSe29As9oBJXgJmfAAACBAV4AQMDAwQCCArCuSYncHSegA=="}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1605289715273482,"flow_dst_last_pkt_time":1605289715273354,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715273482,"pkt":"qtsDr8lk5EKm5WPyht1gDRmqACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1JABu7b0Cz3WKgUogBAB+x19AAABAQgKcHSetMK5Jic="}
+01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1605289715274121,"flow_dst_last_pkt_time":1605289715273354,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289715274121,"pkt":"qtsDr8lk5EKm5WPyht1gDRmqAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1JABu7b0Cz3WKgUogBgB+5ZOAAABAQgKcHSetcK5JicWAwECAAEAAfwDA\/Wo9zH9kIsC3p0+x0Ogp3CBXjA+aSeyGzEE6vb9ZTk9IJABGD2ndVeTf+odvyDjSMzv7BNGBBHaaAJBgxYc9sAYACDKyhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAFAASAAAPYXBpcy5nb29nbGUuY29tABcAAP8BAAEAAAoACgAIqqoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmqqgABAAAdACB2WXZxKMS9tF781JcLrIeE0V3s7s7Xei6L\/wVkpPzjGAAtAAIBAQArAAsK+voDBAMDAwIDAQAbAAMCAALq6gABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01213{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715221747,"flow_src_last_pkt_time":1605289715274121,"flow_dst_last_pkt_time":1605289715273354,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715274121,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apis.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289715274358,"flow_src_last_pkt_time":1605289715274358,"flow_dst_last_pkt_time":1605289715274358,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715274358,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1605289715274358,"flow_dst_last_pkt_time":1605289715274358,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715274358,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuACgGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vIYAAAAAoAL9IIqeAAACBAWgBAIICrhM3AoAAAAAAQMDBw=="}
+01258{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715133578,"flow_src_last_pkt_time":1605289715212290,"flow_dst_last_pkt_time":1605289715287643,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289715287643,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1605289715274358,"flow_dst_last_pkt_time":1605289715301345,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715301345,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoDKIDwMAAT+s6wDAAAAAMqAcsBIEmLB5kd7IUo3\/YpAbvIXBJtCi5yubyHoBJXgCqsAAACBAV4AQMDAwQCCArCuSZZuEzcCg=="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1605289715274121,"flow_dst_last_pkt_time":1605289715301345,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715301345,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvUkNYqBSi29A1CgBALMBIOAAABAQgKwrkmW3B0nrU="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1605289715301435,"flow_dst_last_pkt_time":1605289715301345,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715301435,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuACAGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vIcSbQovgBAB+66iAAABAQgKuEzcJcK5Jlk="}
+01233{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1605289715301671,"flow_dst_last_pkt_time":1605289715301345,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289715301671,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuAiUGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vIcSbQovgBgB+0gHAAABAQgKuEzcJcK5JlkWAwECAAEAAfwDA5gekqpKhlC2ipL2zI8L5\/kv3e0nxnbXEmgavka1LHWVIBeXyfu8UN0TfZ\/W27lJZzaKDZAJHcd7oBhNLgsTwfr\/ACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAGQAXAAAUY29ubmVjdC5mYWNlYm9vay5uZXQAFwAA\/wEAAQAACgAKAAi6ugAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKbq6AAEAAB0AIGc+3YDJXOpck3uyogqFw1bonkkYAWZ3xkO5tRdYSBRhAC0AAgEBACsACwoaGgMEAwMDAgMBABsAAwIAAurqAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715274358,"flow_src_last_pkt_time":1605289715301671,"flow_dst_last_pkt_time":1605289715301345,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715301671,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"connect.facebook.net","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01258{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":329,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715221747,"flow_src_last_pkt_time":1605289715274121,"flow_dst_last_pkt_time":1605289715321807,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289715321807,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apis.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1605289715301671,"flow_dst_last_pkt_time":1605289715333683,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715333683,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoDKIDwMAAT+s6wDAAAAAMqAcsBIEmLB5kd7IUo3\/YpAbvIXBJtCi9yub6MgBALMKNIAAABAQgKwrkmebhM3CU="}
+01274{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":339,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715274358,"flow_src_last_pkt_time":1605289715301671,"flow_dst_last_pkt_time":1605289715333684,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1380,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1380,"midstream":0,"thread_ts_usec":1605289715333684,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"connect.facebook.net","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+02166{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":387,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289715221747,"flow_src_last_pkt_time":1605289715430506,"flow_dst_last_pkt_time":1605289715430565,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":965,"flow_dst_tot_l4_payload_len":10223,"midstream":0,"thread_ts_usec":1605289715430565,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":13470.2,"max":79486,"stddev":22212.4,"var":493390560.0,"ent":3.3,"data": [51607,51735,639,27991,20462,0,1,47699,14,8,3349,184,136,69956,1,28,13172,79486,329,8681,8388,16746,3,2,2,16717,40,14,21,164,2]},"pktlen": {"min":72,"avg":422.1,"max":1280,"stddev":496.1,"var":246097.6,"ent":4.1,"data": [80,80,72,589,72,1280,1280,312,72,72,72,136,164,333,72,72,72,652,72,103,103,72,988,1280,1280,1280,72,72,72,72,1280,1280]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,1,1,1,0,0,0,0,1,1],"entropies": [4.905388832,5.201737404,5.194384098,4.447809696,5.069574356,7.796703339,7.816472054,7.245393753,5.222161770,5.194384098,5.194384098,6.221469402,6.666475773,7.225831985,5.059089661,5.086867332,5.097352028,7.629415512,5.222161770,5.833802700,5.730946064,5.211677074,7.792719841,7.812408924,7.862325191,7.810635090,5.211677074,5.249939442,5.222161770,5.222161770,7.816607952,7.836236000]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02162{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":407,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1605289715274358,"flow_src_last_pkt_time":1605289715471680,"flow_dst_last_pkt_time":1605289715427326,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1380,"flow_src_tot_l4_payload_len":1347,"flow_dst_tot_l4_payload_len":5004,"midstream":0,"thread_ts_usec":1605289715471680,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":11299.7,"max":93180,"stddev":21751.5,"var":473125984.0,"ent":3.0,"data": [26987,27077,236,32338,1,0,32042,17,3873,399,116,64739,93180,2,1,290,2,3,2,24343,46,12,9,157,3,2,82,23,41,4388,39879]},"pktlen": {"min":72,"avg":271.0,"max":1452,"stddev":368.4,"var":135732.3,"ent":4.1,"data": [80,80,72,589,72,1452,979,72,72,136,164,330,330,72,72,72,251,152,116,653,72,72,72,72,483,1452,114,72,72,72,103,199]},"bins": {"c_to_s": [12,0,2,1,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,1,1,0,0,0,0,0],"entropies": [5.086080074,5.358260632,5.421088219,4.582517624,5.325077534,7.824724197,7.800261974,5.487128258,5.459350586,6.217577457,6.494597435,7.339631081,7.344889641,5.269522190,5.231259823,5.286815166,7.021345615,6.361854553,5.947217464,7.648275852,5.393310547,5.421088219,5.393310547,5.448865891,7.531715393,7.878327370,6.086453915,5.448865891,5.421088219,5.365532398,5.884278774,6.731818199]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
+00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":533,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289715782853,"flow_src_last_pkt_time":1605289715782853,"flow_dst_last_pkt_time":1605289715782853,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715782853,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1605289715782853,"flow_dst_last_pkt_time":1605289715782853,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715782853,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEACgGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2RbtWoAAAAAoAL9IBbyAAACBAWgBAIICmcfa8wAAAAAAQMDBw=="}
+00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1605289715782853,"flow_dst_last_pkt_time":1605289715833903,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715833903,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoDKIDxHwCD+s6wDAAAJd4qAcsBIEmLB5kd7IUo3\/YpAbvrtAAp+EJkW7VroBJXgNkoAAACBAV4AQMDAwQCCArCuShfZx9rzA=="}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1605289715833970,"flow_dst_last_pkt_time":1605289715833903,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715833970,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEACAGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2RbtWsAKfhDgBAB+10HAAABAQgKZx9r\/8K5KF8="}
+01232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1605289715834672,"flow_dst_last_pkt_time":1605289715833903,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289715834672,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEAiUGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2RbtWsAKfhDgBgB+\/QzAAABAQgKZx9sAMK5KF8WAwECAAEAAfwDA15ScC6cz0Mm40ZOuOfJU9tsVGcffyVHK66YSdKRGbaAIPaARvdX8cCHMx9rMsZJhiJlEhn0QL88TbX34lqqt\/OKACDa2hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAFQATAAAQd3d3LmZhY2Vib29rLmNvbQAXAAD\/AQABAAAKAAoACCoqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApKioAAQAAHQAgpYv7qRG6do7VtNy5242ZZbX6mD8VP8lQEUUuZeSYdj0ALQACAQEAKwALCsrKAwQDAwMCAwEAGwADAgACCgoAAQAAFQDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01228{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715782853,"flow_src_last_pkt_time":1605289715834672,"flow_dst_last_pkt_time":1605289715833903,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715834672,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289715966342,"flow_dst_last_pkt_time":1605289715966342,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715966342,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1605289715966342,"flow_dst_last_pkt_time":1605289715966342,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715966342,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7B4AAAAAoAL9IFQFAAACBAWgBAIICqkvSd0AAAAAAQMDBw=="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1605289715834672,"flow_dst_last_pkt_time":1605289716018193,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289716018193,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoDKIDxHwCD+s6wDAAAJd4qAcsBIEmLB5kd7IUo3\/YpAbvrtAAp+ENkW7dwgBALMFGYAAABAQgKwrkok2cfbAA="}
+01273{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":539,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715782853,"flow_src_last_pkt_time":1605289715834672,"flow_dst_last_pkt_time":1605289716018194,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1380,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1380,"midstream":0,"thread_ts_usec":1605289716018194,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1605289715966342,"flow_dst_last_pkt_time":1605289716021823,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289716021823,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbu6rg79HT9v4ewfoBJXgOHBAAACBAV4AQMDAwQCCArCuSkJqS9J3Q=="}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1605289716021899,"flow_dst_last_pkt_time":1605289716021823,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289716021899,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7B8O\/R1AgBAB+2WcAAABAQgKqS9KFMK5KQk="}
+01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1605289716024503,"flow_dst_last_pkt_time":1605289716021823,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289716024503,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7B8O\/R1AgBgB+960AAABAQgKqS9KF8K5KQkWAwECAAEAAfwDAz7PSjjgfHJf+nCfn3DPMxydUwVUjvYQFiNHK08caRmgIChBHphlkCrDONZuzjKATga3CNpgPdLG1nC8FJaIcfu7ACDa2hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAJAAiAAAfY29udGVudC1hdXRvZmlsbC5nb29nbGVhcGlzLmNvbQAXAAD\/AQABAAAKAAoACGpqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApamoAAQAAHQAgphW3bcEnLefm+sIpksFu2OouFtq8r6bigf0SizCebCQALQACAQEAKwALCpqaAwQDAwMCAwEAGwADAgACCgoAAQAAFQC9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289716024503,"flow_dst_last_pkt_time":1605289716021823,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289716024503,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1605289716024503,"flow_dst_last_pkt_time":1605289716066903,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289716066903,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbu6rg79HUBv4e4kgBALMFoOAAABAQgKwrkpWqkvShc="}
+01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":576,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289716024503,"flow_dst_last_pkt_time":1605289716084706,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289716084706,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":614,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289716168715,"flow_src_last_pkt_time":1605289716168715,"flow_dst_last_pkt_time":1605289716168715,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289716168715,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1605289716168715,"flow_dst_last_pkt_time":1605289716168715,"flow_idle_time":3285032704,"pkt_caplen":244,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":244,"pkt_l4_len":190,"thread_ts_usec":1605289716168715,"pkt":"qtsDr8lk5EKm5WPyht1gB32\/AL4GQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACADqioBu9lam\/a\/4e68gBgE1TyJAAABAQgKZPSVcMK4jAQXAwMAmbA2YtBqXOwsPZhf0xplQUhs5uebiQ6HrXX0rQcB3CzDNqt6KEFEtOrnLbiyKoAl0\/PfpLU5lSyfN4b6GWAPMuxRzKK1mYHeU6cm19ssJsGj28uoKpDNJuLbc68jHie5jcE8\/swMHjb\/rsshDlUuBkbS0PBg+fBq\/uDg8aBU7dQCoscpqfDhz7OaLw8PBcid6Woaoneonk0XRQ=="}
+00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":614,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289716168715,"flow_src_last_pkt_time":1605289716168715,"flow_dst_last_pkt_time":1605289716168715,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289716168715,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1605289716168917,"flow_dst_last_pkt_time":1605289716168715,"flow_idle_time":3285032704,"pkt_caplen":209,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":209,"pkt_l4_len":155,"thread_ts_usec":1605289716168917,"pkt":"qtsDr8lk5EKm5WPyht1gB32\/AJsGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACADqioBu9lanJS\/4e68gBgE1YEBAAABAQgKZPSVcMK4jAQXAwMAT0+KQ56NjlMHGW+d6G5ddduewRHnDyQJNOhFGSBeS16m4KVAja7XHlyuQrxKoq24Sn8bLVvUYgiRl0ogV926yAF+\/eBnK0DefdFCPgWpP6kXAwMAIh\/Eke2gVwnwKuWIWa9HbFAoJdRk5f1TigycRztSwvhmbFo="}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1605289716168917,"flow_dst_last_pkt_time":1605289716192184,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289716192184,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbuqKr\/h7rzZWpyUgBALf8h0AAABAQgKwrkp2GT0lXA="}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1605289716168917,"flow_dst_last_pkt_time":1605289716192344,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289716192344,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbuqKr\/h7rzZWp0PgBALj8fpAAABAQgKwrkp2GT0lXA="}
+00801{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1605289716168917,"flow_dst_last_pkt_time":1605289716197451,"flow_idle_time":3285032704,"pkt_caplen":277,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":277,"pkt_l4_len":223,"thread_ts_usec":1605289716197451,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAN8GPSoAFFBABwgFAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbuqKr\/h7rzZWp0PgBgLjwvfAAABAQgKwrkp2WT0lXAXAwMAuvbpCprhIHZOm+s71xjln8W5wRXAEZMMYHzFfgrc8Qz4ihOFNdXXrcK7V3sZoCmBJ+9UP9pq7hG1hJyCeP+MFNZTxO2gaK55QvARJT791YHr2a9N\/48L6BIqY0g9tYfn4yZI8zlroZ226D4je2OGOYeBFXAt\/SWtduBHYRboL2SojJhXdPVjX\/gNGYSfvf2cQ4Gmy4NkAXucZYn6wYVA\/ALz1WSrztJHvD8qTVY2ZZ3gbVGKtvonmOvlwA=="}
+02130{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":647,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":23,"flow_first_seen":1605289716168715,"flow_src_last_pkt_time":1605289716199465,"flow_dst_last_pkt_time":1605289716199511,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":21058,"midstream":1,"thread_ts_usec":1605289716199511,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":1985.4,"max":28590,"stddev":6415.7,"var":41161208.0,"ent":1.8,"data": [202,23469,160,5107,2,28590,251,1,1,2,214,4,31,0,19,391,1,0,1,397,8,1304,0,0,1,0,1316,72,1,1,0]},"pktlen": {"min":72,"avg":738.8,"max":1280,"stddev":578.2,"var":334348.7,"ent":4.5,"data": [230,195,72,72,263,1280,72,1280,1280,1280,1280,72,72,1280,1280,72,1280,1280,1280,1280,72,72,1280,1280,237,111,199,72,1280,1280,1280,1280]},"bins": {"c_to_s": [7,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,1,1,1,0,0,1,1,1,1,1,0,1,1,1,1],"entropies": [6.948834896,6.675073147,5.125129700,5.125129700,6.977108479,7.855700493,5.182512760,7.824506283,7.846910477,7.827116013,7.838431835,5.116472721,5.137442112,7.839233875,7.849976540,5.154735088,7.852743149,7.835449219,7.826992035,7.859686375,5.182512760,5.182512760,7.806921482,7.824195862,6.883517742,5.810838699,6.706934929,5.109664440,7.833899021,7.836830139,7.838667870,7.830160618]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":695,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289717548570,"flow_dst_last_pkt_time":1605289717548570,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289717548570,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1605289717548570,"flow_dst_last_pkt_time":1605289717548570,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289717548570,"pkt":"qtsDr8lk5EKm5WPyht1gD67DACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PaD4AAAAAoAL9ID+FAAACBAWgBAIICjGG9eUAAAAAAQMDBw=="}
+00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":696,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1605289717548570,"flow_dst_last_pkt_time":1605289717572004,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289717572004,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIA0qAcsBIEmLB5kd7IUo3\/YpAbufvovR75juz2g\/oBJXgHfiAAACBAV4AQMDAwQCCArCuS86MYb15Q=="}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":697,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1605289717572182,"flow_dst_last_pkt_time":1605289717572004,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289717572182,"pkt":"qtsDr8lk5EKm5WPyht1gD67DACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PaD+L0e+ZgBAB+\/vbAAABAQgKMYb1\/cK5Lzo="}
+01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":698,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1605289717572787,"flow_dst_last_pkt_time":1605289717572004,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289717572787,"pkt":"qtsDr8lk5EKm5WPyht1gD67DAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PaD+L0e+ZgBgB+0DvAAABAQgKMYb1\/cK5LzoWAwECAAEAAfwDA800cC9OVh30oKukmv7TjuGOfIQsAXjOcIds0bgi09HFIBoSrrmErFO1TCZKJVvIhS6wQO5Ret2I7u3t0EJASsOHACBaWhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAGAAWAAATYWNjb3VudHMuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAoACHp6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApenoAAQAAHQAg3SQzsRLwlL1ZHWLzcJyUxb7R5EthsHkv9Gz6Dx5HIhsALQACAQEAKwALCoqKAwQDAwMCAwEAGwADAgACysoAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":698,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289717572787,"flow_dst_last_pkt_time":1605289717572004,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289717572787,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1605289717572787,"flow_dst_last_pkt_time":1605289717599829,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289717599829,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIA0qAcsBIEmLB5kd7IUo3\/YpAbufvovR75nuz2pEgBALMPCFAAABAQgKwrkvVjGG9f0="}
+01262{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":700,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289717572787,"flow_dst_last_pkt_time":1605289717605090,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289717605090,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+02189{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":718,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289717653626,"flow_dst_last_pkt_time":1605289716195463,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":4020,"midstream":0,"thread_ts_usec":1605289717653626,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":61819.5,"max":1485939,"stddev":260701.6,"var":67965321216.0,"ent":1.6,"data": [55481,55557,2604,45080,17803,15,60231,16,286,275,9398,2484,606,42880,0,228,1,30633,193,14864,14650,23014,0,23014,8,85,0,70,1606,29384,1485939]},"pktlen": {"min":72,"avg":238.1,"max":1280,"stddev":317.7,"var":100919.6,"ent":4.1,"data": [80,80,72,589,72,1280,1280,72,72,573,72,136,164,444,72,72,72,652,72,103,103,72,462,135,72,72,111,72,72,111,72,237]},"bins": {"c_to_s": [11,1,2,0,0,1,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,0],"entropies": [4.830388546,5.236173153,5.083273411,4.664566517,5.024503708,7.801916599,7.849427700,5.232646465,5.204868793,7.603487968,5.204868793,6.090775967,6.470489025,7.520395279,5.107836723,5.107836723,5.080059052,7.600295067,5.194384098,5.756132126,5.672693253,5.166606426,7.483500957,6.249640465,5.177091122,5.204868793,5.886195660,5.135614395,5.204868793,5.955920696,5.135614395,6.860337257]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02166{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":728,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289717681759,"flow_dst_last_pkt_time":1605289717681662,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":959,"flow_dst_tot_l4_payload_len":10121,"midstream":0,"thread_ts_usec":1605289717681759,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8589.7,"max":42968,"stddev":12964.6,"var":168080032.0,"ent":3.5,"data": [23434,23612,605,27825,5261,2,0,32335,48,7,3191,171,159,42968,880,1,157,40413,894,3393,2534,21369,1,21337,22,7799,1,0,1,7829,32]},"pktlen": {"min":72,"avg":418.8,"max":1280,"stddev":492.4,"var":242485.9,"ent":4.1,"data": [80,80,72,589,72,1280,1280,322,72,72,72,136,164,327,72,72,72,652,72,103,103,72,876,1280,72,72,1280,1280,1280,1280,72,72]},"bins": {"c_to_s": [12,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,1,0,0,1,1,1,1,0,0],"entropies": [4.905389309,5.361174107,5.232646465,4.557852268,5.107836723,7.817549706,7.840916157,7.180346489,5.232646465,5.260424137,5.260424137,6.185771942,6.393667221,7.196280479,5.107836723,5.107836723,5.107836723,7.630718231,5.204868793,5.782878876,5.796528339,5.222161770,7.750598431,7.833017826,5.260424137,5.260424137,7.845281124,7.848848343,7.857541561,7.841633797,5.194384098,5.232646465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02201{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":788,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289715782853,"flow_src_last_pkt_time":1605289717682629,"flow_dst_last_pkt_time":1605289717754541,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1380,"flow_src_tot_l4_payload_len":1620,"flow_dst_tot_l4_payload_len":4362,"midstream":0,"thread_ts_usec":1605289717754541,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":124885.9,"max":1522186,"stddev":365675.9,"var":133718884352.0,"ent":2.3,"data": [51050,51117,702,184290,1,0,183671,66,7538,8559,3870,48706,3,10603,0,1,1,39192,55,6,1700,5826,4025,34675,42375,77042,1489773,1522186,1,32460,71970]},"pktlen": {"min":72,"avg":259.4,"max":1452,"stddev":363.6,"var":132225.8,"ent":4.1,"data": [80,80,72,589,72,1452,980,72,72,136,164,442,72,72,72,243,152,103,72,72,72,103,107,72,72,492,72,618,72,107,72,1374]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,0,1,1,0,0,1,1,0,1],"entropies": [5.147778988,5.386569977,5.363564491,4.530324936,5.275225163,7.856009483,7.774714947,5.419119835,5.348239422,6.266700268,6.486256123,7.484294891,5.260424137,5.260424137,5.232646465,6.926154137,6.485898972,5.898414135,5.275390625,5.325302124,5.275390625,5.898528576,5.995410442,5.391342163,5.286815166,7.551696301,5.363564491,7.633099079,5.342370510,6.001532078,5.391342163,7.830712318]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
+00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":916,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289718346936,"flow_src_last_pkt_time":1605289718346936,"flow_dst_last_pkt_time":1605289718346936,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289718346936,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":916,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1605289718346936,"flow_dst_last_pkt_time":1605289718346936,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289718346936,"pkt":"qtsDr8lk5EKm5WPyht1gDn7LACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3mwBu1MbKQQ2nwhTgBBf5ZGnAAABAQgKdGByysK4e5A="}
+00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":917,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289718347032,"flow_src_last_pkt_time":1605289718347032,"flow_dst_last_pkt_time":1605289718347032,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289718347032,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":917,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1605289718347032,"flow_dst_last_pkt_time":1605289718347032,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289718347032,"pkt":"qtsDr8lk5EKm5WPyht1gAqmhACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyRABu5dQgwPxqZaUgBAHqUTfAAABAQgKOIhalcK4e5A="}
+00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":918,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289718347050,"flow_src_last_pkt_time":1605289718347050,"flow_dst_last_pkt_time":1605289718347050,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289718347050,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":918,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1605289718347050,"flow_dst_last_pkt_time":1605289718347050,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289718347050,"pkt":"qtsDr8lk5EKm5WPyht1gA2s5ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1CQBu69kJZnLb6S2gBAFvhEdAAABAQgKcHSqtcK4e5A="}
+00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":919,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289718347065,"flow_src_last_pkt_time":1605289718347065,"flow_dst_last_pkt_time":1605289718347065,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289718347065,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":919,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1605289718347065,"flow_dst_last_pkt_time":1605289718347065,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289718347065,"pkt":"qtsDr8lk5EKm5WPyht1gAtTRACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACAK3yoBu80FVZetwjn1gBAB9Q24AAABAQgKVxL7HMK4e4A="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":920,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1605289718346936,"flow_dst_last_pkt_time":1605289718372054,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289718372054,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAByAqAcsBIEmLB5kd7IUo3\/YpAbvebDafCFNTGykFgBALfUzsAAABAQgKwrkyWnReVSQ="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":921,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1605289718347065,"flow_dst_last_pkt_time":1605289718378827,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289718378827,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgMAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbvfKq3COfXNBVWYgBALvWWfAAABAQgKwrkyYVcQ4ow="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":922,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1605289718347032,"flow_dst_last_pkt_time":1605289718378828,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289718378828,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvJEPGplpSXUIMEgBALh6bdAAABAQgKwrkyYTiGPeg="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":923,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1605289718347050,"flow_dst_last_pkt_time":1605289718378828,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289718378828,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvUJMtvpLavZCWagBAL1W6tAAABAQgKwrkyYnBykDw="}
+00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":924,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289720502835,"flow_src_last_pkt_time":1605289720502835,"flow_dst_last_pkt_time":1605289720502835,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289720502835,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1605289720502835,"flow_dst_last_pkt_time":1605289720502835,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289720502835,"pkt":"qtsDr8lk5EKm5WPyht1gDE+lACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElgIBuwZ3AS1n9K5wgBAD7qJGAAABAQgK1mI428K4iuQ="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":925,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1605289720502835,"flow_dst_last_pkt_time":1605289720592524,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289720592524,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWAmf0rnAGdwEugBAMdPzqAAABAQgKwrk63tZgJbc="}
+00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":926,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289722442860,"flow_src_last_pkt_time":1605289722442860,"flow_dst_last_pkt_time":1605289722442860,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289722442860,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":926,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1605289722442860,"flow_dst_last_pkt_time":1605289722442860,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289722442860,"pkt":"qtsDr8lk5EKm5WPyht1gCa8jACAGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt0YBu4XaMRXguiMogBAB9ZuaAAABAQgKldeDu8K4iwE="}
+00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":927,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289722610839,"flow_src_last_pkt_time":1605289722610839,"flow_dst_last_pkt_time":1605289722610839,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289722610839,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":927,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1605289722610839,"flow_dst_last_pkt_time":1605289722610839,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289722610839,"pkt":"qtsDr8lk5EKm5WPyht1gDvD\/ACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElgYBu\/ADYY+SLdnAgBBf+pZ\/AAABAQgK1mJBF8K4kuY="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":928,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1605289722442860,"flow_dst_last_pkt_time":1605289722621701,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289722621701,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYAGQEAAHoLAAAAAAAAAAAqAcsBIEmLB5kd7IUo3\/YpAbu3RuC6IyiF2jEWgBAM4PFAAAABAQgKwrlC85XVazg="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":929,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1605289722610839,"flow_dst_last_pkt_time":1605289722642415,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289722642415,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWBpIt2cDwA2GQgBAQS035AAABAQgKwrlDCNZgKSs="}
+00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":978,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289726574867,"flow_src_last_pkt_time":1605289726574867,"flow_dst_last_pkt_time":1605289726574867,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289726574867,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":978,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1605289726574867,"flow_dst_last_pkt_time":1605289726574867,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289726574867,"pkt":"qtsDr8lk5EKm5WPyht1gD7DqACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyPYBuy7xct5PemhygBASWTvxAAABAQgKOIh6ucK4opo="}
+00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":979,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289726582828,"flow_src_last_pkt_time":1605289726582828,"flow_dst_last_pkt_time":1605289726582828,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289726582828,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1605289726582828,"flow_dst_last_pkt_time":1605289726582828,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289726582828,"pkt":"qtsDr8lk5EKm5WPyht1gBy5HACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKukIBu0Ah3sUn+OyVgBAB9Rf+AAABAQgKqS9zVcK4oqI="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":980,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1605289726574867,"flow_dst_last_pkt_time":1605289726621964,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289726621964,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvI9k96aHIu8XLfgBAL06eYAAABAQgKwrlSlDiGZZ4="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":981,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1605289726582828,"flow_dst_last_pkt_time":1605289726637788,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289726637788,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbu6Qif47JVAId7GgBALvHMdAAABAQgKwrlSpKktXm0="}
+00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":982,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289728586958,"flow_src_last_pkt_time":1605289728586958,"flow_dst_last_pkt_time":1605289728586958,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289728586958,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":982,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1605289728586958,"flow_dst_last_pkt_time":1605289728586958,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289728586958,"pkt":"qtsDr8lk5EKm5WPyht1gDHlsACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACADvvoBu4vV8Grv31OMgBACdmBfAAABAQgK5dFc6cK4oqI="}
+00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":983,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289728586992,"flow_src_last_pkt_time":1605289728586992,"flow_dst_last_pkt_time":1605289728586992,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289728586992,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":983,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1605289728586992,"flow_dst_last_pkt_time":1605289728586992,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289728586992,"pkt":"qtsDr8lk5EKm5WPyht1gCU2wACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnnABu1oBJQ4\/rrWNgBAQLrKDAAABAQgKyRWFssK4oqI="}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":984,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1605289728586958,"flow_dst_last_pkt_time":1605289728804207,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289728804207,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgVAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu++u\/fU4yL1fBrgBALkLtnAAABAQgKwrla3eXPQIw="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":985,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1605289728586992,"flow_dst_last_pkt_time":1605289728804556,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289728804556,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbuecD+utY1aASUPgBAZXAuxAAABAQgKwrla48kTaxY="}
+00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1003,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289732959160,"flow_dst_last_pkt_time":1605289732959160,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289732959160,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1003,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1605289732959160,"flow_dst_last_pkt_time":1605289732959160,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289732959160,"pkt":"qtsDr8lk5EKm5WPyht1gBE+4ACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElpIBuyNNp7gAAAAAoAL9IOnRAAACBAWgBAIICtZiaYQAAAAAAQMDBw=="}
+00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1004,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289732972740,"flow_src_last_pkt_time":1605289732972740,"flow_dst_last_pkt_time":1605289732972740,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289732972740,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1004,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1605289732972740,"flow_dst_last_pkt_time":1605289732972740,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289732972740,"pkt":"qtsDr8lk5EKm5WPyht1gD7s\/ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsEYBuwu8HIoAAAAAoAL9IMybAAACBAWgBAIIClhuYDIAAAAAAQMDBw=="}
+00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1005,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1605289732959160,"flow_dst_last_pkt_time":1605289733005669,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289733005669,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWkkELYhojTae5oBJXgL46AAACBAV4AQMDAwQCCArCuWtz1mJphA=="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1006,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1605289733005713,"flow_dst_last_pkt_time":1605289733005669,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289733005713,"pkt":"qtsDr8lk5EKm5WPyht1gBE+4ACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElpIBuyNNp7lBC2IbgBAB+0IeAAABAQgK1mJpssK5a3M="}
+01232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1007,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1605289733006105,"flow_dst_last_pkt_time":1605289733005669,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289733006105,"pkt":"qtsDr8lk5EKm5WPyht1gBE+4AiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElpIBuyNNp7lBC2IbgBgB+9rPAAABAQgK1mJps8K5a3MWAwECAAEAAfwDA+FylCmx+RqDY+2Dyo1rIa8zFwFxgekrVpZ57dzQTQpcIGR5x9GwiLhejRSyDSJCULhaEPuWcuSSd\/4qtnhsMGhMACAqKhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOKigAAAAAAGQAXAAAUYXNzZXRzLnBpbnRlcmVzdC5jb20AFwAA\/wEAAQAACgAKAAiKigAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKYqKAAEAAB0AIL6rS5lo+mbnIbk9M9oSvrL6u11X7ZgUutxoF0rBS5t\/AC0AAgEBACsACwpqagMEAwMDAgMBABsAAwIAApqaAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1007,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289733006105,"flow_dst_last_pkt_time":1605289733005669,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289733006105,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"assets.pinterest.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1008,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1605289732972740,"flow_dst_last_pkt_time":1605289733019634,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289733019634,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgKAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbuwRmgG99MLvByLoBJXgOQ\/AAACBAV4AQMDAwQCCArCuWuDWG5gMg=="}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1009,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_src_last_pkt_time":1605289733019649,"flow_dst_last_pkt_time":1605289733019634,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289733019649,"pkt":"qtsDr8lk5EKm5WPyht1gD7s\/ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsEYBuwu8HItoBvfUgBAB+2giAAABAQgKWG5gYcK5a4M="}
+01232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1605289733019850,"flow_dst_last_pkt_time":1605289733019634,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289733019850,"pkt":"qtsDr8lk5EKm5WPyht1gD7s\/AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsEYBuwu8HItoBvfUgBgB+1dmAAABAQgKWG5gYcK5a4MWAwECAAEAAfwDA\/e7AWI4IOqe24e3Dy8GtjgX\/HGd3ql+YvtlwSVKxHHMIG0UA7UP8cWM1+OIpoJabPxwYFuj3vVPyVClxgciYoq4ACAqKhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZM6OgAAAAAAHQAbAAAYd3d3Lmdvb2dsZS1hbmFseXRpY3MuY29tABcAAP8BAAEAAAoACgAISkoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClKSgABAAAdACB3ZVhMGdknHjr8mYsq4A0iDM3P9MVWSPmKERKJV0rOKQAtAAIBAQArAAsKuroDBAMDAwIDAQAbAAMCAAL6+gABAAAVAMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1010,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289732972740,"flow_src_last_pkt_time":1605289733019850,"flow_dst_last_pkt_time":1605289733019634,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289733019850,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1011,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1605289733006105,"flow_dst_last_pkt_time":1605289733055452,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289733055452,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWkkELYhsjTam+gBALMDa6AAABAQgKwrlrnNZiabM="}
+01300{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1012,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289733006105,"flow_dst_last_pkt_time":1605289733059043,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289733059043,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"assets.pinterest.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+03080{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1017,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289733059060,"flow_dst_last_pkt_time":1605289733060311,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289733060311,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"assets.pinterest.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1023,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1605289733019850,"flow_dst_last_pkt_time":1605289733131664,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289733131664,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbuwRmgG99QLvB6QgBALMFy2AAABAQgKwrlrtVhuYGE="}
+01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1034,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289732972740,"flow_src_last_pkt_time":1605289733019850,"flow_dst_last_pkt_time":1605289733177092,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289733177092,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+02165{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1062,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605289732972740,"flow_src_last_pkt_time":1605289733216831,"flow_dst_last_pkt_time":1605289733216812,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":969,"flow_dst_tot_l4_payload_len":9927,"midstream":0,"thread_ts_usec":1605289733216831,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":15747.2,"max":157269,"stddev":35268.1,"var":1243837184.0,"ent":2.7,"data": [46894,46909,201,112030,45428,0,2,157269,9,5,2935,270,2964,37660,1,0,1100,1,0,32562,12,3,631,955,1,0,0,308,7,3,3]},"pktlen": {"min":72,"avg":413.0,"max":1280,"stddev":486.7,"var":236885.8,"ent":4.1,"data": [80,80,72,589,72,1280,1280,549,72,72,72,136,164,337,72,72,72,652,486,1280,72,72,72,103,1280,1280,1280,1280,72,72,72,72]},"bins": {"c_to_s": [13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0],"entropies": [4.855388165,5.286173344,5.149313450,4.600729942,5.080059052,7.797164440,7.832664490,7.507453918,5.138828754,5.081305504,5.166606903,6.092433929,6.575641632,7.259848118,5.043183804,5.097352505,5.052281380,7.626473904,7.461633682,7.832756042,5.149313450,5.132019997,5.083273411,5.775549889,7.833918095,7.851273537,7.839205742,7.857754707,5.121535778,5.177091122,5.111051083,5.177091122]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
+01967{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1089,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289733287022,"flow_dst_last_pkt_time":1605289733341107,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1151,"flow_dst_tot_l4_payload_len":10308,"midstream":0,"thread_ts_usec":1605289733341107,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":22897.1,"max":135965,"stddev":39614.3,"var":1569289984.0,"ent":3.2,"data": [46509,46553,392,49783,3591,0,52945,10,1267,1,1272,3,2358,266,496,109019,0,0,1,0,1,105909,5,6,6499,35807,111148,135965,1,2,0]},"pktlen": {"min":72,"avg":430.6,"max":1460,"stddev":544.3,"var":296293.8,"ent":4.0,"data": [80,80,72,589,72,1460,1460,72,72,1460,1230,72,72,165,171,338,72,72,330,138,72,570,72,72,72,110,72,210,72,1460,1460,1460]},"bins": {"c_to_s": [9,1,1,1,1,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,6,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,0,1,1,1,1],"entropies": [4.684510231,5.128057957,5.091930866,4.525407314,4.980900764,6.391155720,5.165083408,5.175263882,5.175263882,7.346390247,7.633969307,5.175263882,5.109223843,6.098253250,6.329233170,7.209453583,5.008678436,4.970416069,7.086939812,6.058278084,4.925345421,7.519527912,5.175263882,5.147486210,5.175263882,5.594966412,4.980900764,6.689027309,4.980900764,7.853739262,7.845409870,7.847467899]}}
+03084{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1089,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289733287022,"flow_dst_last_pkt_time":1605289733341107,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1151,"flow_dst_tot_l4_payload_len":10308,"midstream":0,"thread_ts_usec":1605289733341107,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"assets.pinterest.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}}
+00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1124,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733399863,"flow_dst_last_pkt_time":1605289733399863,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289733399863,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1124,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1605289733399863,"flow_dst_last_pkt_time":1605289733399863,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289733399863,"pkt":"qtsDr8lk5EKm5WPyht1gBe6sACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXpunLIBuwBxlgkAAAAAoAL9IKzvAAACBAWgBAIICsW6TI0AAAAAAQMDBw=="}
+00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1125,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1605289733399863,"flow_dst_last_pkt_time":1605289733420828,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289733420828,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdlem4qAcsBIEmLB5kd7IUo3\/YpAbucsmOjoioAcZYKoBJXgB0AAAACBAV4AQMDAwQCCArCuW0jxbpMjQ=="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1126,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_src_last_pkt_time":1605289733420877,"flow_dst_last_pkt_time":1605289733420828,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289733420877,"pkt":"qtsDr8lk5EKm5WPyht1gBe6sACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXpunLIBuwBxlgpjo6IrgBAB+6D8AAABAQgKxbpMosK5bSM="}
+01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1127,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1605289733421383,"flow_dst_last_pkt_time":1605289733420828,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289733421383,"pkt":"qtsDr8lk5EKm5WPyht1gBe6sAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXpunLIBuwBxlgpjo6IrgBgB+675AAABAQgKxbpMo8K5bSMWAwECAAEAAfwDA7uZ92OCVBC1xHN5t0YDziRYjgNrfeva8SX+HQQ5ROpDIGM8p3TwGS60madRKYlLsuurfXOUOAhO6IRjgC5z9cQPACCamhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAGgAYAAAVanMtYWdlbnQubmV3cmVsaWMuY29tABcAAP8BAAEAAAoACgAIqqoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmqqgABAAAdACDbqzY6q3LDK4eXjQESdTDrPCFqSpzdCjXjZG6IpYhacgAtAAIBAQArAAsKmpoDBAMDAwIDAQAbAAMCAAL6+gABAAAVAMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1127,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733421383,"flow_dst_last_pkt_time":1605289733420828,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289733421383,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"js-agent.newrelic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1605289733421383,"flow_dst_last_pkt_time":1605289733457928,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289733457928,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdlem4qAcsBIEmLB5kd7IUo3\/YpAbucsmOjoisAcZgPgBALMJWdAAABAQgKwrltR8W6TKM="}
+01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1129,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733421383,"flow_dst_last_pkt_time":1605289733466833,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605289733466833,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"js-agent.newrelic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+03144{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1135,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733466898,"flow_dst_last_pkt_time":1605289733468841,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5240,"midstream":0,"thread_ts_usec":1605289733468841,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":1,"category":"Media","hostname":"js-agent.newrelic.com","tls": {"version":"TLSv1.2","server_names":"f4.shared.global.fastly.net,*.500px.com,*.500px.net,*.500px.org,*.acceptance.habitat.sh,*.api.swiftype.com,*.art19.com,*.brave.com,*.chef.co,*.chef.io,*.cookpad.com,*.evbstatic.com,*.eventbrite.com,*.experiencepoint.com,*.fs.pastbook.com,*.fs.quploads.com,*.ftcdn.net,*.fubo.tv,*.getchef.com,*.githash.fubo.tv,*.habitat.sh,*.inspec.io,*.issuu.com,*.isu.pub,*.jimdo-dev-staging.com,*.jimdo-stable-staging.com,*.lulus.com,*.mansion-market.com,*.marfeel.com,*.massrel.io,*.meetu.ps,*.meetup.com,*.meetupstatic.com,*.newrelic.com,*.opscode.com,*.perimeterx.net,*.production.cdn.art19.com,*.staging.art19.com,*.staging.cdn.art19.com,*.swiftype.com,*.tissuu.com,*.video.franklyinc.com,*.wikihow.com,*.worldnow.com,500px.com,500px.net,500px.org,a1.awin1.com,acceptance.habitat.sh,api.swiftype.com,app.birchbox.com,app.staging.birchbox.com,app.staging.birchbox.es,art19.com,brave.com,cdn-f.adsmoloco.com,cdn.evbuc.com,cdn.polyfills.io,chef.co,chef.io,content.gamefuel.info,evbuc.com,experiencepoint.com,fast.appcues.com,fast.wistia.com,fast.wistia.net,fast.wistia.st,fubo.tv,getchef.com,githash.fubo.tv,habitat.sh,hbbtv.6play.fr,houstontexans.com,insight.atpi.com,inspec.io,jimdo-dev-staging.com,jimdo-stable-staging.com,link.sg.booking.com,mansion-market.com,media.bunited.com,meetu.ps,meetup.com,meetupstatic.com,onairhls.malimarcdn.net,opscode.com,perimeterx.net,polyfill.webservices.ft.com,qa.polyfills.io,raiders.com,s.sg.booking.com,s.swiftypecdn.com,static.birchbox.com,swiftype.com,viverepiusani.it,wikihow.com,wistia.com,www.dwin2.com,www.houstontexans.com,www.raiders.com,www.wada-ama.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f4.shared.global.fastly.net","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"BE:28:82:77:5B:06:41:1F:70:84:BD:A4:B9:FB:F0:BC:B1:B5:E3:A0"}}}
+01963{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1155,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733500742,"flow_dst_last_pkt_time":1605289733511200,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":8749,"midstream":0,"thread_ts_usec":1605289733511200,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":6845.7,"max":45476,"stddev":12150.2,"var":147627232.0,"ent":3.2,"data": [20965,21014,506,37100,8905,1,45476,39,2004,2,1,1,1959,29,12,7,90,33,7803,454,394,31006,1,387,1,22756,38,359,8296,2575,2]},"pktlen": {"min":72,"avg":377.7,"max":1120,"stddev":441.2,"var":194656.5,"ent":4.1,"data": [80,80,72,589,72,1120,1120,72,72,1120,1120,1120,1120,72,72,72,72,113,72,165,171,342,72,72,330,138,72,72,110,72,1120,1120]},"bins": {"c_to_s": [11,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,0,0,0,1,1,1],"entropies": [4.809510231,5.143908501,5.203041553,4.540377140,5.064233780,6.870509624,5.058271885,5.230819225,5.230819225,6.720662117,7.193079948,7.346520901,7.621092319,5.230819225,5.137001038,5.203041553,5.175263882,5.649272442,5.175263405,6.019917488,6.380431175,7.094295502,5.064233780,5.064233780,7.049797535,6.150704861,5.203041077,5.203041553,5.667691708,5.008678436,7.799199581,7.796170235]}}
+03147{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1155,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733500742,"flow_dst_last_pkt_time":1605289733511200,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":8749,"midstream":0,"thread_ts_usec":1605289733511200,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":1,"category":"Media","hostname":"js-agent.newrelic.com","tls": {"version":"TLSv1.2","server_names":"f4.shared.global.fastly.net,*.500px.com,*.500px.net,*.500px.org,*.acceptance.habitat.sh,*.api.swiftype.com,*.art19.com,*.brave.com,*.chef.co,*.chef.io,*.cookpad.com,*.evbstatic.com,*.eventbrite.com,*.experiencepoint.com,*.fs.pastbook.com,*.fs.quploads.com,*.ftcdn.net,*.fubo.tv,*.getchef.com,*.githash.fubo.tv,*.habitat.sh,*.inspec.io,*.issuu.com,*.isu.pub,*.jimdo-dev-staging.com,*.jimdo-stable-staging.com,*.lulus.com,*.mansion-market.com,*.marfeel.com,*.massrel.io,*.meetu.ps,*.meetup.com,*.meetupstatic.com,*.newrelic.com,*.opscode.com,*.perimeterx.net,*.production.cdn.art19.com,*.staging.art19.com,*.staging.cdn.art19.com,*.swiftype.com,*.tissuu.com,*.video.franklyinc.com,*.wikihow.com,*.worldnow.com,500px.com,500px.net,500px.org,a1.awin1.com,acceptance.habitat.sh,api.swiftype.com,app.birchbox.com,app.staging.birchbox.com,app.staging.birchbox.es,art19.com,brave.com,cdn-f.adsmoloco.com,cdn.evbuc.com,cdn.polyfills.io,chef.co,chef.io,content.gamefuel.info,evbuc.com,experiencepoint.com,fast.appcues.com,fast.wistia.com,fast.wistia.net,fast.wistia.st,fubo.tv,getchef.com,githash.fubo.tv,habitat.sh,hbbtv.6play.fr,houstontexans.com,insight.atpi.com,inspec.io,jimdo-dev-staging.com,jimdo-stable-staging.com,link.sg.booking.com,mansion-market.com,media.bunited.com,meetu.ps,meetup.com,meetupstatic.com,onairhls.malimarcdn.net,opscode.com,perimeterx.net,polyfill.webservices.ft.com,qa.polyfills.io,raiders.com,s.sg.booking.com,s.swiftypecdn.com,static.birchbox.com,swiftype.com,viverepiusani.it,wikihow.com,wistia.com,www.dwin2.com,www.houstontexans.com,www.raiders.com,www.wada-ama.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f4.shared.global.fastly.net","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"BE:28:82:77:5B:06:41:1F:70:84:BD:A4:B9:FB:F0:BC:B1:B5:E3:A0"}}}
+00941{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289712203025,"flow_src_last_pkt_time":1605289712203025,"flow_dst_last_pkt_time":1605289712420176,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:807::200a","src_port":40876,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289712203025,"flow_src_last_pkt_time":1605289712203025,"flow_dst_last_pkt_time":1605289712420176,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:807::200a","src_port":40876,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":21,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289715028550,"flow_dst_last_pkt_time":1605289715083530,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1817,"flow_dst_tot_l4_payload_len":6047,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":52,"flow_dst_packets_processed":74,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289731068178,"flow_dst_last_pkt_time":1605289731068352,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2450,"flow_src_tot_l4_payload_len":1960,"flow_dst_tot_l4_payload_len":47763,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":35,"flow_first_seen":1605289732972740,"flow_src_last_pkt_time":1605289733369116,"flow_dst_last_pkt_time":1605289733399291,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1420,"flow_dst_tot_l4_payload_len":23429,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
+00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":26,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733513603,"flow_dst_last_pkt_time":1605289733529878,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":17914,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":1,"category":"Media"}}
+00942{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289726574867,"flow_src_last_pkt_time":1605289726574867,"flow_dst_last_pkt_time":1605289726621964,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289726574867,"flow_src_last_pkt_time":1605289726574867,"flow_dst_last_pkt_time":1605289726621964,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00942{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347032,"flow_src_last_pkt_time":1605289718347032,"flow_dst_last_pkt_time":1605289718378828,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347032,"flow_src_last_pkt_time":1605289718347032,"flow_dst_last_pkt_time":1605289718378828,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1605289715133578,"flow_src_last_pkt_time":1605289715291964,"flow_dst_last_pkt_time":1605289715335666,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":987,"flow_dst_tot_l4_payload_len":3695,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289720502835,"flow_src_last_pkt_time":1605289720502835,"flow_dst_last_pkt_time":1605289720592524,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289720502835,"flow_src_last_pkt_time":1605289720502835,"flow_dst_last_pkt_time":1605289720592524,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289722610839,"flow_src_last_pkt_time":1605289722610839,"flow_dst_last_pkt_time":1605289722642415,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289722610839,"flow_src_last_pkt_time":1605289722610839,"flow_dst_last_pkt_time":1605289722642415,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":33,"flow_first_seen":1605289716168715,"flow_src_last_pkt_time":1605289716200922,"flow_dst_last_pkt_time":1605289716373420,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":31865,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00942{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289726582828,"flow_src_last_pkt_time":1605289726582828,"flow_dst_last_pkt_time":1605289726637788,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289726582828,"flow_src_last_pkt_time":1605289726582828,"flow_dst_last_pkt_time":1605289726637788,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":43,"flow_first_seen":1605289715274358,"flow_src_last_pkt_time":1605289715612656,"flow_dst_last_pkt_time":1605289715612650,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":12420,"flow_src_tot_l4_payload_len":1347,"flow_dst_tot_l4_payload_len":65670,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718346936,"flow_src_last_pkt_time":1605289718346936,"flow_dst_last_pkt_time":1605289718372054,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718346936,"flow_src_last_pkt_time":1605289718346936,"flow_dst_last_pkt_time":1605289718372054,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":21,"flow_first_seen":1605289714142423,"flow_src_last_pkt_time":1605289714260622,"flow_dst_last_pkt_time":1605289714262914,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":954,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":2837,"flow_dst_tot_l4_payload_len":16750,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
+00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1605289714142533,"flow_src_last_pkt_time":1605289714258503,"flow_dst_last_pkt_time":1605289714258482,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1605289714142600,"flow_src_last_pkt_time":1605289714259836,"flow_dst_last_pkt_time":1605289714259806,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1605289714142665,"flow_src_last_pkt_time":1605289714258112,"flow_dst_last_pkt_time":1605289714258039,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1605289714142728,"flow_src_last_pkt_time":1605289714258540,"flow_dst_last_pkt_time":1605289714258483,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1605289714142790,"flow_src_last_pkt_time":1605289714259884,"flow_dst_last_pkt_time":1605289714259808,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":29,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289733342911,"flow_dst_last_pkt_time":1605289733342856,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1151,"flow_dst_tot_l4_payload_len":25827,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
+01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":30,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289733369025,"flow_dst_last_pkt_time":1605289733391818,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1665,"flow_dst_tot_l4_payload_len":4693,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":17,"flow_first_seen":1605289714782619,"flow_src_last_pkt_time":1605289714903101,"flow_dst_last_pkt_time":1605289714903940,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1077,"flow_dst_tot_l4_payload_len":13949,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":1,"category":"Media"}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289714251006,"flow_src_last_pkt_time":1605289714251006,"flow_dst_last_pkt_time":1605289714288932,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:13e2","src_port":34626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00791{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289714251006,"flow_src_last_pkt_time":1605289714251006,"flow_dst_last_pkt_time":1605289714288932,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:13e2","src_port":34626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00942{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347050,"flow_src_last_pkt_time":1605289718347050,"flow_dst_last_pkt_time":1605289718378828,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347050,"flow_src_last_pkt_time":1605289718347050,"flow_dst_last_pkt_time":1605289718378828,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":76,"flow_first_seen":1605289715221747,"flow_src_last_pkt_time":1605289715710408,"flow_dst_last_pkt_time":1605289715740902,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":16912,"flow_src_tot_l4_payload_len":1197,"flow_dst_tot_l4_payload_len":131805,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289714250965,"flow_src_last_pkt_time":1605289714250965,"flow_dst_last_pkt_time":1605289714281312,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00791{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289714250965,"flow_src_last_pkt_time":1605289714250965,"flow_dst_last_pkt_time":1605289714281312,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289710318889,"flow_src_last_pkt_time":1605289710318889,"flow_dst_last_pkt_time":1605289710576735,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289710318889,"flow_src_last_pkt_time":1605289710318889,"flow_dst_last_pkt_time":1605289710576735,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00942{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289714250997,"flow_src_last_pkt_time":1605289714250997,"flow_dst_last_pkt_time":1605289714288930,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289714250997,"flow_src_last_pkt_time":1605289714250997,"flow_dst_last_pkt_time":1605289714288930,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":73,"flow_dst_packets_processed":98,"flow_first_seen":1605289715782853,"flow_src_last_pkt_time":1605289724655124,"flow_dst_last_pkt_time":1605289724655056,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":599,"flow_dst_max_l4_payload_len":12420,"flow_src_tot_l4_payload_len":3465,"flow_dst_tot_l4_payload_len":146662,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
+01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":20,"flow_first_seen":1605289713743557,"flow_src_last_pkt_time":1605289713845515,"flow_dst_last_pkt_time":1605289714059635,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1112,"flow_dst_tot_l4_payload_len":11154,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
+01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714873042,"flow_dst_last_pkt_time":1605289714873010,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1043,"flow_dst_tot_l4_payload_len":6264,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
+00942{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289728586992,"flow_src_last_pkt_time":1605289728586992,"flow_dst_last_pkt_time":1605289728804556,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289728586992,"flow_src_last_pkt_time":1605289728586992,"flow_dst_last_pkt_time":1605289728804556,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":64,"flow_first_seen":1605289714590794,"flow_src_last_pkt_time":1605289716450552,"flow_dst_last_pkt_time":1605289716476438,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":7739,"flow_dst_tot_l4_payload_len":31241,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00942{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289728586958,"flow_src_last_pkt_time":1605289728586958,"flow_dst_last_pkt_time":1605289728804207,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289728586958,"flow_src_last_pkt_time":1605289728586958,"flow_dst_last_pkt_time":1605289728804207,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00942{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347065,"flow_src_last_pkt_time":1605289718347065,"flow_dst_last_pkt_time":1605289718378827,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347065,"flow_src_last_pkt_time":1605289718347065,"flow_dst_last_pkt_time":1605289718378827,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289722442860,"flow_src_last_pkt_time":1605289722442860,"flow_dst_last_pkt_time":1605289722621701,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289722442860,"flow_src_last_pkt_time":1605289722442860,"flow_dst_last_pkt_time":1605289722621701,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00575{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1171,"source":"pinterest.pcap","alias":"nDPId-test","packets-captured":1171,"packets-processed":1171,"total-skipped-flows":0,"total-l4-payload-len":644077,"total-not-detected-flows":0,"total-guessed-flows":16,"total-detected-flows":21,"total-detection-updates":36,"total-updates":0,"current-active-flows":0,"total-active-flows":37,"total-idle-flows":37,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":302,"global_ts_usec":1605289733529878}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
-~~ packets captured/processed: 17657/17657
+~~ packets captured/processed: 1171/1171
 ~~ skipped flows.............: 0
-~~ total layer4 data length..: 26490343 bytes
+~~ total layer4 data length..: 644077 bytes
 ~~ total detected protocols..: 21
 ~~ total active/idle flows...: 37/37
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 8061468 bytes
-~~ total memory freed........: 8061468 bytes
-~~ total allocations/frees...: 141732/141732
+~~ total memory allocated....: 7588567 bytes
+~~ total memory freed........: 7588567 bytes
+~~ total allocations/frees...: 125256/125256
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 494 chars
-~~ json string max len.......: 3511 chars
+~~ json string max len.......: 3510 chars
 ~~ json string avg len.......: 2002 chars
diff --git a/test/results/pluralsight.pcap.out b/test/results/pluralsight.pcap.out
index e67985ef8..407c1bc09 100644
--- a/test/results/pluralsight.pcap.out
+++ b/test/results/pluralsight.pcap.out
@@ -65,9 +65,9 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6480368 bytes
-~~ total memory freed........: 6480368 bytes
-~~ total allocations/frees...: 122591/122591
+~~ total memory allocated....: 6485313 bytes
+~~ total memory freed........: 6485313 bytes
+~~ total allocations/frees...: 122601/122601
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 496 chars
 ~~ json string max len.......: 2485 chars
diff --git a/test/results/pop3.pcap.out b/test/results/pop3.pcap.out
index 11937ecc6..1963724d6 100644
--- a/test/results/pop3.pcap.out
+++ b/test/results/pop3.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414736 bytes
-~~ total memory freed........: 6414736 bytes
-~~ total allocations/frees...: 122469/122469
+~~ total memory allocated....: 6419641 bytes
+~~ total memory freed........: 6419641 bytes
+~~ total allocations/frees...: 122479/122479
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 1102 chars
diff --git a/test/results/pop3_stls.pcap.out b/test/results/pop3_stls.pcap.out
index df56f8190..3995fc236 100644
--- a/test/results/pop3_stls.pcap.out
+++ b/test/results/pop3_stls.pcap.out
@@ -22,9 +22,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6431569 bytes
-~~ total memory freed........: 6431569 bytes
-~~ total allocations/frees...: 122501/122501
+~~ total memory allocated....: 6436474 bytes
+~~ total memory freed........: 6436474 bytes
+~~ total allocations/frees...: 122511/122511
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 493 chars
 ~~ json string max len.......: 2001 chars
diff --git a/test/results/pops.pcapng.out b/test/results/pops.pcapng.out
index 47a146fe9..428ac28d0 100644
--- a/test/results/pops.pcapng.out
+++ b/test/results/pops.pcapng.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6418418 bytes
-~~ total memory freed........: 6418418 bytes
-~~ total allocations/frees...: 122445/122445
+~~ total memory allocated....: 6423323 bytes
+~~ total memory freed........: 6423323 bytes
+~~ total allocations/frees...: 122455/122455
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 2190 chars
diff --git a/test/results/pps.pcap.out b/test/results/pps.pcap.out
index 8559863a2..a1a246f78 100644
--- a/test/results/pps.pcap.out
+++ b/test/results/pps.pcap.out
@@ -58,6 +58,7 @@
 00852{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":725,"source":"pps.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":24,"flow_dst_packets_processed":8,"flow_first_seen":1467353136440165,"flow_src_last_pkt_time":1467353136804834,"flow_dst_last_pkt_time":1467353136804280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":1065,"flow_src_tot_l4_payload_len":888,"flow_dst_tot_l4_payload_len":8520,"midstream":0,"thread_ts_usec":1467353136804834,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"219.228.107.156","src_port":22793,"dst_port":1250,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":765,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833095,"flow_src_last_pkt_time":1467353136833095,"flow_dst_last_pkt_time":1467353136833095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136833095,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1467353136833095,"flow_dst_last_pkt_time":1467353136833095,"flow_idle_time":200000000,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1467353136833095,"pkt":"TF4M6gNlABxCjnAxCABFAACIADsAAIARBNXAqHMI2j0nZ1kJRXwAdM6LbABEsXEiUCg6x2bnNgAAAQADAAAAwKhzCAlZCtIsqwEGdAZ0b\/pmQpw8UwQ938xDXiteKyTtmkXcENwQJOknUZ5InkhvdWVRsieyJz3jqlgDTwNPynAfWaJVkHF5+IVd1THVMQGvgGhBFEEU"}
+00907{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":765,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833095,"flow_src_last_pkt_time":1467353136833095,"flow_dst_last_pkt_time":1467353136833095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136833095,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":766,"source":"pps.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833300,"flow_src_last_pkt_time":1467353136833300,"flow_dst_last_pkt_time":1467353136833300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136833300,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.171.1","src_port":22793,"dst_port":29702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"pps.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1467353136833300,"flow_dst_last_pkt_time":1467353136833300,"flow_idle_time":200000000,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1467353136833300,"pkt":"TF4M6gNlABxCjnAxCABFAAA0ADwAAIARiZ7AqHMI0iyrAVkJdAYAIJjSFYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
 00756{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":767,"source":"pps.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833392,"flow_src_last_pkt_time":1467353136833392,"flow_dst_last_pkt_time":1467353136833392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136833392,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.250.102.66","src_port":22793,"dst_port":1107,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -115,6 +116,7 @@
 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"pps.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1467353136836552,"flow_dst_last_pkt_time":1467353136835425,"flow_idle_time":200000000,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"thread_ts_usec":1467353136836552,"pkt":"TF4M6gNlABxCjnAxCABFAACwAE4AAIARA3zAqHMIcimQmVkJKPwAnKXdWYAdDAwuflZsq80qHB0d4ujhuC\/oo6FIkiga8TBMVS4Tp83Nzc3NwMDDw8PDwsLC+Pj4+NjY2JiMjJDSXCwdWxzAmgFq3X\/9zU6MtBnZcQIKHhw9Oj4+NDQ0NDQ0ERAK8vLy8vDw8PDw8PPzJfVMtrYO1WWhbcXFCaFsiYlF7c3lANbQu6q159DFAFA7BwEAAAAAAA=="}
 00756{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":805,"source":"pps.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136836991,"flow_src_last_pkt_time":1467353136836991,"flow_dst_last_pkt_time":1467353136836991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136836991,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"pps.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1467353136836991,"flow_dst_last_pkt_time":1467353136836991,"flow_idle_time":200000000,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1467353136836991,"pkt":"TF4M6gNlABxCjnAxCABFAABQAE8AAIARqA3AqHMItz2nUlkJRXwAPIb+NABEsXHrELXWDJoXvQAAAQACAAAAwKhzCAlZA9IvDBPKg8qD0i8MFMqDyoNyL1uBMFgwWA=="}
+00904{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"pps.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136836991,"flow_src_last_pkt_time":1467353136836991,"flow_dst_last_pkt_time":1467353136836991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136836991,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":806,"source":"pps.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837135,"flow_src_last_pkt_time":1467353136837135,"flow_dst_last_pkt_time":1467353136837135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136837135,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.19","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":806,"source":"pps.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1467353136837135,"flow_dst_last_pkt_time":1467353136837135,"flow_idle_time":200000000,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1467353136837135,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AFAAAIARKHbAqHMI0i8ME1kJg8oAIH8VFYBREBD7616IhB4JtLS0tbW85SWN\/vYN"}
 00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":807,"source":"pps.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837248,"flow_src_last_pkt_time":1467353136837248,"flow_dst_last_pkt_time":1467353136837248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136837248,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.20","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -130,10 +132,13 @@
 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":814,"source":"pps.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1467353136837566,"flow_dst_last_pkt_time":1467353136837566,"flow_idle_time":200000000,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1467353136837566,"pkt":"TF4M6gNlABxCjnAxCABFAABJAFMAAIARkAbAqHMI3IKaF1kJjGUANbV3LYBpf3+UhDHn63Fm29raJCQtdHV9SUi43d3d0dGxsfr+\/v5V\/5XV18\/Pz6cA"}
 00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":815,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837852,"flow_src_last_pkt_time":1467353136837852,"flow_dst_last_pkt_time":1467353136837852,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136837852,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1467353136837852,"flow_dst_last_pkt_time":1467353136837852,"flow_idle_time":200000000,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1467353136837852,"pkt":"TF4M6gNlABxCjnAxCABFAAB0AFQAAIARBODAqHMI2j0nV1kJRXwAYC8EWABVcnEAAAAAx2bnNgcAAAAAAAAAFJfHSwLp2roy68F8GXs9tGoAAAAAGAAAAAYAAAANKAICAAAAAwAYAMCocwgJWRcAAAsKAAAAAAAlAfAI8dQdAAAAAA=="}
+00903{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":815,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837852,"flow_src_last_pkt_time":1467353136837852,"flow_dst_last_pkt_time":1467353136837852,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136837852,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":816,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838051,"flow_src_last_pkt_time":1467353136838051,"flow_dst_last_pkt_time":1467353136838051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136838051,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":816,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1467353136838051,"flow_dst_last_pkt_time":1467353136838051,"flow_idle_time":200000000,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1467353136838051,"pkt":"TF4M6gNlABxCjnAxCABFAAB0AFUAAIARCQHAqHMId7yFtlkJRXwAYCbMWABVcnEAAAAA4pCy\/AcAAAAAAAAAFAQbslmKl2DoSDdZBZ9sSucAAAAAAAAAAAYIAAANKAICAAAADQAYAMCocwgJWRcAABIKAAAAAAAlAcgIZPMJAAAAAA=="}
+00906{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":816,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838051,"flow_src_last_pkt_time":1467353136838051,"flow_dst_last_pkt_time":1467353136838051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136838051,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":817,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838171,"flow_src_last_pkt_time":1467353136838171,"flow_dst_last_pkt_time":1467353136838171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136838171,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":817,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1467353136838171,"flow_dst_last_pkt_time":1467353136838171,"flow_idle_time":200000000,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1467353136838171,"pkt":"TF4M6gNlABxCjnAxCABFAAB0AFYAAIARp8zAqHMItz2naFkJRXwAYEeGWABVcnEAAAAAyMXU\/wcAAAAAAAAAFADpSP+bPHc9KoW3YGEXtKMAAAAAAAAAAAYIAAANKAIBAAAACAAYAMCocwgJWRcAACUKAAAAAAAlActw35cdAAAAAA=="}
+00905{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":817,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838171,"flow_src_last_pkt_time":1467353136838171,"flow_dst_last_pkt_time":1467353136838171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136838171,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":818,"source":"pps.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1467353136838372,"flow_dst_last_pkt_time":1467353136837566,"flow_idle_time":200000000,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1467353136838372,"pkt":"TF4M6gNlABxCjnAxCABFAABJAFMAAIARkAbAqHMI3IKaF1kJjGUANbV3LYBpf3+UhDHn63Fm29raJCQtdHV9SUi43d3d0dGxsfr+\/v5V\/5XV18\/Pz6cA"}
 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136837852,"flow_idle_time":200000000,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1467353136838373,"pkt":"TF4M6gNlABxCjnAxCABFAAB0AFQAAIARBODAqHMI2j0nV1kJRXwAYC8EWABVcnEAAAAAx2bnNgcAAAAAAAAAFJfHSwLp2roy68F8GXs9tGoAAAAAGAAAAAYAAAANKAICAAAAAwAYAMCocwgJWRcAAAsKAAAAAAAlAfAI8dQdAAAAAA=="}
 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136838051,"flow_idle_time":200000000,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1467353136838373,"pkt":"TF4M6gNlABxCjnAxCABFAAB0AFUAAIARCQHAqHMId7yFtlkJRXwAYCbMWABVcnEAAAAA4pCy\/AcAAAAAAAAAFAQbslmKl2DoSDdZBZ9sSucAAAAAAAAAAAYIAAANKAICAAAADQAYAMCocwgJWRcAABIKAAAAAAAlAcgIZPMJAAAAAA=="}
@@ -196,7 +201,7 @@
 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1023,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1467353142534251,"flow_dst_last_pkt_time":1467353142600485,"flow_idle_time":3285032704,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353142600485,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5KWdAADMGEM\/KbA7swKhzCABQxSeRl6b7geube1AYACTHuAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQyIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1024,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353144633895,"flow_src_last_pkt_time":1467353144633895,"flow_dst_last_pkt_time":1467353144633895,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":293,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":293,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":293,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353144633895,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1024,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1467353144633895,"flow_dst_last_pkt_time":1467353144633895,"flow_idle_time":3285032704,"pkt_caplen":347,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":347,"pkt_l4_len":313,"thread_ts_usec":1467353144633895,"pkt":"ABxCjnAxTF4M6gNlCABFAAFNZb1AADAG6WZ1T1GHwKhzCABQxQsUvd5l87WhOFAYAA4qLgAASFRUUC8xLjEgMzAyIEZvdW5kDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjMzIEdNVA0KQ29udGVudC1MZW5ndGg6IDANCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClNldC1Db29raWU6IFY9NjY5Mzg1MTYxNTg4NTA0OTAxMTsgRG9tYWluPW1sdDAxLmNvbTsgRXhwaXJlcz1TYXQsIDAxLUp1bC0yMDE3IDA2OjA1OjM3IEdNVDsgUGF0aD0vDQpMb2NhdGlvbjogaHR0cDovL2NtYy50YW54LmNvbS9hbmRjP2FuZGNfdWlkPTY2OTM4NTE2MTU4ODUwNDkwMTEmYW5kY192ZXI9MQ0KDQo="}
-00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1024,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353144633895,"flow_src_last_pkt_time":1467353144633895,"flow_dst_last_pkt_time":1467353144633895,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":293,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":293,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":293,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353144633895,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01056{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1024,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353144633895,"flow_src_last_pkt_time":1467353144633895,"flow_dst_last_pkt_time":1467353144633895,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":293,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":293,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":293,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353144633895,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1025,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353144819974,"flow_src_last_pkt_time":1467353144819974,"flow_dst_last_pkt_time":1467353144819974,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":390,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":390,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":390,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353144819974,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01009{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1025,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1467353144819974,"flow_dst_last_pkt_time":1467353144819974,"flow_idle_time":3285032704,"pkt_caplen":444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":444,"pkt_l4_len":410,"thread_ts_usec":1467353144819974,"pkt":"TF4M6gNlABxCjnAxCABFAAGuBX9AAIAGQAzAqHMIjM3zQMUyAFBCtQhgUXsfllAYQTeurQAAR0VUIC9hbmRjP2FuZGNfdWlkPTY2OTM4NTE2MTU4ODUwNDkwMTEmYW5kY192ZXI9MSBIVFRQLzEuMQ0KQWNjZXB0OiAqLyoNClJlZmVyZXI6IGh0dHA6Ly9pbWFnZTEud2Vic2NhY2hlLmNvbS92b2RndWlkZS9pbWFnZXMvdGFvYmFvYWQvdGFvYmFvL3Rhb2Jhby5odG1sDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLVRXDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNS4wKQ0KQ29va2llOiBjbmE9L2NBSER3UTFtMndDQVhhakNGbzBCbmxmOyBjbmF1aT0xOTgzMTU5NDkzDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiBjbWMudGFueC5jb20NCg0K"}
 01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1025,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353144819974,"flow_src_last_pkt_time":1467353144819974,"flow_dst_last_pkt_time":1467353144819974,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":390,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":390,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":390,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353144819974,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cmc.tanx.com","http": {"url":"cmc.tanx.com\/andc?andc_uid=6693851615885049011&andc_ver=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)","detected_os":"Windows 7"}}}
@@ -355,18 +360,18 @@
 00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834770,"flow_src_last_pkt_time":1467353136835528,"flow_dst_last_pkt_time":1467353136834770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.37.142.173","src_port":22793,"dst_port":1074,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00893{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":11,"flow_first_seen":1467353136440165,"flow_src_last_pkt_time":1467353136952179,"flow_dst_last_pkt_time":1467353136908132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":1065,"flow_src_tot_l4_payload_len":1258,"flow_dst_tot_l4_payload_len":11715,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"219.228.107.156","src_port":22793,"dst_port":1250,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833940,"flow_src_last_pkt_time":1467353136834570,"flow_dst_last_pkt_time":1467353136833940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.233.39.81","src_port":22793,"dst_port":18590,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00763{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838051,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136838051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00949{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838051,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136838051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834125,"flow_src_last_pkt_time":1467353136834570,"flow_dst_last_pkt_time":1467353136834125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.227.170.88","src_port":22793,"dst_port":20227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00761{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834293,"flow_src_last_pkt_time":1467353136834571,"flow_dst_last_pkt_time":1467353136834293,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"121.248.133.93","src_port":22793,"dst_port":12757,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834211,"flow_src_last_pkt_time":1467353136834571,"flow_dst_last_pkt_time":1467353136834211,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.112.31.89","src_port":22793,"dst_port":29072,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00763{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1467353136835425,"flow_src_last_pkt_time":1467353136837502,"flow_dst_last_pkt_time":1467353136835425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":344,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.41.144.153","src_port":22793,"dst_port":10492,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833527,"flow_src_last_pkt_time":1467353136833582,"flow_dst_last_pkt_time":1467353136833527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.223.204.67","src_port":22793,"dst_port":11102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00762{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1467353136483217,"flow_src_last_pkt_time":1467353136483217,"flow_dst_last_pkt_time":1467353136483605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":43,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":86,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"183.228.182.44","dst_ip":"192.168.115.8","src_port":13913,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00761{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136836991,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136836991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00762{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838171,"flow_src_last_pkt_time":1467353136838374,"flow_dst_last_pkt_time":1467353136838171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00947{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136836991,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136836991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838171,"flow_src_last_pkt_time":1467353136838374,"flow_dst_last_pkt_time":1467353136838171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834375,"flow_src_last_pkt_time":1467353136834571,"flow_dst_last_pkt_time":1467353136834375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.175.128.104","src_port":22793,"dst_port":5185,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00763{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833095,"flow_src_last_pkt_time":1467353136833580,"flow_dst_last_pkt_time":1467353136833095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837852,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136837852,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00949{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833095,"flow_src_last_pkt_time":1467353136833580,"flow_dst_last_pkt_time":1467353136833095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
+00946{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837852,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136837852,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837135,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136837135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.19","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837248,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136837248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.20","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00761{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834031,"flow_src_last_pkt_time":1467353136834570,"flow_dst_last_pkt_time":1467353136834031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353188055799,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.117.101.81","src_port":22793,"dst_port":10162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -401,10 +406,10 @@
 01137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1401,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":5,"flow_src_last_pkt_time":1467353190062486,"flow_dst_last_pkt_time":1467353189784236,"flow_idle_time":200000000,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"thread_ts_usec":1467353190062486,"pkt":"AQBef\/\/6cBiLE+IdCABFAAILI6kAAAER3nDAqAUm7\/\/\/+gdsB2wB92DxTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29udGVudERpcmVjdG9yeToxDQpOVFM6c3NkcDphbGl2ZQ0KTG9jYXRpb246aHR0cDovLzE5Mi4xNjguNS4zODoyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0DQpVU046dXVpZDoyZjY4OGVjZS1jMGIxLTQxMDQtYjllNS1jYmNlZTUwM2U2YjQ6OnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29udGVudERpcmVjdG9yeToxDQpDYWNoZS1Db250cm9sOm1heC1hZ2U9OTAwDQpTZXJ2ZXI6TWljcm9zb2Z0LVdpbmRvd3MvNi4yIFVQblAvMS4wIFVQblAtRGV2aWNlLUhvc3QvMS4wDQpPUFQ6Imh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7IG5zPTAxDQowMS1OTFM6MDAyODViYzNjM2JhMjA3MDA3ZTFjM2I3NjIxYzg0NzYNCg0K"}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1402,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190110976,"flow_src_last_pkt_time":1467353190110976,"flow_dst_last_pkt_time":1467353190110976,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353190110976,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1402,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_src_last_pkt_time":1467353190110976,"flow_dst_last_pkt_time":1467353190110976,"flow_idle_time":3285032704,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353190110976,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5kJVAADMGqbHKbA7bwKhzCABQxUpzStvEq5YvP1AYADaqqAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1402,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190110976,"flow_src_last_pkt_time":1467353190110976,"flow_dst_last_pkt_time":1467353190110976,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353190110976,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1402,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190110976,"flow_src_last_pkt_time":1467353190110976,"flow_dst_last_pkt_time":1467353190110976,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353190110976,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1404,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190168494,"flow_src_last_pkt_time":1467353190168494,"flow_dst_last_pkt_time":1467353190168494,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353190168494,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1404,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_src_last_pkt_time":1467353190168494,"flow_dst_last_pkt_time":1467353190168494,"flow_idle_time":3285032704,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353190168494,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5FPRAADMGJVPKbA7bwKhzCABQxHdtLPipvNGQx1AYAMQhYwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190168494,"flow_src_last_pkt_time":1467353190168494,"flow_dst_last_pkt_time":1467353190168494,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353190168494,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190168494,"flow_src_last_pkt_time":1467353190168494,"flow_dst_last_pkt_time":1467353190168494,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353190168494,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1405,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_src_last_pkt_time":1467353190178778,"flow_dst_last_pkt_time":1467353187172929,"flow_idle_time":200000000,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1467353190178778,"pkt":"AQBef\/\/6jHNut5ODCABFAAChAlEAAAERAT3AqAUc7\/\/\/+up3B2wAjbFHTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_src_last_pkt_time":1467353190235492,"flow_dst_last_pkt_time":1467353190168494,"flow_idle_time":3285032704,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353190235492,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5FPVAADMGJVLKbA7bwKhzCABQxHdtLPk6vNGSM1AYANYfVAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190634365,"flow_src_last_pkt_time":1467353190634365,"flow_dst_last_pkt_time":1467353190634365,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353190634365,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -510,9 +515,9 @@
 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2549,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":5,"flow_src_last_pkt_time":1467353201861524,"flow_dst_last_pkt_time":1467353189820488,"flow_idle_time":200000000,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1467353201861524,"pkt":"AQBef\/\/6SNIkYwreCABFAAChDlEAAAER9S\/AqAUp7\/\/\/+sTGB2wAjdbrTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
 00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202192448,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":154,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353202192448,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_src_last_pkt_time":1467353202192448,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":3285032704,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_usec":1467353202192448,"pkt":"ABxCjnAxTF4M6gNlCABFKADCuCpAADIG5SVN6ikjwKhzCABQwBY\/zyZ9xn1A6VAYAAIAJQAASFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtY29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQoNCg=="}
-01055{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202192448,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":154,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353202192448,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"","http": {}}}
+01170{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202192448,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":154,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353202192448,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"","http": {}}}
 02196{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2551,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_src_last_pkt_time":1467353202192450,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":3285032704,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1467353202192450,"pkt":"ABxCjnAxTF4M6gNlCABFKAUUuCtAADIG4NJN6ikjwKhzCABQwBY\/zycXxn1A6VAQAAL1DgAAMjINCgMgCKAEEgH\/MhgIBBDmzNlDGIAKIJuhw6jaKiibocOo2ioNCjllMw0KCuATQVNVIVZQU3oDMAYWRgAAAIAJAACTCQAAeNolVXk01V0bfe51iZApMpZ5zjznco0JmeKSIVNeQzKWkDi4Ggwp6UWG1xCxylQRmd6EyCykZKZ0QwiR4vt933fWOuv8cdbZZ5\/9PPvsM3aGIkkMAEZWqjKV8P\/xCJtSB\/NfKOBwomAIFoTLeF+yLcHOykHRDpzBBXxpwIr2Eh5YEZ6EJCLl8EBQxQO\/OhBpYJqkQwMkvZMEQQA3f4Kc7yWvi\/jwS+HAHykF2jRQpasDRv9DcaOBVd0wDIWCO8DvhxfF8YuBBJwikABIjuCE3RKUjAuHSOCNFAIREAUxUMADmUQDQIgCRPgvVUt9JRlWbNXtK5OpsKHJ8J4LK+EyngYrIxUZVhyAmg4FaJkIoGZU33trc5hjTzGJTtUKB9Mx+T3dfmPXIoQ26EABICX6SsW7hX2KlFgnEwnwoJmVWZtN5T3KOpChrYrh213iQtqdReQAD1v9dk08JJYJFluOWyXS+Qf73GcByDko2exVaBzzKIPoSxuJ8RHb72m1UeUvkD\/v216FhyZVmZihHr7WtrYrgarCACFHcqOl7rTojtTlpFlxAKROdfbFzNGM6rxNqVIdOAHcm\/os5hLXL+tKfHtGi\/HbMZpYdZhMeKP9e3jCaJoGjosfkQ4ZHy19+LLw84guwJwa\/9Ktlu8KY6999xP+Bvj4dedshtyDydKvvvvtpgAl+bo9Df8UGtubKMnkHACwN1E2f0AHkBWdSfPUPXvgqln2dD492SUvokzyVkXQIUBlzVcPHCnc7RZ\/tc8u9KmS7DE4xX62EnoAvc5NZI7V3LhTODiXlfWPiUHKvIWIfwP\/LqADGZnMJDNldpH+uBjbrQapZK+fuOPzW+aAnhW3HhZM585sijetOXliLoa9gCkh9INHCiDXhzXcg\/vpxYIPjRXXRxNKvaI6lu226l8Aivkzy1Ny9ARfXWBlelnoZGwRfmfLmmgZCuiCsz3fuI3zBPjtp6Y5lCjP3ys3qsjmcAREVeoX6HcvcPN3UBngDBwvrmf8LWboGH0E0E1SidB66fcT7RcuptRH0x5\/e5snTfjJ4EFA9CrukkQG\/FZos0p8y8x54czaQvEPHMEPAZX7h0tZs\/DkN\/ReyGJTEQpxaNV6fq6+3gxQd2+SVJO7aPbhn8hRvPDN9bpqNOJ7Zgc7I3K66njSmiFz+dSVFIc2\/1k3fB1jp3XQGqBzSntyXs0dPjnRN5uEu40PrYonyiv7LxhgDJ581+h9hajeR9umb6y\/G1bO8f76fQrKANF5s2vWH3Y1ZL49Vi2gxO84af44zk3gWjsg6clhTdn0aCuv5o1+fJ7HejOvlq9wH7kIM8ZPYWKs58nIykrZmgKpkmDDFgj469W6KSD1DorOyspuG9lyxTo4uS39nIpy1TktrmBA\/sRvhvNBg5FmYRnatdE5Od0m5gLOZ70ogIxyF43qD947ySc4pJOCU6qq7JceMxy26QVEyeI0\/lNvcrsugiCyJrtE\/dIvwhSyroxZcyUhkdxI+4ffajndOqztX68qz1fum6uW2EtV17fJf9FTeneF2Mqb71b7Sm6WLVC5O5MxtNRFe86f6Z1f1L29jwXXUVhj"}
-01065{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2551,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202192450,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":154,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1414,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353202192450,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"","http": {}}}
+01180{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2551,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202192450,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":154,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1414,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353202192450,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"","http": {}}}
 02206{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2552,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_src_last_pkt_time":1467353202192451,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":3285032704,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1467353202192451,"pkt":"ABxCjnAxTF4M6gNlCABFKAUUuCxAADIG4NFN6ikjwKhzCABQwBY\/zywDxn1A6VAQAALrNgAALT11Li5gWvs4BXi1xLjmvfKMj0peVQo7lKJXGpIXNwaIVVnV50PDXh\/nhoec299vHndpLUua\/bqpCOjp7McAoWKOkJJNwfqArWbPME9b6btDGVgV0uzbgys3HrUPZGuULZqVvC9cfPh7y1VrCRATr2jIquLGEs7NUuTFUS2\/94Q2D+b6OEydZRO9cPMEkga3a+5FSfXnzkWP45N4tdwDAY3rKF71DNh9qyHNw3zq0kfntg59U62XHN6AJpW5oqhpNP\/KXicl+wTn90pd\/Ux5pxaNuaTtiVisjsDdqJGttkpWFmkIvcN4O3H7Nh+g88QCys9WSrOYR9T1WklqZUIXO2KozevHqrDRk3FhsvxtYk4AY5OTxXPHL2qjoy\/5\/LCO7z9Q0I1UDJ6H3s55a0u\/YyMnFnPMluUDID6DqRJHSb6OUS7lT\/EU7rwQMeL0oaEabUBfFS+XanJaGDL1BZSIyNomFf0DPsUe3djOS8nPpXOhOL\/zzo0NjXvFjylWLV5uSrIEQBYM8WUnB+X2Q2Wcez+wiFByuVMleIMfXAFk2nK\/2ntwKLyC0FBADi6XZL3qNrjHMTQHSC+dvnacGjv84sTgyPra7k8ik3DBtc1vCpiDd8xq36vyCP\/Ys2QYll2fN6Xbf+94Si8B0K0uar09Ty6DviDBYXt5\/8XpJtEJWzUaGUBbbCEtHIzhk3G2p2itRnzSyt10DUes\/e9jLtGO\/lchukfEfGu5+Y3TxFhX7Hv333wv7QEFPFBprU3t6V4dIS250PFtx3UWkJ\/KX1vB3GhaMaxBrDbzvjhV2WKQ\/Nnv8ZBY9VdRfkCLJV\/HblSMFcUwHxo4IG2hrHP6TmVmYZ8nIHO7sPEv51L3RYhnBGODsvT6Nl8\/uUNtzAC0mRAznmk7IsUW9cl71zuY0pjDL21g4bID6MrMuZm1Md9NHvU392TiT0doM\/mcbpr5kwNIJ4xpVq6TbrnGRECU65QT+3b\/mxQ15tdSgLRxavOq35PnNQqYK5ZOBDF9u2L\/jTZsE\/v5\/BjNF7aLpx8Nx9Ddl+8avs92OeLW3xatFRgatYsqSPdDSCWt\/7DKoHeOQNGej+4sPaab2IT40o+lWkNrHHFVKhXd8C8SlbnU3Y75R26q+3sGFS+RyE6QyJ\/9EgUPSerMv2RjAJ0haqzfaWTRZ1ZgTOEuLBSeWyw\/5ab4eQDQi0DSVpRkK9n7z6c0f+4O2vunGdSrnv5FBBQxLbrd8yHz3RejyafRygtcHHU3GotYO\/8AGow33n2mzZuLfvvluwSNjTr7s9+t1mvnBDTAJ\/w70fY1Tmwt8AmO+R4XaV\/P8kj5BSwxsIQ6s44lL2edfFiPzVM2v9TOk+F5lYNtoawNgI43Hns0wnw00qQhKTaOTYk+\/7rXY0Dy57cX2LbiFl0dMrMNwkSmzc5OOQEillNkcjpMP\/us+nfs+bmsUceWf2FdKzv2OlHy5srMsxLZZ64aGceMbX4ACl2x0Ow5nsH0a2jCfohcp78SJIn9dHE3evNd2nn4FwNTdYtr8pjqtj6OYulAm5wuv5my4xx1pmVWIbK7w519BlDX6tBN7SDWo4cCZLo7HGPFpXlKMdV6PWa68yPUlNYrLHFOnDpF5xk8sJqNdF2omWAwtrP65WUrU3KZ8D62RRrQfwB0KLK2eRd5P3m9hXVnQ6Nq"}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2554,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":4,"flow_src_last_pkt_time":1467353202370500,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":3285032704,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1467353202370500,"pkt":"ABxCjnAxTF4M6gNlCABFKABnuC1AADIG5X1N6ikjwKhzCABQwBY\/zzDvxn1A6VAYAAK2BwAAGHlgf4CvXzDNyxhLrqYUmmf6SBgwHBuCF2rQFuhe9Y1hgbwLb15JZ+tTfmuYp\/S8QVNXU2lnMkINCjANCg0K"}
 00895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2555,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":5,"flow_src_last_pkt_time":1467353202370500,"flow_dst_last_pkt_time":1467353202428117,"flow_idle_time":3285032704,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"thread_ts_usec":1467353202428117,"pkt":"TF4M6gNlABxCjnAxCABFAAFWNPFAAIAGGfPAqHMITeopI8AWAFDGfUDpP88xLlAYAfC3\/AAAR0VUIC9SL0EzZ0tJRGxqWTJJM09Ea3lNMk5pTVRSbE1UQmlOelJtWkdRM09URTRPRGRoTkRabEVnUUNNQVlXR0tBRUlnSF9LZ2NJQkJEbXpObERLZ2NJQXhDcm5fdEJNZ29JQkJEbXpObERHSUFLT00yUmhGaENJQ3NCNTkzdkt4UTZjVnpBZ0NMX2I5WFdsc0ZRVng3NTRaZ0NIdjFYYVZwMVNJQ0NtQWc9IEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NClByYWdtYTogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkhvc3Q6IHN1LmZmLmF2YXN0LmNvbQ0KDQo="}
@@ -596,8 +601,7 @@
 00844{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833940,"flow_src_last_pkt_time":1467353136834570,"flow_dst_last_pkt_time":1467353136833940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.233.39.81","src_port":22793,"dst_port":18590,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00757{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833940,"flow_src_last_pkt_time":1467353136834570,"flow_dst_last_pkt_time":1467353136833940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.233.39.81","src_port":22793,"dst_port":18590,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00945{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353138931591,"flow_src_last_pkt_time":1467353138931591,"flow_dst_last_pkt_time":1467353139050485,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":653,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":653,"flow_dst_max_l4_payload_len":690,"flow_src_tot_l4_payload_len":653,"flow_dst_tot_l4_payload_len":690,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00848{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838051,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136838051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
-00761{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838051,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136838051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00947{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838051,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136838051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00944{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1467353165563016,"flow_src_last_pkt_time":1467353165563016,"flow_dst_last_pkt_time":1467353165659884,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":950,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":950,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":950,"flow_dst_tot_l4_payload_len":187,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00945{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353144819974,"flow_src_last_pkt_time":1467353144819974,"flow_dst_last_pkt_time":1467353144913514,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":390,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":390,"flow_dst_max_l4_payload_len":229,"flow_src_tot_l4_payload_len":390,"flow_dst_tot_l4_payload_len":229,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00845{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834125,"flow_src_last_pkt_time":1467353136834570,"flow_dst_last_pkt_time":1467353136834125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.227.170.88","src_port":22793,"dst_port":20227,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
@@ -622,16 +626,12 @@
 00847{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1467353136483217,"flow_src_last_pkt_time":1467353136483217,"flow_dst_last_pkt_time":1467353136483605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":43,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":86,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"183.228.182.44","dst_ip":"192.168.115.8","src_port":13913,"dst_port":22793,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1467353136483217,"flow_src_last_pkt_time":1467353136483217,"flow_dst_last_pkt_time":1467353136483605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":43,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":86,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"183.228.182.44","dst_ip":"192.168.115.8","src_port":13913,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00947{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1467353189820488,"flow_src_last_pkt_time":1467353201861524,"flow_dst_last_pkt_time":1467353189820488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":665,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":50374,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00847{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838171,"flow_src_last_pkt_time":1467353136838374,"flow_dst_last_pkt_time":1467353136838171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
-00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838171,"flow_src_last_pkt_time":1467353136838374,"flow_dst_last_pkt_time":1467353136838171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00846{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136836991,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136836991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
-00759{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136836991,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136836991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136838171,"flow_src_last_pkt_time":1467353136838374,"flow_dst_last_pkt_time":1467353136838171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
+00945{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136836991,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136836991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00844{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834375,"flow_src_last_pkt_time":1467353136834571,"flow_dst_last_pkt_time":1467353136834375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.175.128.104","src_port":22793,"dst_port":5185,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00757{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834375,"flow_src_last_pkt_time":1467353136834571,"flow_dst_last_pkt_time":1467353136834375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.175.128.104","src_port":22793,"dst_port":5185,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00845{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837852,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136837852,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
-00758{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837852,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136837852,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00848{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833095,"flow_src_last_pkt_time":1467353136833580,"flow_dst_last_pkt_time":1467353136833095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
-00761{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833095,"flow_src_last_pkt_time":1467353136833580,"flow_dst_last_pkt_time":1467353136833095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837852,"flow_src_last_pkt_time":1467353136838373,"flow_dst_last_pkt_time":1467353136837852,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
+00947{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833095,"flow_src_last_pkt_time":1467353136833580,"flow_dst_last_pkt_time":1467353136833095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00947{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1467353180830424,"flow_src_last_pkt_time":1467353195837489,"flow_dst_last_pkt_time":1467353180830424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":822,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":52529,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00844{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837248,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136837248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.20","src_port":22793,"dst_port":33738,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00757{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837248,"flow_src_last_pkt_time":1467353136837503,"flow_dst_last_pkt_time":1467353136837248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.20","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -654,18 +654,18 @@
 00948{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1467353189784236,"flow_src_last_pkt_time":1467353196145488,"flow_dst_last_pkt_time":1467353189784236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":431,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":511,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8571,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00844{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833715,"flow_src_last_pkt_time":1467353136834565,"flow_dst_last_pkt_time":1467353136833715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00757{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833715,"flow_src_last_pkt_time":1467353136834565,"flow_dst_last_pkt_time":1467353136833715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","packets-captured":2557,"packets-processed":2557,"total-skipped-flows":0,"total-l4-payload-len":2121102,"total-not-detected-flows":34,"total-guessed-flows":2,"total-detected-flows":71,"total-detection-updates":2,"total-updates":35,"current-active-flows":0,"total-active-flows":107,"total-idle-flows":107,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":657,"global_ts_usec":1467353203157237}
+00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","packets-captured":2557,"packets-processed":2557,"total-skipped-flows":0,"total-l4-payload-len":2121102,"total-not-detected-flows":29,"total-guessed-flows":2,"total-detected-flows":76,"total-detection-updates":2,"total-updates":35,"current-active-flows":0,"total-active-flows":107,"total-idle-flows":107,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":657,"global_ts_usec":1467353203157237}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2557/2557
 ~~ skipped flows.............: 0
 ~~ total layer4 data length..: 2121102 bytes
-~~ total detected protocols..: 71
+~~ total detected protocols..: 76
 ~~ total active/idle flows...: 107/107
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6718075 bytes
-~~ total memory freed........: 6718075 bytes
-~~ total allocations/frees...: 127095/127095
+~~ total memory allocated....: 6723964 bytes
+~~ total memory freed........: 6723964 bytes
+~~ total allocations/frees...: 127111/127111
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 488 chars
 ~~ json string max len.......: 2220 chars
diff --git a/test/results/pptp.pcap.out b/test/results/pptp.pcap.out
index e2ddaa2c5..2b5f19b7d 100644
--- a/test/results/pptp.pcap.out
+++ b/test/results/pptp.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414490 bytes
-~~ total memory freed........: 6414490 bytes
-~~ total allocations/frees...: 122461/122461
+~~ total memory allocated....: 6419395 bytes
+~~ total memory freed........: 6419395 bytes
+~~ total allocations/frees...: 122471/122471
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 949 chars
diff --git a/test/results/psiphon3.pcap.out b/test/results/psiphon3.pcap.out
index 4fc9678e2..8ad18548b 100644
--- a/test/results/psiphon3.pcap.out
+++ b/test/results/psiphon3.pcap.out
@@ -21,9 +21,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6420264 bytes
-~~ total memory freed........: 6420264 bytes
-~~ total allocations/frees...: 122509/122509
+~~ total memory allocated....: 6425169 bytes
+~~ total memory freed........: 6425169 bytes
+~~ total allocations/frees...: 122519/122519
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 475 chars
 ~~ json string max len.......: 1940 chars
diff --git a/test/results/punycode-idn.pcap.out b/test/results/punycode-idn.pcap.out
index 712064329..e2d4a40e9 100644
--- a/test/results/punycode-idn.pcap.out
+++ b/test/results/punycode-idn.pcap.out
@@ -29,9 +29,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6415939 bytes
-~~ total memory freed........: 6415939 bytes
-~~ total allocations/frees...: 122481/122481
+~~ total memory allocated....: 6420860 bytes
+~~ total memory freed........: 6420860 bytes
+~~ total allocations/frees...: 122491/122491
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 497 chars
 ~~ json string max len.......: 1059 chars
diff --git a/test/results/quic-23.pcap.out b/test/results/quic-23.pcap.out
index ccaf5b2cb..0ae6d3998 100644
--- a/test/results/quic-23.pcap.out
+++ b/test/results/quic-23.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6422508 bytes
-~~ total memory freed........: 6422508 bytes
-~~ total allocations/frees...: 122477/122477
+~~ total memory allocated....: 6427413 bytes
+~~ total memory freed........: 6427413 bytes
+~~ total allocations/frees...: 122487/122487
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 2244 chars
diff --git a/test/results/quic-24.pcap.out b/test/results/quic-24.pcap.out
index f5b3e992a..c0cae9810 100644
--- a/test/results/quic-24.pcap.out
+++ b/test/results/quic-24.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6422289 bytes
-~~ total memory freed........: 6422289 bytes
-~~ total allocations/frees...: 122472/122472
+~~ total memory allocated....: 6427194 bytes
+~~ total memory freed........: 6427194 bytes
+~~ total allocations/frees...: 122482/122482
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 2177 chars
diff --git a/test/results/quic-27.pcap.out b/test/results/quic-27.pcap.out
index b152bc896..ee1233919 100644
--- a/test/results/quic-27.pcap.out
+++ b/test/results/quic-27.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6422670 bytes
-~~ total memory freed........: 6422670 bytes
-~~ total allocations/frees...: 122478/122478
+~~ total memory allocated....: 6427575 bytes
+~~ total memory freed........: 6427575 bytes
+~~ total allocations/frees...: 122488/122488
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 2317 chars
diff --git a/test/results/quic-28.pcap.out b/test/results/quic-28.pcap.out
index fa92a9cae..3e7a936f8 100644
--- a/test/results/quic-28.pcap.out
+++ b/test/results/quic-28.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6429092 bytes
-~~ total memory freed........: 6429092 bytes
-~~ total allocations/frees...: 122710/122710
+~~ total memory allocated....: 6433997 bytes
+~~ total memory freed........: 6433997 bytes
+~~ total allocations/frees...: 122720/122720
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 2120 chars
diff --git a/test/results/quic-29.pcap.out b/test/results/quic-29.pcap.out
index 7e426803c..e22050eda 100644
--- a/test/results/quic-29.pcap.out
+++ b/test/results/quic-29.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6422289 bytes
-~~ total memory freed........: 6422289 bytes
-~~ total allocations/frees...: 122472/122472
+~~ total memory allocated....: 6427194 bytes
+~~ total memory freed........: 6427194 bytes
+~~ total allocations/frees...: 122482/122482
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 2182 chars
diff --git a/test/results/quic-33.pcapng.out b/test/results/quic-33.pcapng.out
index 1e913e1db..f32931ba7 100644
--- a/test/results/quic-33.pcapng.out
+++ b/test/results/quic-33.pcapng.out
@@ -7,21 +7,20 @@
 01511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1607938456563491,"flow_dst_last_pkt_time":1607938456566431,"flow_idle_time":200000000,"pkt_caplen":805,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":805,"pkt_l4_len":751,"thread_ts_usec":1607938456566431,"pkt":"AAAAAAAAAAAAAAAAht1gLBAvAu8RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvI5gLvAwKiAAAAAQijB72XkxHdoQg7VxcI2Jvc+0EX7RIgJstg2q\/pC81tAEQflatapq\/RZQEybKUVkOQrHxIiM3xbz3ZbafCyVgp9YFd+JrcvMCpFHqt9ha4UaWT\/CVOhVDMl+x8Qz2Pi7UbhXXzBIpETH8Z7GAVhwJp3720klhijkJwcoDMcJhlagIc47WtHZyC2\/NvYhyD6pe18qYPoUjuwqv+wJE\/ZuFV52ejpLWx76nNhIhGaoM22WiUW2N20UYQh0kubnK8ydedmguDEIxF73mmjfBjQU7d+\/kjc6w69nvaNM1WUtVe+1pIxu53jikC+jWmnb37byYPq9yuXiC3\/7jLmxfDtd9m0NACttAKJA\/JNnc1mj5nC7Y4hcumqIR3HrbC6nuLoYsXX2Zp0f9UgYV0fEqMHvZeTEd2hiKBY6bJdCuJKiCqdgeiTl8HqX5mvvlLWJPlmCEJCqIrxf4AkkUVGE4BSMBWdBgCOEniMLjdilc+qHYhwYNZ7tIGoZF6d6e+Y9Yje+rmHUnbpVz7jAirlBT5H70Gx8i7gxMgFdddmzogwCmelHc7wvmzlC3bbPNEkyFgFvBjt104z4kXXH0FdVNTjvLWqMrMbCISgSyaKcGImnAuSczuqI+IdDAVMV3KZetnbRYTODT0MnkiyhjZS2c2FGhXiSczCoL+nOf5G7u0IMQ1S2B5gWkWA4zkPvuFc+aQWgo\/5D9qUsPB6Q6\/Lj7MI5fOlLauhfzQmW9GNJRpuqdg3\/ZmECJ9z4HnHnfJd1luO6tXDuMawQhxYeD2xpO\/QqBEAH7sAsFTq\/abn1uTe8vqVNYsZRf0hwJAKRW\/BJxg25OGxhUlcywIb3vGZoq+dJmTxYWX\/eqXVDs+dco62ygOlroB9wJoypHt\/D+y7eYcgKaWYE3hnP28kNmmEQuWhfqoLHNJTZas1p5oY5kezaxnU27xSuQXqGdvZdYxhIaICM8EHXUKIOqW8fx5oue03v9+86w=="}
 02470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1607938456563491,"flow_dst_last_pkt_time":1607938456566452,"flow_idle_time":200000000,"pkt_caplen":1502,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1502,"pkt_l4_len":1448,"thread_ts_usec":1607938456566452,"pkt":"AAAAAAAAAAAAAAAAht1gLBAvBagRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvI5gWoBbtZowe9l5MR3aGoPMUlC8ojkveWDrnmED9W5sa4X9wCktDzDDXCYZSRQMxMbCVxwWOrGcoL7RjNrb\/aR0XYpCUrMVMGYc7NbMVcmFh+U7ptII9ng3LovEtfWD+Vs23WbaIHZ861LaEHA\/O3BXXbVKR+D5AvGegGrVyCDUDTVwsI0xjlHU6np3nq2hUuH8yJbDa8RRLpXgKEnKNLc11Kr0rcxDebjOz1dBKCk6MJE+RaErF7rEtrFcdkqX2anO2s+oQdnjsu5lzh2gt+Pax4A51\/PBeBgwzAMnnreukUaaOMmSVWTRc\/VoG6UCj\/Tagguq1zlSUsuPKfS4A\/Hj9PMCdEQl7Hayptql87eJvYWKvnKSw09TobsgFvbTKw8NsJvq53AE7lTrO3TaA+nGZFRkq+M1ZrN2+BdXW26C2KraejfRHNrX6gAfXr\/p6NjeOzTSfUp6nCX0A3akd5q4pDQzfTm\/ZODmJRSSua6qoJNXn0ZXKLdWfGo2HyscrTneMhF6bQ007r+YHFANXKovRp2EPpw\/UJ\/vmL8V6IY0+HgZbj0\/d8FIx79RtbyabSwl8zeJibsQ1efkYJNgJ++\/KCwNGDs8asJAde9mkZ\/dD1+61ArTNYb49TexSktCvy4pG\/lsRXKxM72Y\/+4TJXT4xFdvuvm+PYjyD61bnMUmH40\/yen\/A\/WgtDFdjYfUH767jw9eFdVWB3ZsqeIHitWtMaap9xJIluBD+y2SxNS2T8mAjyctwWenF7C6shXsh0qrLybxoQ0mpuErDwRdnKd4mSsuqiuoQGfGbICbCc2dii\/7aSWW9g0280LQsrjBCl\/YvBCm88jWP2XY0b7UwDAZYeSSdHwaFhBXowhDhxXzH8R0g9ke2rFjs\/\/TBqq0T\/ZB1XqZLLhRVNSNff9p8XMZhqF6nYP3WZjj1DqFa2r\/223NsQ6wlp7tG634D7micOuvJWURO+AlGXtvI7zygsUz0CgkusaQEP4TAWCgn0lXeK6Jy3aZ6m0zQtfsa2SiY0Pyf1PWTuWCeXEhhqN0+G6HwVWdmaL2uYxjn01+QKvB6cqgjzUHj7ISnkgdtIrQ+jDb3\/YuMI9cxUejbp+0glcdsH4JO3WK3bIkjHXe4nJtvi554x5sT83RqdBEWrCT8Hz8DvHMAfbR+\/XpS4NJ6rIBJZTfZnrcqqNHxc+q5Z3+z9E3mEki3zOsCZbUzk0otiSbbusPTJ7Es\/ZnRISPdeCvvH5UBZA\/ITRUTY11l7ptIDwkxD3Q2fTkbX2WLeZoRV1F5rZs22rukFjdfZFbVimjaztzg6Wex3ilHTBU66\/wagcJ+boiTqvzD9shT8g+9ztRyM6oDrvueAWdlAP374US8GzN2ocd+LWy3Qh0kD76f8cnFVOhNIJ74ji8WV\/lEp7vTYYUDMrlFJm1g2QBxreEzVyyxzw\/kWu2secXUHFiuq\/aLl8lirZilXXB6BKhwYA6VsFx\/wQgXMGW7N576ppMuzN4q3u6+qKsFRgykE6xWMCIu8rfyHPKLU8hwJI\/Un9U+WP4ym96BQBToDbbY5w60F\/Fn+reGqzEXYBrNxFHbTy+34B9XFDXGRJuNXJEdt2xpxpJ4rLfkfhcpUBhpHxNFrGGx2u1ISXuanPkdl0U8p9iUo64xVk85WGi67+\/Po3\/vbJft1SNF4cB9lwe3oY2I+j\/MHJ8WFVg+W3w5clz+ifKEtQv0lEwiQL+Eicb9gfq3tlAR\/Zi7S7qlLM5dHBagD9XgE\/DssV\/nw3KYmdu4Cl7igYDAaGwJ\/prNC9sgv+k4qxakCz31iRthWoHa0gjjPRWdkJJ2NsNi51hPYr48FsvBgPM\/Y\/atiNkibfUawrvmDvK1kNir+duSpeLrnsGaquwEZKhLjOOhl7z2u7XrHBakQNuP2txJ4w+obo1p2YnKmbYM="}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1607938456566937,"flow_dst_last_pkt_time":1607938456566452,"flow_idle_time":200000000,"pkt_caplen":115,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":115,"pkt_l4_len":61,"thread_ts_usec":1607938456566937,"pkt":"AAAAAAAAAAAAAAAAht1gIDHwAD0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAByOYRWwA9AFCoAAAAAQg7VxcI2Jvc+wijB72XkxHdoUAcmTt8MUVh5MfFjPiR6HrZ0x4AXuWw5hgay8870A=="}
-02349{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":23,"flow_first_seen":1607938456563491,"flow_src_last_pkt_time":1607938456569390,"flow_dst_last_pkt_time":1607938456569730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3531,"flow_dst_tot_l4_payload_len":26643,"midstream":0,"thread_ts_usec":1607938456569730,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":15,"avg":391.5,"max":3446,"stddev":792.0,"var":627294.4,"ent":3.2,"data": [2813,127,21,3446,599,267,22,367,71,407,38,1140,1379,530,25,290,50,285,35,19,16,16,16,16,15,17,16,46,17,16,16]},"pktlen": {"min":101,"avg":990.9,"max":1488,"stddev":605.0,"var":366070.2,"ent":4.6,"data": [1280,1280,791,1488,101,103,195,103,1280,1280,359,1488,487,231,103,103,103,103,1488,1488,1488,1488,1488,1488,1488,1488,1488,1488,1488,1488,1488,1488]},"bins": {"c_to_s": [0,4,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0],"s_to_c": [0,3,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,15,0,0]},"directions": [0,1,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [7.803868771,7.809453964,7.636795044,7.827753067,4.482279301,4.907669544,6.029671192,4.876163006,7.831148624,7.774451256,7.038985729,7.835481644,7.443472862,6.574716568,4.842088223,4.868834019,4.744999409,4.934416294,7.840272427,7.834603786,7.829602718,7.819114208,7.856932640,7.836608410,7.829055309,7.839015007,7.837625027,7.848807812,7.847033501,7.843163967,7.839411736,7.808558464]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":992,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":99,"flow_dst_packets_processed":893,"flow_first_seen":1607938456563491,"flow_src_last_pkt_time":1607938456578110,"flow_dst_last_pkt_time":1607938456578127,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":8598,"flow_dst_tot_l4_payload_len":1270620,"midstream":0,"thread_ts_usec":1607938456578127,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":992,"source":"quic-33.pcapng","alias":"nDPId-test","packets-captured":992,"packets-processed":992,"total-skipped-flows":0,"total-l4-payload-len":1279218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1607938456578127}
+01175{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1607938456563491,"flow_src_last_pkt_time":1607938456567204,"flow_dst_last_pkt_time":1607938456567051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1432,"flow_dst_tot_l4_payload_len":3470,"midstream":0,"thread_ts_usec":1607938456567204,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"quic-33.pcapng","alias":"nDPId-test","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":4902,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1607938456567204}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
-~~ packets captured/processed: 992/992
+~~ packets captured/processed: 7/7
 ~~ skipped flows.............: 0
-~~ total layer4 data length..: 1279218 bytes
+~~ total layer4 data length..: 4902 bytes
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6450688 bytes
-~~ total memory freed........: 6450688 bytes
-~~ total allocations/frees...: 123449/123449
+~~ total memory allocated....: 6427028 bytes
+~~ total memory freed........: 6427028 bytes
+~~ total allocations/frees...: 122474/122474
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 494 chars
 ~~ json string max len.......: 2475 chars
-~~ json string avg len.......: 1477 chars
+~~ json string avg len.......: 1471 chars
diff --git a/test/results/quic-34.pcap.out b/test/results/quic-34.pcap.out
index c29ceb91e..a16db95d7 100644
--- a/test/results/quic-34.pcap.out
+++ b/test/results/quic-34.pcap.out
@@ -16,9 +16,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6422138 bytes
-~~ total memory freed........: 6422138 bytes
-~~ total allocations/frees...: 122461/122461
+~~ total memory allocated....: 6427043 bytes
+~~ total memory freed........: 6427043 bytes
+~~ total allocations/frees...: 122471/122471
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 2422 chars
diff --git a/test/results/quic-fuzz-overflow.pcapng.out b/test/results/quic-fuzz-overflow.pcapng.out
index df5970186..af58dfa9c 100644
--- a/test/results/quic-fuzz-overflow.pcapng.out
+++ b/test/results/quic-fuzz-overflow.pcapng.out
@@ -13,9 +13,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411747 bytes
-~~ total memory freed........: 6411747 bytes
-~~ total allocations/frees...: 122436/122436
+~~ total memory allocated....: 6416652 bytes
+~~ total memory freed........: 6416652 bytes
+~~ total allocations/frees...: 122446/122446
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 505 chars
 ~~ json string max len.......: 3054 chars
diff --git a/test/results/quic-mvfst-22.pcap.out b/test/results/quic-mvfst-22.pcap.out
index 5a5bcbd73..af43cf6d4 100644
--- a/test/results/quic-mvfst-22.pcap.out
+++ b/test/results/quic-mvfst-22.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6436077 bytes
-~~ total memory freed........: 6436077 bytes
-~~ total allocations/frees...: 122947/122947
+~~ total memory allocated....: 6440982 bytes
+~~ total memory freed........: 6440982 bytes
+~~ total allocations/frees...: 122957/122957
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 498 chars
 ~~ json string max len.......: 2164 chars
diff --git a/test/results/quic-mvfst-22_decryption_error.pcap.out b/test/results/quic-mvfst-22_decryption_error.pcap.out
index 2cef5cc27..2c6950501 100644
--- a/test/results/quic-mvfst-22_decryption_error.pcap.out
+++ b/test/results/quic-mvfst-22_decryption_error.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6432063 bytes
-~~ total memory freed........: 6432063 bytes
-~~ total allocations/frees...: 122808/122808
+~~ total memory allocated....: 6436968 bytes
+~~ total memory freed........: 6436968 bytes
+~~ total allocations/frees...: 122818/122818
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 515 chars
 ~~ json string max len.......: 2148 chars
diff --git a/test/results/quic-mvfst-27.pcapng.out b/test/results/quic-mvfst-27.pcapng.out
index 53d70479e..a3ba98bc6 100644
--- a/test/results/quic-mvfst-27.pcapng.out
+++ b/test/results/quic-mvfst-27.pcapng.out
@@ -16,9 +16,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6422437 bytes
-~~ total memory freed........: 6422437 bytes
-~~ total allocations/frees...: 122477/122477
+~~ total memory allocated....: 6427342 bytes
+~~ total memory freed........: 6427342 bytes
+~~ total allocations/frees...: 122487/122487
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 500 chars
 ~~ json string max len.......: 2237 chars
diff --git a/test/results/quic-mvfst-exp.pcap.out b/test/results/quic-mvfst-exp.pcap.out
index fb0a39978..6c9838db2 100644
--- a/test/results/quic-mvfst-exp.pcap.out
+++ b/test/results/quic-mvfst-exp.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6422730 bytes
-~~ total memory freed........: 6422730 bytes
-~~ total allocations/frees...: 122487/122487
+~~ total memory allocated....: 6427635 bytes
+~~ total memory freed........: 6427635 bytes
+~~ total allocations/frees...: 122497/122497
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 499 chars
 ~~ json string max len.......: 2191 chars
diff --git a/test/results/quic-v2-01.pcapng.out b/test/results/quic-v2-01.pcapng.out
index 969443e75..a257feac4 100644
--- a/test/results/quic-v2-01.pcapng.out
+++ b/test/results/quic-v2-01.pcapng.out
@@ -7,21 +7,20 @@
 01455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-v2-01.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1643108746209343,"flow_dst_last_pkt_time":1643108746211597,"flow_idle_time":200000000,"pkt_caplen":766,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":766,"pkt_l4_len":732,"thread_ts_usec":1643108746211597,"pkt":"CgAnAAAACAAnfrFjCABFAgLwAoEAAEARg2LAqDjGwKg4ARFbhbUC3F+UvXCaUMQIS6wx1HkzRzII64iRQkuUIpxBBHClZrSkXwcilginpQcYrC6+gYqStd9rEPJAVa\/X+ectxL4RSmYFqLCVrwpVh1cagxhOComdCEfuthVLRVGijz0VZq73gJfVJDTIt9AqzDxtaVsVpsxn9nkBr8pmVajuM19igvEhLOOlSEyBeUeB0DFdaZHW2\/JO3NISTHIWsZrZsFMVLd9gHsuxJ1cw3ZhmXfOm4UQbO0gsJiSVP1hEVffenYC7rMaAhCUYN9+RJxV5yNtMPMGyD3sgFiZTkHnxcTLuuCOpBBBkbts\/gMCM9IZChkDacnOh2OF9\/ohY3MEFlrim9kn0Lkww\/L7utDiRt6G4nl7rnCzjkcY3xLHSfS\/UQGApX0usMdR5M0cyG4HtNIk9Hu3yusEW1qJhexs\/jd2MFqPbzXoJkoBqBRJp9qv7uPIeaJrkQv0lZW4FoaNVZAxaKV+W4vwOyfLLLUAqbD+eP0q2akwmVXy9Y8QV3RpHIAEJdYstRBWUkoiGbfH\/tn+FdXpRyxXFod1a\/iZeqISyuYA2sKP1DJjEFrTzbkdHxX2JNiQQ2tZ+ApMfsQ0Q3QHD6f2C+xRLtvPcLqXP7RxXsRrD38p085fQ2lzG5FGYGgbhRGLwEvS2xYmIc5SWcIMn4zDkXXhhptIlqESYssWwykAjHZI2+hUtqOdrCizJkWiDODkpCMdaXGRR20dzaKQXdlriwcHLV5d1GvkCwMjcqS+C3ysNw8ltkxZbJAw3X1KjTK669DDz0zSittHV41nQk4SLHBtK3xCfytcsQ2Woqekdb3A1Hgo2e8QMTF4S4OsVjiekXWM847U9xQtRGGBIxOeuuzZN2uX3hL9UxceXknbMIBuTtD1iz9sd5bcqUQJpjX4\/iuJ0SwzD3dHw3Uy0h7w+q864l4fPWvhkeXfYvfcT+Icqi6TMXyciH2pSvVxaT4WJf32OcA=="}
 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quic-v2-01.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1643108746209343,"flow_dst_last_pkt_time":1643108746211682,"flow_idle_time":200000000,"pkt_caplen":1482,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1482,"pkt_l4_len":1448,"thread_ts_usec":1643108746211682,"pkt":"CgAnAAAACAAnfrFjCABFAgW8AoFAAEARQJbAqDjGwKg4ARFbhbUFqI0nEkusMdR5M0cyUpL4ZEfPztFtyLjmn2OmmoOFNihMWWsesMFw5n967LEm+U3F1uIrGZ0+nI8gtSwIGlvtB7ID4MWl0\/sKo6dJMBAeD57sxq0Oayabd1KlwiN10yh\/lQsJ0WOzzrm0LkCUF0ZMAUZMnLg8kuMWojNNQsvBrKLfU+tRhcnqu5dWR6dkognrfPhvriPMev8kvxSERNYITnmyr\/Vj0lQ3Lx1OSoUwuH9UikPayEFWeIlxL\/9mUctbH27V9V5RXXACqkFSDRHmyA9Af9PzcJsGp2goFLbS2skjjq5zwCxOPwp6R3z8pKzorOMrwrmv7WYussG\/efhBdnvWktRXUkzyT8N9JwgHNZ8\/jHQsQwNAccN3K+RA\/f+si+jq8d4RM+bG0Ab0FtBoQ5aFdS9\/ipxRMBwZ\/4S7jjeypdIPtYoSGM1ZSYwAxLp2kwjjJcewznycRPLgd0A1IRVhlVkO9l0U0wHgGXR\/D61+xhek5SxoxmrGJl1hjy5kr82WfEAAFXyrMq7BX6fBj8clHq84w6pQSauITzwo7DG9IrYKrVc4LiQ19RUaCWpailMJo1wcFqvDzRDvpeUZGB0QZBT70Lb9xmAs6Ol5T0NQKqa1oa8psf74AsTulLnaAgWGmNzjjQShJHej24o8PRfgHt78Xxv4rdGm1\/iXw77JnZvcVWyvrJTNa4I93FEy\/REJKgi\/7hcLUwqmNRzzyuojqjZLwx8sx+h2cxCJp40aaZycR4zh0tQE6nbWJ5wgso3oMhXgX\/1ZuMGzUkjWN1f7w\/ShlmtJPc2knxrMU9QtvoenM6ssQk+\/y+1cruKFuCZhw3iZYpWCRAPgLVAaY8Ee8Gr383OWR\/7ZHsOAqImgLnvJvmnAcix4d6u9irVP2yhJ6ROGdIqv1PornUwpbZ8ZTlMxxrHQA42+iQ5Mh32Q0IP9D3k8o7uZGcAkthNmWpQ5jq9bTQ3mfcR\/mTivMKEwNTjjC+sirvHBzwrOQiwehGRQHXDFk+aoCubcKx3FJGUbRMzNB87DV0ngV4Pbd55MDt6RDNulQu5AD\/BClZDPfBNrmcr4HGYeuyGnjx1hgj\/OMyZOI9ln6YnJrCsn6oVmrnqk44TG37ssa5Q4zvWr5Q5rzQNR3P9LAdMR3ZcyHZWKDCZl1cgg3Prk01pN2o+i9ik4qN3rPstzLqMkzOWWJRrT9QhoHnTTJt8c5opVY3+emW9zzYlRMJ55g5GYXwpGP9g34+a3U3VnEZJjnF9PO6bjwpxD9Wzz+6YiCiQfwmdXSCSs64quqrKE6rcS9PvrJTJlSOnloP+g2d3gYruYcFWT3cViWz8doO5GxOwTren5yAFY1kGBx6irxXH9fHonSiPc9RwdRG9GpGoU3s+AxvaAgFCxiHjvkBNFa1SeNZQk7TSTnxRDGMjbUBd4AgaCZEpNcBucB3YN\/50Mr9f6Bd1wkdvdth\/A8uXvnWT5kvfRarqRvG0+A2mhDu3pRM1Mtnn8pu7YCYktWSm1OLNAav0CC4fYZtyeCYfmf9BiWMrxjxCn5TYcBOojL5g2dOdoTEn7msrw4IQmwkRGeCp4c+VN9x4jfY4a8Zy2N1UQZnnrxZ5Q8icUtrSepZjGmrDjffnXobpxliaShUeHU2k8kNaL7calnulR0hb0oGOdxz4KiMhNsGkBYso2lSUqmEDbNVLSDWXRB0cLEv1digmlFgKRAQIDtZLAn+ibCCw09yMKIiYcVdAGIdy6j+\/9ZNpgXI5zYb0PqgcnzS4eBrBw6d0OWGIQDMMdZWKmBR43iOhEKKxl76O983KsCSYQkFRi8Y3nVn+9iWClnRpE+3KTZ\/DUCTGZspUZ\/GmuH9\/T+A6RqfbywI255m+xu3eTaeIkujWrOIf6iHv91LnDZ6C7L9hofo9MHE7URqWsGtKdzc+E"}
 01022{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"quic-v2-01.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1643108746211954,"flow_dst_last_pkt_time":1643108746211682,"flow_idle_time":200000000,"pkt_caplen":445,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":445,"pkt_l4_len":411,"thread_ts_usec":1643108746211954,"pkt":"CAAnfrFjCgAnAAAACABFAgGvYl9AAEAR5MTAqDgBwKg4xoW1EVsBmz5ls3CaUMQI64iRQkuUIpwIS6wx1HkzRzJAQ9W7Qo8JSqPHu5UetgBZ+G+F+PNBvNHmDjU4Gty6wD1UyvH7nGF4pEBOgkeo5VeOuUKm8qL\/TNC9KBFGuniKENfZCSd864iRQkuUIpyjmHuMOysfEuZjeLyV094Drxz8MVPGVROrKsTAkjtE0yC5YY6ZSVNFNgp5kqs2Muf+s51bnbWzYymvTeQ\/zVrijJ+7w6DXN3d2fs6W92DMyFrpTroo1dyvVTh7S7XIndvXZXZXBzgFmkj6LEXFRxbjJOPzxeU3q2WKKXIokx0hMHAdGYeSukRR0vYtEC58yJOelKEBm9mkmgGPkCZFqL1tf0cZFNEWFcjBhTm91XlwiOBDc6EgdAbNKECsJJuUQ6YpwWe+0W1Pi1Euz9DqCxySb6O9SwApazl\/KWn1MLVUomm86efh3fd9n0wLg+O4XO6A4pJd37CGxQOV\/ZNhJ4Nq6CONXenojzzkTgLwyX2cl10T+pqO96dv\/Xv9+zq6yb1i9sGQOWqQEzCW14DOZw=="}
-02352{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"quic-v2-01.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":23,"flow_first_seen":1643108746209343,"flow_src_last_pkt_time":1643108746213653,"flow_dst_last_pkt_time":1643108746213782,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3681,"flow_dst_tot_l4_payload_len":28445,"midstream":0,"thread_ts_usec":1643108746213782,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":34229,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":282.2,"max":2611,"stddev":585.9,"var":343297.1,"ent":3.2,"data": [2220,34,85,2611,15,161,480,75,75,407,511,344,364,20,7,7,7,5,8,6,304,236,17,5,4,4,3,7,5,393,329]},"pktlen": {"min":83,"avg":1031.9,"max":1468,"stddev":592.8,"var":351417.0,"ent":4.7,"data": [1280,1280,752,1468,431,1468,211,83,83,467,83,83,211,1468,1468,1468,1468,1468,1468,1468,1468,83,1468,1468,1468,1468,1468,1468,1468,1468,83,1468]},"bins": {"c_to_s": [0,4,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0],"s_to_c": [0,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,18,0,0]},"directions": [0,1,1,1,0,0,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,0,1],"entropies": [7.859164715,7.830483913,7.691216469,7.861833572,7.535028458,7.857851028,7.014661312,5.904921532,5.971303463,7.551024437,6.091784954,5.908110142,7.010611057,7.856127262,7.862607956,7.865868568,7.851809502,7.870316029,7.876718044,7.846899033,7.842083454,5.832632065,7.868857384,7.869379997,7.866369724,7.853280067,7.852721214,7.849537849,7.868902206,7.856405258,5.923110962,7.879580021]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01206{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":923,"source":"quic-v2-01.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":889,"flow_first_seen":1643108746209343,"flow_src_last_pkt_time":1643108746226518,"flow_dst_last_pkt_time":1643108746226632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":5301,"flow_dst_tot_l4_payload_len":1267919,"midstream":0,"thread_ts_usec":1643108746226632,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":34229,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":923,"source":"quic-v2-01.pcapng","alias":"nDPId-test","packets-captured":923,"packets-processed":923,"total-skipped-flows":0,"total-l4-payload-len":1273220,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1643108746226632}
+01199{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"quic-v2-01.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1643108746209343,"flow_src_last_pkt_time":1643108746212205,"flow_dst_last_pkt_time":1643108746212237,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3333,"flow_dst_tot_l4_payload_len":3910,"midstream":0,"thread_ts_usec":1643108746212237,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":34229,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"quic-v2-01.pcapng","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":7243,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1643108746212237}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
-~~ packets captured/processed: 923/923
+~~ packets captured/processed: 10/10
 ~~ skipped flows.............: 0
-~~ total layer4 data length..: 1273220 bytes
+~~ total layer4 data length..: 7243 bytes
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6448789 bytes
-~~ total memory freed........: 6448789 bytes
-~~ total allocations/frees...: 123380/123380
+~~ total memory allocated....: 6427217 bytes
+~~ total memory freed........: 6427217 bytes
+~~ total allocations/frees...: 122477/122477
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 497 chars
 ~~ json string max len.......: 2431 chars
-~~ json string avg len.......: 1458 chars
+~~ json string avg len.......: 1452 chars
diff --git a/test/results/quic.pcap.out b/test/results/quic.pcap.out
index 1e03dd8d1..be2e2b001 100644
--- a/test/results/quic.pcap.out
+++ b/test/results/quic.pcap.out
@@ -69,7 +69,7 @@
 02291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1463075953340612,"flow_dst_last_pkt_time":1463075953334963,"flow_idle_time":200000000,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463075953340612,"pkt":"6HTmLPTkABlmWmaMCABFAAViaURAAEARXyjAqAFt2DrSzomkAbsFTjuODLy767UFbXetA5AoC1nXMuDNsryepwFAAgFLEgEA4JgAAAYAAqQBAAQABENITE8bAAAAUEFEAAQBAABTTkkAEwEAAFNUSwBPAQAAU05PAIcBAABWRVIAiwEAAENDUwCbAQAATk9OQ7sBAABNU1BDvwEAAEFFQUTDAQAAVUFJROQBAABTQ0lE9AEAAFRDSUT4AQAAUERNRPwBAABTUkJGAAIAAElDU0wEAgAATk9OUCQCAABQVUJTRAIAAFNDTFNIAgAAS0VYU0wCAABYTENUVAIAAENTQ1RUAgAAQ09QVFgCAABDQ1JUcAIAAElSVFR0AgAAQ0VUVhgDAABDRkNXHAMAAFNGQ1cgAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS13d3cueW91dHViZS5jb20t19AYB5aaMKurHRM81LpDG06F1\/HgjIAXnLSYHoaRDG+YCx4gYrs3k43pE\/W5utsyegd0CLIV4fasqoZkRpVLMtnpS+sIRqrbfvgjIL2IUeZTlSGu\/7+bU4Z+Ij1vgEEcToZ\/00OYAYgC+05liNl+ov97hVEwMzB7Junn5Fxx\/wHogWCSkhroVzTEcRLFzd0SOKzq+zk+mmsJWuphk1V0lOwLwQaCtEVkAAAAQ0MyMENocm9tZS81MC4wLjI2NjEuMTAyIExpbnV4IHg4Nl82NFhgpTo7WDSB35ohydGxhV8AAAAAWDUwOQAAEAAeAAAAC\/h+hADy9UF9DtF\/5hsJflX9lpR4jxEZW13eD4Inz\/77x5rVwibkGp1mguQM3JFnP0\/pCunhZLgVQuGPzw\/mMQEAAABDMjU1Ve9eTSHF9WVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5CprnnrQX4AAJnjbhk5TD\/ODs2TqaUMwxu67ShCzPfkFA65FbK21znR0q1zZidLzW\/F\/yyTMu4LUplgEwTzPx\/Cpv4QFsRjD5LoV\/V7mHtXI1TyJDoDCcXS9mjq9LGSRD7btROYRgpKlFbMNj4+UHP+JESXYYf+R4+5w3QLECQuncXrEDewfoYOi6pFY4l4uH9PvKDYgLdn8764cGh2cFKSvAnNt\/t5JO7XvJ40AADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 02166{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":481,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1463075953299562,"flow_src_last_pkt_time":1463075954259331,"flow_dst_last_pkt_time":1463075954259852,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3706,"flow_dst_tot_l4_payload_len":22849,"midstream":0,"thread_ts_usec":1463075954259852,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":11,"avg":61937.4,"max":828641,"stddev":198595.2,"var":39440068608.0,"ent":2.0,"data": [565,35358,43,40485,132,24017,25957,16828,62,532,35459,51659,446,11,26638,25576,828641,25,803246,620,371,204,811,210,360,238,291,204,540,286,244]},"pktlen": {"min":61,"avg":857.8,"max":1378,"stddev":620.8,"var":385421.5,"ent":4.5,"data": [1378,373,1378,1378,1378,369,65,68,1378,61,61,71,1378,1378,1174,68,65,1378,1378,68,1378,1378,1378,68,1378,68,1378,1378,1378,68,1378,1378]},"bins": {"c_to_s": [0,8,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0],"s_to_c": [0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,16,0,0,0,0,0]},"directions": [0,0,1,1,0,0,1,0,1,1,1,0,1,1,1,0,0,1,1,0,1,1,1,0,1,0,1,1,1,0,1,1],"entropies": [5.050794601,7.427186489,7.589700222,2.645882607,5.424244404,7.418235779,5.309068680,5.493865013,7.858019829,5.512544155,5.545331001,5.716576576,7.892964363,7.881204605,7.816042900,5.554157257,5.641524315,7.888419628,7.861907005,5.675695419,7.860325336,7.873119831,7.856549263,5.635182381,7.861664295,5.694005013,7.863921165,7.839401245,7.861547947,5.558049202,7.862613201,7.852869511]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1463060980356958,"flow_src_last_pkt_time":1463060980457563,"flow_dst_last_pkt_time":1463060980449085,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":2740,"flow_dst_tot_l4_payload_len":2737,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.227","src_port":40030,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00846{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1463060980313862,"flow_src_last_pkt_time":1463060980404996,"flow_dst_last_pkt_time":1463060980377579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":81,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":81,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.3","src_port":40461,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Unrated"}}
+00923{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1463060980313862,"flow_src_last_pkt_time":1463060980404996,"flow_dst_last_pkt_time":1463060980377579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":81,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":81,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.3","src_port":40461,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}}
 00758{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1463060980313862,"flow_src_last_pkt_time":1463060980404996,"flow_dst_last_pkt_time":1463060980377579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":81,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":81,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.3","src_port":40461,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1463060980349794,"flow_src_last_pkt_time":1463060980446140,"flow_dst_last_pkt_time":1463060980419797,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":1387,"flow_dst_tot_l4_payload_len":1350,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.110","src_port":48445,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1463060980336240,"flow_src_last_pkt_time":1463060980436239,"flow_dst_last_pkt_time":1463060980427767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3514,"flow_dst_tot_l4_payload_len":2737,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
@@ -77,7 +77,7 @@
 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":44,"flow_first_seen":1463075953299562,"flow_src_last_pkt_time":1463075954280999,"flow_dst_last_pkt_time":1463075954300949,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":4226,"flow_dst_tot_l4_payload_len":51309,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463060980378719,"flow_src_last_pkt_time":1463060980378719,"flow_dst_last_pkt_time":1463060980460459,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":1350,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1463060980364728,"flow_src_last_pkt_time":1463060980449696,"flow_dst_last_pkt_time":1463060980446842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":2700,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
-00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","packets-captured":518,"packets-processed":518,"total-skipped-flows":0,"total-l4-payload-len":326810,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":80,"global_ts_usec":1463075954300949}
+00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","packets-captured":518,"packets-processed":518,"total-skipped-flows":0,"total-l4-payload-len":326810,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":80,"global_ts_usec":1463075954300949}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 518/518
 ~~ skipped flows.............: 0
@@ -86,9 +86,9 @@
 ~~ total active/idle flows...: 10/10
 ~~ total timeout flows.......: 1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6443225 bytes
-~~ total memory freed........: 6443225 bytes
-~~ total allocations/frees...: 123061/123061
+~~ total memory allocated....: 6448202 bytes
+~~ total memory freed........: 6448202 bytes
+~~ total allocations/frees...: 123071/123071
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 2310 chars
diff --git a/test/results/quic046.pcap.out b/test/results/quic046.pcap.out
index 62dd5071b..f2b6c4bfe 100644
--- a/test/results/quic046.pcap.out
+++ b/test/results/quic046.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414694 bytes
-~~ total memory freed........: 6414694 bytes
-~~ total allocations/frees...: 122537/122537
+~~ total memory allocated....: 6419599 bytes
+~~ total memory freed........: 6419599 bytes
+~~ total allocations/frees...: 122547/122547
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 2286 chars
diff --git a/test/results/quic_0RTT.pcap.out b/test/results/quic_0RTT.pcap.out
index 4779c71d2..e99d8057b 100644
--- a/test/results/quic_0RTT.pcap.out
+++ b/test/results/quic_0RTT.pcap.out
@@ -23,9 +23,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6437394 bytes
-~~ total memory freed........: 6437394 bytes
-~~ total allocations/frees...: 122508/122508
+~~ total memory allocated....: 6442307 bytes
+~~ total memory freed........: 6442307 bytes
+~~ total allocations/frees...: 122518/122518
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 494 chars
 ~~ json string max len.......: 2177 chars
diff --git a/test/results/quic_crypto_aes_auth_size.pcap.out b/test/results/quic_crypto_aes_auth_size.pcap.out
index 7eaf2efae..6a197642f 100644
--- a/test/results/quic_crypto_aes_auth_size.pcap.out
+++ b/test/results/quic_crypto_aes_auth_size.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6438544 bytes
-~~ total memory freed........: 6438544 bytes
-~~ total allocations/frees...: 122493/122493
+~~ total memory allocated....: 6443457 bytes
+~~ total memory freed........: 6443457 bytes
+~~ total allocations/frees...: 122503/122503
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 510 chars
 ~~ json string max len.......: 2328 chars
diff --git a/test/results/quic_frags_ch_in_multiple_packets.pcapng.out b/test/results/quic_frags_ch_in_multiple_packets.pcapng.out
index 9efdbf3b9..3ca0b4b43 100644
--- a/test/results/quic_frags_ch_in_multiple_packets.pcapng.out
+++ b/test/results/quic_frags_ch_in_multiple_packets.pcapng.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6436776 bytes
-~~ total memory freed........: 6436776 bytes
-~~ total allocations/frees...: 122482/122482
+~~ total memory allocated....: 6441681 bytes
+~~ total memory freed........: 6441681 bytes
+~~ total allocations/frees...: 122492/122492
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 520 chars
 ~~ json string max len.......: 2224 chars
diff --git a/test/results/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out
index fe4ee8a25..7de6478b2 100644
--- a/test/results/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out
+++ b/test/results/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out
@@ -673,9 +673,9 @@
 ~~ total active/idle flows...: 113/113
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 8310219 bytes
-~~ total memory freed........: 8310219 bytes
-~~ total allocations/frees...: 126555/126555
+~~ total memory allocated....: 8316020 bytes
+~~ total memory freed........: 8316020 bytes
+~~ total allocations/frees...: 126565/126565
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 535 chars
 ~~ json string max len.......: 2366 chars
diff --git a/test/results/quic_interop_V.pcapng.out b/test/results/quic_interop_V.pcapng.out
index 1ab27fac0..0ac329c10 100644
--- a/test/results/quic_interop_V.pcapng.out
+++ b/test/results/quic_interop_V.pcapng.out
@@ -447,9 +447,9 @@
 ~~ total active/idle flows...: 77/77
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 7195520 bytes
-~~ total memory freed........: 7195520 bytes
-~~ total allocations/frees...: 124847/124847
+~~ total memory allocated....: 7201033 bytes
+~~ total memory freed........: 7201033 bytes
+~~ total allocations/frees...: 124857/124857
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 501 chars
 ~~ json string max len.......: 2203 chars
diff --git a/test/results/quic_q39.pcap.out b/test/results/quic_q39.pcap.out
index 316c07e1e..0c480c6fc 100644
--- a/test/results/quic_q39.pcap.out
+++ b/test/results/quic_q39.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6413532 bytes
-~~ total memory freed........: 6413532 bytes
-~~ total allocations/frees...: 122497/122497
+~~ total memory allocated....: 6418437 bytes
+~~ total memory freed........: 6418437 bytes
+~~ total allocations/frees...: 122507/122507
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 493 chars
 ~~ json string max len.......: 2309 chars
diff --git a/test/results/quic_q43.pcap.out b/test/results/quic_q43.pcap.out
index c82ef1f27..5ccdad372 100644
--- a/test/results/quic_q43.pcap.out
+++ b/test/results/quic_q43.pcap.out
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411804 bytes
-~~ total memory freed........: 6411804 bytes
-~~ total allocations/frees...: 122438/122438
+~~ total memory allocated....: 6416709 bytes
+~~ total memory freed........: 6416709 bytes
+~~ total allocations/frees...: 122448/122448
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 493 chars
 ~~ json string max len.......: 2285 chars
diff --git a/test/results/quic_q46.pcap.out b/test/results/quic_q46.pcap.out
index 64df53867..448650075 100644
--- a/test/results/quic_q46.pcap.out
+++ b/test/results/quic_q46.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412370 bytes
-~~ total memory freed........: 6412370 bytes
-~~ total allocations/frees...: 122457/122457
+~~ total memory allocated....: 6417275 bytes
+~~ total memory freed........: 6417275 bytes
+~~ total allocations/frees...: 122467/122467
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 493 chars
 ~~ json string max len.......: 2312 chars
diff --git a/test/results/quic_q46_b.pcap.out b/test/results/quic_q46_b.pcap.out
index 4e1910e65..add08db32 100644
--- a/test/results/quic_q46_b.pcap.out
+++ b/test/results/quic_q46_b.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412372 bytes
-~~ total memory freed........: 6412372 bytes
-~~ total allocations/frees...: 122457/122457
+~~ total memory allocated....: 6417277 bytes
+~~ total memory freed........: 6417277 bytes
+~~ total allocations/frees...: 122467/122467
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 495 chars
 ~~ json string max len.......: 2381 chars
diff --git a/test/results/quic_q50.pcap.out b/test/results/quic_q50.pcap.out
index 7d0e9cc8e..4209c96e5 100644
--- a/test/results/quic_q50.pcap.out
+++ b/test/results/quic_q50.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6422687 bytes
-~~ total memory freed........: 6422687 bytes
-~~ total allocations/frees...: 122476/122476
+~~ total memory allocated....: 6427592 bytes
+~~ total memory freed........: 6427592 bytes
+~~ total allocations/frees...: 122486/122486
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 493 chars
 ~~ json string max len.......: 2312 chars
diff --git a/test/results/quic_t50.pcap.out b/test/results/quic_t50.pcap.out
index 33f12fa38..599149611 100644
--- a/test/results/quic_t50.pcap.out
+++ b/test/results/quic_t50.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6422474 bytes
-~~ total memory freed........: 6422474 bytes
-~~ total allocations/frees...: 122470/122470
+~~ total memory allocated....: 6427379 bytes
+~~ total memory freed........: 6427379 bytes
+~~ total allocations/frees...: 122480/122480
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 493 chars
 ~~ json string max len.......: 2317 chars
diff --git a/test/results/quic_t51.pcap.out b/test/results/quic_t51.pcap.out
index a03bc5ff3..0bfbe3db0 100644
--- a/test/results/quic_t51.pcap.out
+++ b/test/results/quic_t51.pcap.out
@@ -7,22 +7,20 @@
 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1598620434482713,"flow_dst_last_pkt_time":1598620434419300,"flow_idle_time":200000000,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598620434482713,"pkt":"AAAAAAAAAAgAH83gCABFAAViXl9AAH8R7F2744iY0\/eTWtg8AbsFTtamzVQwNTEI\/5QVtbAFhg0AAEU0KsIg8w2st8fMy25uq6gsPA7KRO4wWARaQxn0e+nvMAG\/ncVOK2\/1iV8zM1GT+gj2yfRnYitTLViCwPF0TV0R7p64xnLqwrHTiNaW89JgMAHQze00LP7FiTbOvqpo5S+7AzCO4J36LH8gasnIPNye5ytyGP9hxarM0Gwv6wB1BKIgh6Hfi9vN\/Jaq\/hKaWtnsFyqFx21T1U0YmQzCOhcYGHZNHNGEmxqlfOiET0cy7A2zooythTNQBScefWz4fyugA0KO5z5EPbOCuLPnOhJ8u0jAA5snZ9Av4lfTCNurCTo\/b96gqEMXFCAN6kklskS6mSW1P2yxo93FRN9w3VFPyMe8m7WnAxPUMrijM3bZFrpYXz6N3LoSvj\/7t1mbaz3Ew6W7CCET2\/vUPuty0yYuKN9hlZRGZDAOI7p7UV84zBa3MKUoIB90BBwtqXlv\/AcyfRFhSrAf1TPDIen8IRojBr5qTqwwDIcvMREVIsmeXYDDAIh87njz+3l6UiC0r72z0Vz8KlwPmvyd1tNbK4UoVu5yliqV7BzHAT0P+flRjAVL+Vtw\/1eTO0KLmizThDqycqyAF1MjS6cC4BRlgBDuBvC7oqizuHTk4JOICP+TLa71t9U0MO4SvptmKRFy9UA159ziHHDRbAhIzzVEm+HGxTjT93PUzlkT4beWAgYYW5swcH8m2E+qX\/jfh4l+RAJ7s1FC99eqQD\/G2qHKz49sTvtw3eknSSHiADw1dFNDiGytHeAJqgKsYZ6xbxYgMT8vQQJWpcCaoPnc1R\/36QBSKDfO0Ei6I0Nk2Twp2jW7ybYg3WV9zcO8mcO+t2rUANioNNaghKiQ6\/\/kCvnfaOZl9\/nMaaP8oRI80YNnM3bBLePCUoIodPlfRsS+qRORwVaYVbmTkVd+7OOE68KIf+CtQJzWPG1I9szX6EUokwcVW4JeKB3DLXSgUJqbrCp8nB5Gt1Xl+DVmAWNn0zlmAkUkIYwVaRlUBt12nmZM5GfCFjeNYwyxKhMtco0zqNoFh6GPimEo\/HJoIaculB01PGh4MlKE33m6lcbQnV2mcjQy9+X6G7gJAvssvNVim+h2CyUIa0AFnvBEp0BZ0LQBw4xxW1+LO+851oEKlpBHf2CaPTJQbQ3lYLcFUbbZ7WxtncvtHzy\/SI9UgKeWcagnCcsYLbPsnPnloEl6cnUj6vnGVoFZ0zI4TVPk88\/biBoFXX37AYSAsISWoXJh5fdyK7Ub3uTshAtqeqBBTUeUFjb5Aj4cdCLyefeqdX7eVX7iolZTDjMHw6WHcQg9j8QT5ZehE6eQ3EWBv\/dyJkxi+P\/\/5RRqzAOol5xZb6h4LuhsvzWHQihAaP9MzFNZJKsrSoe\/spLPEQi09YKZ53xMfFjPTNozP7awNtIb6QltDJNIByFfslEQklWBp3nSDDraHwFBspLwhrXO\/4KJq80I0e6UvL2AGkUJ3WcnYVtrSbxxk4APJ7JesOtrVvfG0zUeYMWMSCdfwkF4KodqZGtJ3QATjzBea+nTD5uHk34dDyJnSJKk0ILq0jIFLho8LlWIyJH4QOXOz4qaWrv1Yq7zohspvZk7qqBfzWtq9nyRWQ1TZln6OTuRj1nSwDkH3Qwyv3P3ftVCIjgLduzJ1KxoPir\/gAp5xz8YWBMXoD3IJzkv\/PGQNpizq54tSdx\/+EwNQ0FXkMrTDVKVITAuSnBIkg9sH6JW+WpNYsbAPv3JnEFyzt8fIeM\/r0Qmf+N6zxgE9jaSg9C2Ue6YSiQO2VAdyYTxTvnFaxwR"}
 02311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1598620434482713,"flow_dst_last_pkt_time":1598620434530068,"flow_idle_time":200000000,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598620434530068,"pkt":"AAAAAAAAAAIA\/tPQCABFAAViAABAADcRkr3T95Nau+OImAG72DwFTube4VQwNTEACP+UFbWwBYYNRTU7ePJ1K+FSjOzh8I+88Xo3glhGN\/ISVgfZLjon36o\/Ic8wElvtdYWOln5kitImSZYvUwk1fG0vvw0gN4Ua6Bk3jF4z2+DlEmg31OHq+boraULEIZuAwjhjODmyz5ftYwgYtTSwoERmJiUKmhlyGLqx3S+tX8EjcRIqYjSOyHMu2jndr\/C7BAPP7JVT9ieYljjMWtEQ72Flay2RpFT4RImtEH0\/RK6iWf3t7LgbxjhC97n0j1DDD4P\/sZZ0bVIicKPYmXAEngVSoh3oIH6poziu1qlEA556yxALTbdx8jtmJX0Z9ooraLIBrb+pueGEs6xQAtF7up+LVAjymIfJeMB5q1EfGiD2ya\/Jh+zUG10j5iOvBK28sWnXxVEamKBupu9qXaXG0OjhurIE3b2Aod2vtsJ1NalOos0dYc\/g5+XXDK8tcQHad8aZpGNSUiRyAtmWcaYe8vO\/\/qYA5pPey63z\/sGlL7Ey0S9M9ZT2ZRHnqlxrqhQIy7XXexnza+a3DNLwUI04v3Ks1B1peq0gsFraKmD\/6yO0vbt0fXLwVt2hr3SDHm0oGrN74iZrIwUWQiIQl22WxQHTTjtYOTcvqWfO7uam1Ph5DVbFaDddigRvWdhF73OvmxThMwCc9l6X3P\/tUIdb8CggvQWiMRN5Vhy4Rljya+ZIOcdjbzMw68oRgdgPhct14QVofXpMjJfC3oqi\/nNbGLQ5rYKneQ7CWh9RSv34L3R5RDGC\/pHwyv6PGgI8KRf9+QUC+7gYPb+kZQquYvru8Z0knElk\/9u3Xyd8knK1jpgFTg1HNdqhCD3oyFIuAFRWqcgNxU6wz1LaRi24VFE+eJ0o+rsi\/pnfI0su+wrGhXYRbyyiy4ZzbqahkZoPZ2zQGAKW1nnvD6p\/zaLVXZsU4jxLWam2WqckX1QTbgPxB0wawYNhyf2CAAhEQ29\/cwWUpxFyoXDPB+hK4kW7liS10zysc5bs+sslvGCpqRb0Lis637gfgiMEACVosS5TN56wDxHV6753I9W1zSBCNXxUKOAdDNb1MGhBZT\/uUW49hJ6JXcGEhfw+P+5AzMdiqKpUSFKgaiqJSf3iiv2\/RtnFbJ1FaRBOTOgw3ARkcPvJN0sfzLk7RKlSqTCXk8peiPFwt5uzAbWqrhfe\/Yen8D2DWvWSruKHIC7o+GazJ+\/eyppnocCPGQQZ2lonOQT2qyNSZ9COW8HeAaqf7QCJhvb8S9SVVml5KBhnwRNbnuZICaxg9vyFjeBwKI7SstbJ3b7slReERnG3DvEqM+ouROXRlpGgUREXlGwb7N2UJ1jjo460vUe38pW2vZ1XnXYGDBL3642Nhsv8\/xSPSuRmLvvooBVMWLWW5v+LMlMcoNIIM6xibupcxuyIqKDqNmsScanfhq83xCw4xKptGbS9bu\/A0yrmv3Atgn3WXnx2khAoVngZCR0MbqmA7T5k\/rUKhB49pS3ip3KT03PKvjuwDr50ynUXfZOYJ3+OmI37LBmqEhKgv5YHHEjRB8VHHXAh8Aok+ht+KljGfYLx0rx0y2IXVcxRnvPFVtHn6kBareUX1Lz56co6YIb9788QnPlkfq1D0P\/\/4uwz67uvdUChfS0JSNQ18zYOyJ360r3AVfKXmyQ19aUMj\/EcNueVwU0nbl2KSsYn1Gfl7zj0ewbm+BiPQNHMgAkoRMw02Osi\/TmhB+pfcq61IRV5796uYYuP\/e1+49LMsN6JtJapar+\/bfHd+ip7c\/\/L52jGcE3Fey3bVNYI8YmxgiEd0S1usipgR\/OJ"}
 02298{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1598620434482713,"flow_dst_last_pkt_time":1598620434530087,"flow_idle_time":200000000,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598620434530087,"pkt":"AAAAAAAAAAIA\/tPQCABFAAViAABAADcRkr3T95Nau+OImAG72DwFTvWw7lQwNTEACP+UFbWwBYYNRTWFFap3NZueejSHTEbypHeKREWRxqFhCyZ5IFZ0eMPI1H48IlicfZNkXoAWlnYiFV7bh\/SgyFOQ1pzqpY4Gn+dZg1igPWwPXjEkbDJ6Uie4ErETtBEXPCHdh0EPbcG66CEGsqP3FcGhBvmBZ6nLZXtHGFm8TZPZLCjcEWUg3j+yh1uJpfKvfgdjQXh\/BKjL946XeM8A3dQwTCj7w0RU4XQ+LgKO5R5jUOWwNACvmRA4ChETSCDHR4\/BAzDovDeZBIcfCGhDNPuYCn0YgSbiKK\/zKtEbn2g8SAWOGtzORXbtbz7cr3FZq9+52D1ciyRqZMVAhZJn6boHkLy8FiSsJcgUNmFlpFnM5CbmVt+Z3TalUOLmIad0ZBJ\/frS25nxzdMvyMkHuNowggmF5lhEeoHaWyFEIcqz0HqYgX9hRGG6fJHHJDeuqY2DZzkMFK5lXdq830OGjj5x2saXsr3OlkQRqhBSGhxG8UUKpcbzUIRCc14PBKwtK58SIzfKg9C2dH1Ndip\/iMgaZp1dLSjMgGMxpFjTnm18D2DnhMbRC3SF0n9NQv1yxds\/5\/VLS7vlRw085hWdBDcF5JsrSqCb7FrIGqCAJ6aEeEk2C5NCIEHLGpE\/8Mrk0r3V+oyUCi5EUJoj7yFrgbAI\/RLP2DX5PzYPxVTVcCPNWxwAsonFHo2UzqB9GByR9XsVOyiNMiXSmCP1h7RNHRBTW+W+GEKnZsHlit\/daPgCMDsn+uRJkfq08o0Wc8dtlQdBvGaiOyAz5kxn9XlLa2XMJVdY5fa0fvmKEA8kLRIsUWffWkNMWjlbFbe4\/4K6v5\/2vl6j4PIKwrTE3NX480XOutB0tHFeaBywMhTUrJM8\/2LEUuohxcw8ZJUMhyz8KLelYrkfR4ZEmPHlrlks1U+ptnZRctCqp6xS15oIDC2K9IvH6W4XVPXW5E6wTMgi2mDpZEkWMsRcntggQXrcuBYU6Zv2UWEKNUfFTBgz1KVhJpmpS4Xtc7F4NEQ2NoEIYQl+RaDfoFKprDp3shiANgPwfFEVHOLO72rKzBM1JtbcQAk2OwIiNamkunnJ\/nJitxlIW52Xeo0s2OwSYNPFF5zyhBUq5ylZcmxfa6MxT8JqgkvJT6UrrMDYFURtuX0ryQCk\/XPnIFL82IABneSi4Hs5V82gBRFJuY536RKXy0Y+Fmmlg3ORBkeur7nF4WNLwf4uKdeZDa4zi4F5ERbAlPepeCgnqktYXzIIcX+zttEmBzBP8oQgxfobusz6BiWXRPhFCorFz9af2XffpBUFzon7jFEaUHMZEWx2T\/G0b6rOVrMUsciysio8OUm3qepoHWfs017iLVwdUjBzLV8bfsI876uYCB7FOOWmpFjtlfEcfFvovuxYQo3c2P2+FTRFibJG3fxpLnuZL+xZ9WuB0sUCqoGe0Nj8mWgJjvIMlZr4UBHPVa9FuCSvw43Jx3Z4zkFEFLwlnXF7XomFdjjzfNyGEva90KOeWy3V0Xm36xhL9ZfJd7024bmBrSU07\/OIwQL4RM2pylqUn8vtXHdDenj0RW6L9cUJF5+gefDnLwPN\/LkqvDQ9XoQLkYPyIOrW3yOipSRZ6qssVteVhp7yz6wIlf+om4vamOC+pjDHdk54a1\/tUFkk6iLfsqzmXEDMc9twzy8aI6ruHx9Y75G06eKdfUoetoe+oo6I+bKN+bF3ODBFJJL3VoG2yoSGLlcmnzauulsMAmGP4trS\/oNUS7VcK8uv8Q4iCrkL2Z7LQ3A3kywkt3RVfSW0P5p96Zzps"}
-02203{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1598620434413428,"flow_src_last_pkt_time":1598620467988515,"flow_dst_last_pkt_time":1598620467941031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":4666,"flow_dst_tot_l4_payload_len":8428,"midstream":0,"thread_ts_usec":1598620467988515,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":2164602.8,"max":19582580,"stddev":5209676.0,"var":27140724621312.0,"ent":2.5,"data": [5872,69285,110768,19,33,113561,2317,5835,79981,27,46402,10090862,10162287,246207,1361,7,331600,26165,19472426,19582580,120230,670,167,185037,26475,2999498,3090044,125889,1350,111,205624]},"pktlen": {"min":53,"avg":437.2,"max":1378,"stddev":500.3,"var":250315.8,"ent":4.1,"data": [1378,1378,1378,1378,1378,1240,69,69,101,54,644,61,989,53,668,54,299,61,61,497,53,720,54,137,61,61,211,53,456,54,259,61]},"bins": {"c_to_s": [0,8,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0],"s_to_c": [7,0,0,1,0,0,0,1,1,0,0,0,0,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0]},"directions": [0,1,0,1,1,1,0,0,0,1,1,0,0,1,1,1,1,0,0,0,1,1,1,1,0,0,0,1,1,1,1,0],"entropies": [7.869323730,7.856849670,7.844151974,7.845833778,7.865318298,7.844552517,5.639471054,5.726426601,6.218957901,5.208410263,7.701806545,5.635654926,7.814414501,5.246605873,7.688014030,5.353935242,7.329473972,5.701228619,5.602868080,7.546798706,5.284341812,7.731115818,5.282484531,6.512764931,5.557705879,5.570081234,6.968918324,5.284341812,7.518057823,5.231468201,7.265197754,5.557705879]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":205,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":72,"flow_dst_packets_processed":132,"flow_first_seen":1598620434413428,"flow_src_last_pkt_time":1598620488484485,"flow_dst_last_pkt_time":1598620488458891,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":8772,"flow_dst_tot_l4_payload_len":133705,"midstream":0,"thread_ts_usec":1598620488484485,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":642,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":171,"flow_dst_packets_processed":471,"flow_first_seen":1598620434413428,"flow_src_last_pkt_time":1598620524479693,"flow_dst_last_pkt_time":1598620524442441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":21835,"flow_dst_tot_l4_payload_len":524919,"midstream":0,"thread_ts_usec":1598620524479693,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":642,"source":"quic_t51.pcap","alias":"nDPId-test","packets-captured":642,"packets-processed":642,"total-skipped-flows":0,"total-l4-payload-len":546754,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1598620524479693}
+00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1598620434413428,"flow_src_last_pkt_time":1598620434650828,"flow_dst_last_pkt_time":1598620434610128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":2888,"flow_dst_tot_l4_payload_len":5904,"midstream":0,"thread_ts_usec":1598620434650828,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"quic_t51.pcap","alias":"nDPId-test","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":8792,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1598620434650828}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
-~~ packets captured/processed: 642/642
+~~ packets captured/processed: 12/12
 ~~ skipped flows.............: 0
-~~ total layer4 data length..: 546754 bytes
+~~ total layer4 data length..: 8792 bytes
 ~~ total detected protocols..: 1
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6440747 bytes
-~~ total memory freed........: 6440747 bytes
-~~ total allocations/frees...: 123100/123100
+~~ total memory allocated....: 6427382 bytes
+~~ total memory freed........: 6427382 bytes
+~~ total allocations/frees...: 122480/122480
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 493 chars
 ~~ json string max len.......: 2316 chars
-~~ json string avg len.......: 1403 chars
+~~ json string avg len.......: 1400 chars
diff --git a/test/results/quickplay.pcap.out b/test/results/quickplay.pcap.out
index 380bdba62..fbdb21a07 100644
--- a/test/results/quickplay.pcap.out
+++ b/test/results/quickplay.pcap.out
@@ -141,9 +141,9 @@
 ~~ total active/idle flows...: 21/21
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6458557 bytes
-~~ total memory freed........: 6458557 bytes
-~~ total allocations/frees...: 122915/122915
+~~ total memory allocated....: 6463622 bytes
+~~ total memory freed........: 6463622 bytes
+~~ total allocations/frees...: 122925/122925
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 494 chars
 ~~ json string max len.......: 2405 chars
diff --git a/test/results/radius_false_positive.pcapng.out b/test/results/radius_false_positive.pcapng.out
index 39490e020..d6d06cda1 100644
--- a/test/results/radius_false_positive.pcapng.out
+++ b/test/results/radius_false_positive.pcapng.out
@@ -6,9 +6,9 @@
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1638897892751700,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_usec":1638897892751700,"pkt":"AAAAAAAAAAUAHNVSht1gBf3HAB8RNyvGtazLO2drAAAAAAAAABg9ujdiwYbhIomwUXCobOz\/AbvPiQAfGG4AA72ZrkYpyvqLS4TIp3bivr3zq\/PFuA=="}
 00817{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1638897892752869,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"pkt_caplen":283,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":283,"pkt_l4_len":229,"thread_ts_usec":1638897892752869,"pkt":"AAAAAAAAAAUAHNVSht1gBf3HAOURNyvGtazLO2drAAAAAAAAABg9ujdiwYbhIomwUXCobOz\/AbvPiQDlccwABGVF2QcnpzsvNwXHhnVYuvotOEZAFZyRstLhm5Vh8Y\/qjK+eAOivL9FfakfqselPfzU8unBIuLM1Gkl3hUCkDyi+vg32wZhmWtIpghdDZrkT8mPeJhzpBInbvmZgkVuAprrK41CoxKKjDlIkF+W84hfikpn3qkgLCEYuKToKkyTwbJLdd0NDQonRVcTPtbDVskjblaU5087vFl1B3+DiXjvx4mrrxoJ1o2m4QK+5Itx4XXf\/cDDYpVAKVU4JUhg7EBvC5CSSa69pj7lgUC+G\/vuoC9GDJzbBnxQBog=="}
 00816{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1638897892775793,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"pkt_caplen":283,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":283,"pkt_l4_len":229,"thread_ts_usec":1638897892775793,"pkt":"AAAAAAAAAAUAHNVSht1gBf3HAOURNyvGtazLO2drAAAAAAAAABg9ujdiwYbhIomwUXCobOz\/AbvPiQDluwgABfL8+5jX9fJKzrGkYq50E3Kkrx2byhv\/1lxrsSEANv3rwV8oSZP1Kf9LnwvyulYNqHc0eA8kixsVINh0AEVVU7DdtZDWH0NB+uRHdIIMWflJVbH+jmh9USiXpEGMxWJMIsMKuWOo1oHx\/4WcMYLRLNqhlbRCt1SlzydohkUP0dPUhy0JEmQ2dcM9ySIjkPYCfM2x3oISOX1bfEnNb7p3pKZ5PyZPkuqec+dbYP0kRWjDfMgN9cmqV8B57rWtYeFeQ7inL7drCI8NtuFQhaY3EFIVsYr2d9Va2PyzOQ=="}
-00901{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":10,"source":"radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1638897892722857,"flow_src_last_pkt_time":1638897893066501,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6859,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638897893066501,"l3_proto":"ip6","src_ip":"2bc6:b5ac:cb3b:676b::18","dst_ip":"3dba:3762:c186:e122:89b0:5170:a86c:ecff","src_port":443,"dst_port":53129,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
+00978{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":10,"source":"radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1638897892722857,"flow_src_last_pkt_time":1638897893066501,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6859,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638897893066501,"l3_proto":"ip6","src_ip":"2bc6:b5ac:cb3b:676b::18","dst_ip":"3dba:3762:c186:e122:89b0:5170:a86c:ecff","src_port":443,"dst_port":53129,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}}
 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1638897892722857,"flow_src_last_pkt_time":1638897893066501,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6859,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638897893066501,"l3_proto":"ip6","src_ip":"2bc6:b5ac:cb3b:676b::18","dst_ip":"3dba:3762:c186:e122:89b0:5170:a86c:ecff","src_port":443,"dst_port":53129,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00575{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"radius_false_positive.pcapng","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":6859,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1638897893066501}
+00575{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"radius_false_positive.pcapng","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":6859,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1638897893066501}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 10/10
 ~~ skipped flows.............: 0
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412036 bytes
-~~ total memory freed........: 6412036 bytes
-~~ total allocations/frees...: 122446/122446
+~~ total memory allocated....: 6416941 bytes
+~~ total memory freed........: 6416941 bytes
+~~ total allocations/frees...: 122456/122456
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 508 chars
 ~~ json string max len.......: 2193 chars
diff --git a/test/results/raknet.pcap.out b/test/results/raknet.pcap.out
index 90968e6f3..141f19311 100644
--- a/test/results/raknet.pcap.out
+++ b/test/results/raknet.pcap.out
@@ -101,9 +101,9 @@
 ~~ total active/idle flows...: 12/12
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6433460 bytes
-~~ total memory freed........: 6433460 bytes
-~~ total allocations/frees...: 122623/122623
+~~ total memory allocated....: 6438453 bytes
+~~ total memory freed........: 6438453 bytes
+~~ total allocations/frees...: 122633/122633
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 2435 chars
diff --git a/test/results/rdp.pcap.out b/test/results/rdp.pcap.out
index 04983229e..74d00b5a1 100644
--- a/test/results/rdp.pcap.out
+++ b/test/results/rdp.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6470046 bytes
-~~ total memory freed........: 6470046 bytes
-~~ total allocations/frees...: 124447/124447
+~~ total memory allocated....: 6474951 bytes
+~~ total memory freed........: 6474951 bytes
+~~ total allocations/frees...: 124457/124457
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 474 chars
 ~~ json string max len.......: 2285 chars
diff --git a/test/results/reasm_crash_anon.pcapng.out b/test/results/reasm_crash_anon.pcapng.out
index 83493eab8..520f2bb97 100644
--- a/test/results/reasm_crash_anon.pcapng.out
+++ b/test/results/reasm_crash_anon.pcapng.out
@@ -20,9 +20,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6419855 bytes
-~~ total memory freed........: 6419855 bytes
-~~ total allocations/frees...: 122646/122646
+~~ total memory allocated....: 6424760 bytes
+~~ total memory freed........: 6424760 bytes
+~~ total allocations/frees...: 122656/122656
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 503 chars
 ~~ json string max len.......: 1997 chars
diff --git a/test/results/reasm_segv_anon.pcapng.out b/test/results/reasm_segv_anon.pcapng.out
index 9c325a5ed..33aa51115 100644
--- a/test/results/reasm_segv_anon.pcapng.out
+++ b/test/results/reasm_segv_anon.pcapng.out
@@ -50,9 +50,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414124 bytes
-~~ total memory freed........: 6414124 bytes
-~~ total allocations/frees...: 122518/122518
+~~ total memory allocated....: 6419029 bytes
+~~ total memory freed........: 6419029 bytes
+~~ total allocations/frees...: 122528/122528
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 348 chars
 ~~ json string max len.......: 2467 chars
diff --git a/test/results/reddit.pcap.out b/test/results/reddit.pcap.out
index 5bdf8ad67..8c2b084cf 100644
--- a/test/results/reddit.pcap.out
+++ b/test/results/reddit.pcap.out
@@ -133,485 +133,481 @@
 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686109012,"flow_dst_last_pkt_time":1605291686071076,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686109012,"pkt":"qtsDr8lk5EKm5WPyht1gCVbzACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PgBu3BHT1EUASYRgBEB+7tKAAABAQgKqXTmMMLXOKk="}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686109028,"flow_dst_last_pkt_time":1605291686071075,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686109028,"pkt":"qtsDr8lk5EKm5WPyht1gB\/ybACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PoBu\/q4ZTGemEx1gBEB+2n7AAABAQgKqXTmMMLXOKk="}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686109044,"flow_dst_last_pkt_time":1605291686072675,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686109044,"pkt":"qtsDr8lk5EKm5WPyht1gAreKACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PwBu8WSV7Gn4kvzgBEB+6PWAAABAQgKqXTmMMLXOKo="}
-01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":490,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686035717,"flow_src_last_pkt_time":1605291686108927,"flow_dst_last_pkt_time":1605291686110087,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686110087,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01568{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":492,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686035717,"flow_src_last_pkt_time":1605291686108927,"flow_dst_last_pkt_time":1605291686110088,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686110088,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","tls": {"version":"TLSv1.2","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}}
-01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":498,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686035808,"flow_src_last_pkt_time":1605291686109012,"flow_dst_last_pkt_time":1605291686127575,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686127575,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":501,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686035833,"flow_src_last_pkt_time":1605291686109028,"flow_dst_last_pkt_time":1605291686128443,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686128443,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01568{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686035808,"flow_src_last_pkt_time":1605291686127595,"flow_dst_last_pkt_time":1605291686128443,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686128443,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","tls": {"version":"TLSv1.2","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}}
-01568{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":508,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686035833,"flow_src_last_pkt_time":1605291686128460,"flow_dst_last_pkt_time":1605291686128567,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686128567,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","tls": {"version":"TLSv1.2","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}}
-01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686035788,"flow_src_last_pkt_time":1605291686108978,"flow_dst_last_pkt_time":1605291686128567,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686128567,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01568{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":516,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686035788,"flow_src_last_pkt_time":1605291686128585,"flow_dst_last_pkt_time":1605291686129580,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686129580,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","tls": {"version":"TLSv1.2","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686084954,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686129581,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdELkPzEPbiYGyoBJXgE4hAAACBAV4AQMDAwQCCArC1zjcqXTmGA=="}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686084924,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686129581,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDvdaN0mUbYB0oBJXgO0tAAACBAV4AQMDAwQCCArC1zjbqXTmGA=="}
-01295{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":521,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686035852,"flow_src_last_pkt_time":1605291686109044,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686129581,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1605291686129607,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686129607,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJgbK5D8xEgBAB+9IFAAABAQgKqXTmRcLXONw="}
-00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1605291686129611,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686129611,"pkt":"qtsDr8lk5EKm5WPyht1gBTHMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3Q4Bu5RtgHT3WjdKgBAB+3ESAAABAQgKqXTmRcLXONs="}
-01227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1605291686129954,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291686129954,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJgbK5D8xEgBgB+3f+AAABAQgKqXTmRcLXONwWAwECAAEAAfwDA9erSYCt3PYYZEktL7MJcpGlYIX2xYNgs1\/AtKvB7xt0IOR+LE0dhUbDAJPbNSHJ7ZIObTOEyDbEgQFzR3Tqo8K3ACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNaWgAAAAAAGgAYAAAVZW1vamkucmVkZGl0bWVkaWEuY29tABcAAP8BAAEAAAoACgAIiooAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmKigABAAAdACA5IMr2gd92bNdZoVSKNUS0n14cDWaYPOFRO\/ISsXyZWAAtAAIBAQArAAsKOjoDBAMDAwIDAQAbAAMCAAI6OgABAAAVAMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01213{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686084954,"flow_src_last_pkt_time":1605291686129954,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686129954,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1605291686130302,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291686130302,"pkt":"qtsDr8lk5EKm5WPyht1gBTHMAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3Q4Bu5RtgHT3WjdKgBgB+\/3uAAABAQgKqXTmRsLXONsWAwECAAEAAfwDA4GdOggSfHPw+AY29Rg\/SPpX1EvYgag3sKMDz0p3DP7TIO0fmepycQbGXW2mLDxW3tcA\/yME9vaj7LwCLtdTp4PsACBaWhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZN6egAAAAAAGgAYAAAVZW1vamkucmVkZGl0bWVkaWEuY29tABcAAP8BAAEAAAoACgAIGhoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkaGgABAAAdACDCTo9dia+yCi8f0GaLNc2V6H3a5\/JGRsJBcmD\/97c\/aQAtAAIBAQArAAsKOjoDBAMDAwIDAQAbAAMCAAK6ugABAAAVAMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01213{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":528,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686084924,"flow_src_last_pkt_time":1605291686130302,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686130302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686099717,"flow_dst_last_pkt_time":1605291686137679,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686137679,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdABmbR4Z8rX95gBALME5BAAABAQgKwtc44ql05ic="}
-01569{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":535,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1605291686035852,"flow_src_last_pkt_time":1605291686137695,"flow_dst_last_pkt_time":1605291686137882,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686137882,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","tls": {"version":"TLSv1.2","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686099570,"flow_dst_last_pkt_time":1605291686137883,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686137883,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdAmJL0E0Gjp0kgBALMNU7AAABAQgKwtc44ql05ic="}
-01297{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":541,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686060652,"flow_src_last_pkt_time":1605291686099570,"flow_dst_last_pkt_time":1605291686137884,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686137884,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01581{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":554,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686060652,"flow_src_last_pkt_time":1605291686137929,"flow_dst_last_pkt_time":1605291686138254,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686138254,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}}
-01297{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":571,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686060634,"flow_src_last_pkt_time":1605291686099717,"flow_dst_last_pkt_time":1605291686138281,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686138281,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01581{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":573,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1605291686060634,"flow_src_last_pkt_time":1605291686099717,"flow_dst_last_pkt_time":1605291686138281,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686138281,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686099811,"flow_dst_last_pkt_time":1605291686138302,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686138302,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc\/oyw49TvcdbcgBALMHS1AAABAQgKwtc45Kl05ic="}
-01297{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":680,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686060608,"flow_src_last_pkt_time":1605291686099811,"flow_dst_last_pkt_time":1605291686141552,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686141552,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686100889,"flow_dst_last_pkt_time":1605291686141552,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686141552,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBGVsk6YAYOGSgBALMNB1AAABAQgKwtc466l05ig="}
-01297{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":686,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686060669,"flow_src_last_pkt_time":1605291686100889,"flow_dst_last_pkt_time":1605291686141731,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686141731,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01581{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":688,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686060608,"flow_src_last_pkt_time":1605291686141570,"flow_dst_last_pkt_time":1605291686141731,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686141731,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686100785,"flow_dst_last_pkt_time":1605291686141909,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686141909,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBugO8IiJd61ngBALMJwEAAABAQgKwtc46al05ig="}
-01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":696,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686064532,"flow_src_last_pkt_time":1605291686100785,"flow_dst_last_pkt_time":1605291686141910,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686141910,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01550{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":700,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686064532,"flow_src_last_pkt_time":1605291686141956,"flow_dst_last_pkt_time":1605291686142640,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686142640,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","tls": {"version":"TLSv1.2","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}}}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686100989,"flow_dst_last_pkt_time":1605291686144251,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686144251,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCGPwRcYBxWgngBALMJfQAAABAQgKwtc476l05ig="}
-01581{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":713,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686060669,"flow_src_last_pkt_time":1605291686143310,"flow_dst_last_pkt_time":1605291686144252,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686144252,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686101082,"flow_dst_last_pkt_time":1605291686144252,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686144252,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCnzgy8cZci+BgBALMBnUAAABAQgKwtc48Kl05ik="}
-01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":717,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686064563,"flow_src_last_pkt_time":1605291686100989,"flow_dst_last_pkt_time":1605291686144351,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686144351,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01550{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":722,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686064563,"flow_src_last_pkt_time":1605291686144359,"flow_dst_last_pkt_time":1605291686145060,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686145060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","tls": {"version":"TLSv1.2","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}}}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686103163,"flow_dst_last_pkt_time":1605291686145061,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686145061,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDA6Vo\/ls46ULgBALMObsAAABAQgKwtc48al05is="}
-01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":736,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686064586,"flow_src_last_pkt_time":1605291686146132,"flow_dst_last_pkt_time":1605291686146916,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686146916,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01550{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":738,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686064586,"flow_src_last_pkt_time":1605291686146132,"flow_dst_last_pkt_time":1605291686146919,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686146919,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","tls": {"version":"TLSv1.2","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}}}
-01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":751,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686064604,"flow_src_last_pkt_time":1605291686146162,"flow_dst_last_pkt_time":1605291686148836,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686148836,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01550{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":754,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686064604,"flow_src_last_pkt_time":1605291686146162,"flow_dst_last_pkt_time":1605291686148836,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686148836,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","tls": {"version":"TLSv1.2","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}}}
-02163{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":779,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1605291686035769,"flow_src_last_pkt_time":1605291686160496,"flow_dst_last_pkt_time":1605291686157690,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":3806,"flow_dst_tot_l4_payload_len":3988,"midstream":0,"thread_ts_usec":1605291686160496,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7956.4,"max":41517,"stddev":14223.9,"var":202320352.0,"ent":3.1,"data": [29904,29917,129,38003,2302,1,40177,45,72,0,17,3,2699,111,630,30,181,4,41517,1269,39145,1579,42,7307,1546,7292,2107,217,138,38,226]},"pktlen": {"min":72,"avg":316.1,"max":1460,"stddev":366.7,"var":134435.4,"ent":4.3,"data": [80,80,72,589,72,1120,1120,72,72,1120,592,72,72,165,171,361,391,1460,269,72,330,72,195,227,72,138,72,217,110,182,183,294]},"bins": {"c_to_s": [8,1,1,4,2,0,2,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0],"s_to_c": [4,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,0,0,0,0],"entropies": [4.882011414,5.304953098,5.179864883,4.549963951,5.111409664,6.918439388,7.329545975,5.245904922,5.188381195,7.346970558,7.538538456,5.218127251,5.245904922,5.939581871,6.414350033,7.179112434,7.152504921,7.613826752,6.820423126,5.139187336,7.056142330,5.190349579,6.550985336,6.538044453,5.083631992,6.217070103,5.162571907,6.655886650,5.512269497,6.450225830,6.518562317,6.906108856]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686129954,"flow_dst_last_pkt_time":1605291686180561,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686180561,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdELkPzETbiYO3gBALMMaaAAABAQgKwtc5Dal05kU="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686130302,"flow_dst_last_pkt_time":1605291686180589,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686180589,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDvdaN0qUbYJ5gBALMGWmAAABAQgKwtc5DKl05kY="}
-01296{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":807,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686084954,"flow_src_last_pkt_time":1605291686129954,"flow_dst_last_pkt_time":1605291686182404,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686182404,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01580{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":809,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1605291686084954,"flow_src_last_pkt_time":1605291686129954,"flow_dst_last_pkt_time":1605291686182405,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686182405,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}}
-01296{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":811,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686084924,"flow_src_last_pkt_time":1605291686130302,"flow_dst_last_pkt_time":1605291686182406,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686182406,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01580{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":818,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686084924,"flow_src_last_pkt_time":1605291686182436,"flow_dst_last_pkt_time":1605291686183890,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686183890,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}}
-01966{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":865,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605291686060652,"flow_src_last_pkt_time":1605291686199280,"flow_dst_last_pkt_time":1605291686201936,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1550,"flow_dst_tot_l4_payload_len":9238,"midstream":0,"thread_ts_usec":1605291686201936,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9029.4,"max":48292,"stddev":15572.2,"var":242494768.0,"ent":3.2,"data": [38700,38720,198,38531,1,38345,41,14,329,0,334,4,2216,2804,187,210,6465,48292,2910,39329,6844,2704,1,9551,251,801,2129,0,0,1,0]},"pktlen": {"min":72,"avg":409.6,"max":1120,"stddev":435.5,"var":189657.0,"ent":4.2,"data": [80,80,72,589,72,1120,72,1120,72,1120,602,72,72,165,171,436,468,115,72,330,72,72,72,138,72,110,72,1120,1120,1120,1120,1120]},"bins": {"c_to_s": [8,2,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1,1,1,1,1],"entropies": [4.734510422,5.203058243,5.273682594,4.560284615,5.139187336,6.919415474,5.273682594,7.320698738,5.273682594,7.355862617,7.598192215,5.301460266,5.301460266,6.043826580,6.386544228,7.400215149,7.219000340,5.771939278,5.139187336,7.067717552,5.190349579,5.055854321,5.055854321,6.171116352,5.245904922,5.665874481,5.111409664,7.825948715,7.822474480,7.825513840,7.821124554,7.834854126]}}
-01584{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":865,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605291686060652,"flow_src_last_pkt_time":1605291686199280,"flow_dst_last_pkt_time":1605291686201936,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1550,"flow_dst_tot_l4_payload_len":9238,"midstream":0,"thread_ts_usec":1605291686201936,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}}
-01947{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":910,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291686064532,"flow_src_last_pkt_time":1605291686204966,"flow_dst_last_pkt_time":1605291686203988,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1563,"flow_dst_tot_l4_payload_len":5635,"midstream":0,"thread_ts_usec":1605291686204966,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9028.7,"max":60278,"stddev":18333.8,"var":336128832.0,"ent":2.7,"data": [36077,36109,144,41300,1,41154,44,17,686,0,689,5,2344,1105,220,36,172,60278,1038,0,57438,31,0,0,0,1,0,25,34,2,940]},"pktlen": {"min":72,"avg":297.4,"max":1120,"stddev":353.7,"var":125114.1,"ent":4.2,"data": [80,80,72,589,72,1120,72,1120,72,1120,576,72,72,165,171,446,359,227,72,330,72,72,138,72,72,72,1120,687,72,72,72,110]},"bins": {"c_to_s": [10,1,1,1,1,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,1,1,1,1,0,0,0,0],"entropies": [4.791447639,5.270516872,5.273682594,4.464357376,5.111409664,6.904564381,5.273682594,7.359911442,5.273682594,7.337382793,7.522022247,5.273682594,5.273682594,6.074471474,6.455021381,7.426345348,7.089967251,6.816715717,5.083631992,7.110243320,5.083631992,5.218127251,6.187361240,5.008678436,5.036456108,5.064233780,7.784244537,7.688348293,5.230819225,5.245904922,5.235420227,5.565464973]}}
-01553{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":910,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291686064532,"flow_src_last_pkt_time":1605291686204966,"flow_dst_last_pkt_time":1605291686203988,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1563,"flow_dst_tot_l4_payload_len":5635,"midstream":0,"thread_ts_usec":1605291686204966,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","tls": {"version":"TLSv1.2","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}}}
-01953{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1052,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291686084954,"flow_src_last_pkt_time":1605291686233012,"flow_dst_last_pkt_time":1605291686233017,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1107,"flow_dst_tot_l4_payload_len":8188,"midstream":0,"thread_ts_usec":1605291686233017,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9552.3,"max":52464,"stddev":18854.0,"var":355471904.0,"ent":2.8,"data": [44627,44653,347,50980,1843,1,0,0,52464,10,3,2,2413,668,102,121,49031,1,45760,75,169,1186,0,1,1,1443,16,7,133,49,15]},"pktlen": {"min":72,"avg":363.0,"max":1120,"stddev":422.8,"var":178733.3,"ent":4.1,"data": [80,80,72,589,72,1120,1120,1120,602,72,72,72,72,165,171,389,153,72,330,72,72,72,138,72,1120,1118,72,72,72,1120,72,1120]},"bins": {"c_to_s": [11,0,2,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,0,1,1,1,1,1,1,0,0,0,1,0,1],"entropies": [4.907011986,5.354953289,5.301460266,4.552157402,5.139187336,6.938700199,7.322981834,7.354511738,7.534717083,5.245904922,5.218127251,5.245904922,5.273682594,6.089848042,6.412801743,7.335155964,6.124976635,5.139187336,7.085140228,5.273682594,5.111409664,5.028076649,6.191080093,5.111409664,7.845114708,7.817538738,5.273682594,5.245904922,5.263197899,7.819205284,5.245904922,7.795106411]}}
-01584{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1052,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291686084954,"flow_src_last_pkt_time":1605291686233012,"flow_dst_last_pkt_time":1605291686233017,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1107,"flow_dst_tot_l4_payload_len":8188,"midstream":0,"thread_ts_usec":1605291686233017,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}}
-00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1160,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291686301196,"flow_src_last_pkt_time":1605291686301196,"flow_dst_last_pkt_time":1605291686301196,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686301196,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1160,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1605291686301196,"flow_dst_last_pkt_time":1605291686301196,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686301196,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3ML0AAAAAoAL9IDDZAAACBAWgBAIICql05vEAAAAAAQMDBw=="}
-00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1203,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686301196,"flow_dst_last_pkt_time":1605291686327034,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686327034,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdEkHBFWUkNzC+oBJXgILuAAACBAV4AQMDAwQCCArC1zmoqXTm8Q=="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1605291686327076,"flow_dst_last_pkt_time":1605291686327034,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686327076,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3ML5BwRVmgBAB+wbmAAABAQgKqXTnC8LXOag="}
-01227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1211,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1605291686327471,"flow_dst_last_pkt_time":1605291686327034,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291686327471,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3ML5BwRVmgBgB+6IBAAABAQgKqXTnC8LXOagWAwECAAEAAfwDA3fQE2bFMSg9V0ArEx1DsWJIv73oxXvB9GJfjd2ybJfQIFrXxaRDJ9lBszDg6UwzwOQonUBDW8zTTtfnwcTvyt2MACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMqKgAAAAAAHQAbAAAYYi50aHVtYnMucmVkZGl0bWVkaWEuY29tABcAAP8BAAEAAAoACgAISkoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClKSgABAAAdACBQ4ydRyS\/5f7HpSvaHkgvC0msLXL39ObHQFVtCoyAcOQAtAAIBAQArAAsKenoDBAMDAwIDAQAbAAMCAAKamgABAAAVAMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1211,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686301196,"flow_src_last_pkt_time":1605291686327471,"flow_dst_last_pkt_time":1605291686327034,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686327471,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"b.thumbs.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686327471,"flow_dst_last_pkt_time":1605291686393401,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686393401,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdEkHBFWYkNzLDgBALMPtvAAABAQgKwtc55Kl05ws="}
-01300{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1398,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686301196,"flow_src_last_pkt_time":1605291686327471,"flow_dst_last_pkt_time":1605291686419456,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686419456,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"b.thumbs.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01605{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1406,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686301196,"flow_src_last_pkt_time":1605291686419467,"flow_dst_last_pkt_time":1605291686420291,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686420291,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"b.thumbs.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.thumbs.redditmedia.com,thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.thumbs.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:F4:6C:CF:D6:FD:64:3E:50:17:A2:DE:B0:F2:B6:9B:76:59:C6:75"}}}
-01948{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1653,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291686301196,"flow_src_last_pkt_time":1605291686469619,"flow_dst_last_pkt_time":1605291686468646,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1078,"flow_dst_tot_l4_payload_len":8227,"midstream":0,"thread_ts_usec":1605291686469619,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":10834.6,"max":91996,"stddev":22155.6,"var":490868928.0,"ent":2.8,"data": [25838,25880,395,66367,26055,91996,835,0,0,829,7,4,1579,121,254,42141,1,1,6209,0,2,0,0,1,46395,10,6,2,1,4,940]},"pktlen": {"min":72,"avg":363.3,"max":1120,"stddev":424.0,"var":179781.3,"ent":4.1,"data": [80,80,72,589,72,1120,72,1120,1120,623,72,72,72,165,171,403,72,72,72,346,138,1120,1120,1120,1120,72,72,72,72,72,72,110]},"bins": {"c_to_s": [12,1,1,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0],"entropies": [4.907011986,5.304953098,5.301460266,4.568593025,5.139187336,6.968538761,5.258596897,7.334045410,7.344312668,7.577483654,5.301460266,5.329237938,5.301460266,6.086132526,6.472829342,7.337939262,5.128702641,5.166965008,5.166965008,7.241396427,6.241778851,7.834823132,7.795830250,7.800470352,7.816886902,5.273682594,5.301460266,5.273682594,5.329237938,5.301460266,5.329237938,5.684057236]}}
-01608{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1653,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291686301196,"flow_src_last_pkt_time":1605291686469619,"flow_dst_last_pkt_time":1605291686468646,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1078,"flow_dst_tot_l4_payload_len":8227,"midstream":0,"thread_ts_usec":1605291686469619,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"b.thumbs.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.thumbs.redditmedia.com,thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.thumbs.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:F4:6C:CF:D6:FD:64:3E:50:17:A2:DE:B0:F2:B6:9B:76:59:C6:75"}}}
-00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1925,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291686985114,"flow_src_last_pkt_time":1605291686985114,"flow_dst_last_pkt_time":1605291686985114,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686985114,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1925,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1605291686985114,"flow_dst_last_pkt_time":1605291686985114,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686985114,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duD88AAAAAoAL9IJsfAAACBAWgBAIIClRf4AwAAAAAAQMDBw=="}
-00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1926,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291686985710,"flow_src_last_pkt_time":1605291686985710,"flow_dst_last_pkt_time":1605291686985710,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686985710,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1926,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1605291686985710,"flow_dst_last_pkt_time":1605291686985710,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686985710,"pkt":"qtsDr8lk5EKm5WPyht1gDjDtACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAN+SHGqeQBu3kB4hEAAAAAoAL9ICE+AAACBAWgBAIICkv6YkkAAAAAAQMDBw=="}
-00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1927,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291686996891,"flow_src_last_pkt_time":1605291686996891,"flow_dst_last_pkt_time":1605291686996891,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686996891,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1927,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1605291686996891,"flow_dst_last_pkt_time":1605291686996891,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686996891,"pkt":"qtsDr8lk5EKm5WPyht1gCh2fACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7O2lbABu20FmjEAAAAAoAL9ILJdAAACBAWgBAIICnOjJUYAAAAAAQMDBw=="}
-00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1928,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686985114,"flow_dst_last_pkt_time":1605291687016591,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687016591,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHENPm6q63bg\/QoBJXgIMUAAACBAV4AQMDAwQCCArC1zxZVF\/gDA=="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1929,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687016621,"flow_dst_last_pkt_time":1605291687016591,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687016621,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duD9DT5uqvgBAB+wcHAAABAQgKVF\/gK8LXPFk="}
-01232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1930,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687016854,"flow_dst_last_pkt_time":1605291687016591,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687016854,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duD9DT5uqvgBgB+0cnAAABAQgKVF\/gK8LXPFkWAwECAAEAAfwDA2TZVj7uQEkCD0qaduyi4bmVPP7zAKvO9+7Wlc8AMGeTIIS\/CXAHw3XUf20VSt6oh4Hf\/WTHeXksbYFJmbfF89a\/ACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAHgAcAAAZd3d3Lmdvb2dsZXRhZ3NlcnZpY2VzLmNvbQAXAAD\/AQABAAAKAAoACDo6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApOjoAAQAAHQAgYKiZy5yb0i6Knp9i3yjCivd+Ief6i7v0\/AghN6n2uzkALQACAQEAKwALCoqKAwQDAwMCAwEAGwADAgAC2toAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1930,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686985114,"flow_src_last_pkt_time":1605291687016854,"flow_dst_last_pkt_time":1605291687016591,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687016854,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1931,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686996891,"flow_dst_last_pkt_time":1605291687024247,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687024247,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGhTs7YqAcsBIEmLB5kd7IUo3\/YpAbuVsAnf\/VJtBZoyoBJXgFGuAAACBAV4AQMDAwQCCArC1zxhc6MlRg=="}
-00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1932,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686985710,"flow_dst_last_pkt_time":1605291687024248,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687024248,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAA35IcYqAcsBIEmLB5kd7IUo3\/YpAbup5BqPq4R5AeISoBJXgAGtAAACBAV4AQMDAwQCCArC1zxhS\/piSQ=="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1933,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687024307,"flow_dst_last_pkt_time":1605291687024247,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687024307,"pkt":"qtsDr8lk5EKm5WPyht1gCh2fACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7O2lbABu20FmjIJ3\/1TgBAB+9WjAAABAQgKc6MlYsLXPGE="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1934,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687024329,"flow_dst_last_pkt_time":1605291687024248,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687024329,"pkt":"qtsDr8lk5EKm5WPyht1gDjDtACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAN+SHGqeQBu3kB4hIaj6uFgBAB+4WXAAABAQgKS\/picMLXPGE="}
-01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1935,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687024606,"flow_dst_last_pkt_time":1605291687024247,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687024606,"pkt":"qtsDr8lk5EKm5WPyht1gCh2fAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7O2lbABu20FmjIJ3\/1TgBgB+\/A6AAABAQgKc6MlYsLXPGEWAwECAAEAAfwDA+eYPrfbBZwgBAyXsXNv1wHXo8qtfbtTLhb8K0WcNKMYICPAGuufUOrjlYhZGNPMkbG+4utdfOiWk6+0nf\/wCDAKACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAEQAPAAAMYy5hYXhhZHMuY29tABcAAP8BAAEAAAoACgAICgoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkKCgABAAAdACDX5C\/1o+HW81YAOCcijSyF5B3qZmeI0oMefLtlAIvWHQAtAAIBAQArAAsKysoDBAMDAwIDAQAbAAMCAAIaGgABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01185{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1935,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686996891,"flow_src_last_pkt_time":1605291687024606,"flow_dst_last_pkt_time":1605291687024247,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687024606,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"c.aaxads.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1936,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687024727,"flow_dst_last_pkt_time":1605291687024248,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687024727,"pkt":"qtsDr8lk5EKm5WPyht1gDjDtAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAN+SHGqeQBu3kB4hIaj6uFgBgB+4vHAAABAQgKS\/picMLXPGEWAwECAAEAAfwDA5a9I0DX\/RoLLAwCTlolT1w7O+Tvbm6bAwmHB\/Gzvv4KIKCfkVZBs7YxSZgdkLoG0zKZeHzoKc6I+SIaE11zlfvtACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZM6OgAAAAAAGgAYAAAVYy5hbWF6b24tYWRzeXN0ZW0uY29tABcAAP8BAAEAAAoACgAI+voAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACn6+gABAAAdACC3JhULSj7xGhtoU9gOb9OIs2MhB9H2Fq8bhGiDmIiZGgAtAAIBAQArAAsKmpoDBAMDAwIDAQAbAAMCAAIqKgABAAAVAMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1936,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686985710,"flow_src_last_pkt_time":1605291687024727,"flow_dst_last_pkt_time":1605291687024248,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687024727,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"c.amazon-adsystem.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1937,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687016854,"flow_dst_last_pkt_time":1605291687053426,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687053426,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHENPm6q+3bhHVgBALMPumAAABAQgKwtc8f1Rf4Cs="}
-01274{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1938,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686985114,"flow_src_last_pkt_time":1605291687016854,"flow_dst_last_pkt_time":1605291687060476,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291687060476,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1944,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687024606,"flow_dst_last_pkt_time":1605291687061560,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687061560,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGhTs7YqAcsBIEmLB5kd7IUo3\/YpAbuVsAnf\/VNtBZw3gBALMMpCAAABAQgKwtc8iHOjJWI="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1945,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687024727,"flow_dst_last_pkt_time":1605291687061560,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687061560,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAA35IcYqAcsBIEmLB5kd7IUo3\/YpAbup5BqPq4V5AeQXgBALMHo2AAABAQgKwtc8iEv6YnA="}
-01255{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1949,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686985710,"flow_src_last_pkt_time":1605291687024727,"flow_dst_last_pkt_time":1605291687075726,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291687075726,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"c.amazon-adsystem.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01230{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1962,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686996891,"flow_src_last_pkt_time":1605291687024606,"flow_dst_last_pkt_time":1605291687096859,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291687096859,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"c.aaxads.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-02172{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1994,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291686985114,"flow_src_last_pkt_time":1605291687110047,"flow_dst_last_pkt_time":1605291687110135,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":965,"flow_dst_tot_l4_payload_len":10234,"midstream":0,"thread_ts_usec":1605291687110135,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8063.0,"max":43636,"stddev":14163.2,"var":200595904.0,"ent":3.1,"data": [31477,31507,233,36835,7050,0,43636,16,599,576,2431,165,135,37718,689,1069,36764,111,89,22,531,8580,9121,90,75,174,0,158,5,98,0]},"pktlen": {"min":72,"avg":422.5,"max":1280,"stddev":490.0,"var":240053.7,"ent":4.1,"data": [80,80,72,589,72,1280,1280,72,72,533,72,136,164,333,72,72,652,72,103,72,103,72,778,72,1280,72,1280,1280,72,72,1280,1280]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,0,1,0,0,1,1,0,1,0,1,1,0,0,1,1],"entropies": [4.794175148,5.301737785,5.137723446,4.609352589,5.163392067,7.822265148,7.828993320,5.193279266,5.193279266,7.574356556,5.165501595,6.187675953,6.451539040,7.193062782,5.135614395,5.135614395,7.646523952,5.182794571,5.842692375,5.165501595,5.903290272,5.163392067,7.712309837,5.193279266,7.843823910,5.165501595,7.846527100,7.838549614,5.193279266,5.165501118,7.822370052,7.826137066]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01949{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2016,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291686985710,"flow_src_last_pkt_time":1605291687112023,"flow_dst_last_pkt_time":1605291687112006,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":962,"flow_dst_tot_l4_payload_len":11490,"midstream":0,"thread_ts_usec":1605291687112023,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8148.7,"max":51019,"stddev":15066.4,"var":226995168.0,"ent":3.0,"data": [38538,38619,398,37312,14166,1,0,0,1,51019,20,3,2,2,2408,107,140,31274,2,1645,1,30239,111,3355,1,0,0,3233,8,2,2]},"pktlen": {"min":72,"avg":461.6,"max":1460,"stddev":586.5,"var":343946.1,"ent":4.0,"data": [80,80,72,589,72,1460,1460,1460,1460,387,72,72,72,72,72,136,164,330,72,72,72,143,72,103,1460,1460,1460,1460,72,72,72,72]},"bins": {"c_to_s": [13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,0,0,1,1,1,1,0,0,0,0],"entropies": [4.836891651,5.211080551,5.205674171,4.514605999,5.057240963,7.814661026,7.847680092,7.865528107,7.842185020,7.380033970,5.243936539,5.243936539,5.155763149,5.188381195,5.132825851,6.139283180,6.518441677,7.254546165,5.029463291,5.029463291,5.057240963,6.252353668,5.243936539,5.873327255,7.877524853,7.827719688,7.871821880,7.839930534,5.243936539,5.243936539,5.271714211,5.271714211]}}
-01258{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2016,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291686985710,"flow_src_last_pkt_time":1605291687112023,"flow_dst_last_pkt_time":1605291687112006,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":962,"flow_dst_tot_l4_payload_len":11490,"midstream":0,"thread_ts_usec":1605291687112023,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"c.amazon-adsystem.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-02142{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2070,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605291686996891,"flow_src_last_pkt_time":1605291687186026,"flow_dst_last_pkt_time":1605291687186023,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":998,"flow_dst_tot_l4_payload_len":10536,"midstream":0,"thread_ts_usec":1605291687186026,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":12202.2,"max":72269,"stddev":18508.9,"var":342577632.0,"ent":3.4,"data": [27356,27416,299,37313,35299,1,0,72269,38,3,2523,128,130,31242,0,2117,15088,1,0,45626,28,24,154,29754,10263,39831,697,0,0,1,666]},"pktlen": {"min":72,"avg":432.9,"max":1460,"stddev":553.5,"var":306346.9,"ent":4.0,"data": [80,80,72,589,72,1460,1460,310,72,72,72,152,164,350,72,72,72,343,343,142,72,72,72,103,72,1460,72,1445,1460,1445,1460,72]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,1,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,5,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,1,0,1,1,1,1,0],"entropies": [4.857011795,5.304952145,5.190349579,4.366506100,5.111409664,7.825345039,7.835193157,7.203350067,5.273682594,5.245904922,5.245904922,6.284915447,6.470990181,7.367970467,5.111409664,5.139187336,5.055853844,7.210521698,7.280154705,6.282705784,5.207642555,5.273682594,5.245904922,5.913538456,5.139187336,7.867059231,5.245904922,7.855923176,7.844721794,7.856983662,7.858796120,5.273682594]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2333,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687485783,"flow_src_last_pkt_time":1605291687485783,"flow_dst_last_pkt_time":1605291687485783,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687485783,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2333,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1605291687485783,"flow_dst_last_pkt_time":1605291687485783,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687485783,"pkt":"qtsDr8lk5EKm5WPyht1gDGJhACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACs2RLCx1IBu5\/PXZ4AAAAAoAL9IP2VAAACBAWgBAIICruOxrcAAAAAAQMDBw=="}
-00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2341,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687485783,"flow_dst_last_pkt_time":1605291687512994,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687512994,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAKzZEsIqAcsBIEmLB5kd7IUo3\/YpAbvHUvrRnoyfz12foBJXgAjWAAACBAV4AQMDAwQCCArC1z5Fu47Gtw=="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2342,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687513017,"flow_dst_last_pkt_time":1605291687512994,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687513017,"pkt":"qtsDr8lk5EKm5WPyht1gDGJhACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACs2RLCx1IBu5\/PXZ\/60Z6NgBAB+4zMAAABAQgKu47G0sLXPkU="}
-01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2343,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687513279,"flow_dst_last_pkt_time":1605291687512994,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687513279,"pkt":"qtsDr8lk5EKm5WPyht1gDGJhAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACs2RLCx1IBu5\/PXZ\/60Z6NgBgB+yruAAABAQgKu47G08LXPkUWAwECAAEAAfwDA8gKXcgEK+eLAD0eAVBdxP494QtA9Q6J19dpsrnIF6s\/IJFjz4OkKAOopoyn1vDuvI+kyb3ehZCReTI9qtpTfphWACBKShMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAIwAhAAAec2VjdXJlcHViYWRzLmcuZG91YmxlY2xpY2submV0ABcAAP8BAAEAAAoACgAIKioAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkqKgABAAAdACCM+kww4XBsO9uZgHbtPEkxRf\/Li4AsKAzJSNegqbyUJAAtAAIBAQArAAsKGhoDBAMDAwIDAQAbAAMCAAJqagABAAAVAL4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2343,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687485783,"flow_src_last_pkt_time":1605291687513279,"flow_dst_last_pkt_time":1605291687512994,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687513279,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"securepubads.g.doubleclick.net","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2344,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687514756,"flow_src_last_pkt_time":1605291687514756,"flow_dst_last_pkt_time":1605291687514756,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687514756,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2344,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1605291687514756,"flow_dst_last_pkt_time":1605291687514756,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687514756,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2N5MAAAAAoAL9IOSoAAACBAWgBAIICiRA7pIAAAAAAQMDBw=="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2350,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687513279,"flow_dst_last_pkt_time":1605291687545133,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687545133,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAKzZEsIqAcsBIEmLB5kd7IUo3\/YpAbvHUvrRno2fz1+kgBALMIFtAAABAQgKwtc+abuOxtM="}
-00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2351,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687514756,"flow_dst_last_pkt_time":1605291687545133,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687545133,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleJ0qAcsBIEmLB5kd7IUo3\/YpAbu8cGxxKx0ItjeUoBJXgPGUAAACBAV4AQMDAwQCCArC1z5pJEDukg=="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687545171,"flow_dst_last_pkt_time":1605291687545133,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687545171,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2N5RscSsegBAB+3WHAAABAQgKJEDuscLXPmk="}
-01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2355,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687545503,"flow_dst_last_pkt_time":1605291687545133,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687545503,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2N5RscSsegBgB+1xOAAABAQgKJEDuscLXPmkWAwECAAEAAfwDA6sAiYRVVUdNeU6qgV+6RMsMCIZAzjq+68NrjIRzdTDzIH6Nje53IGXhSc03yuiyvZsWos5mhh1w53jt4PUlCtOeACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAGQAXAAAUcGxhdGZvcm0udHdpdHRlci5jb20AFwAA\/wEAAQAACgAKAAjKygAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKcrKAAEAAB0AIAjq9VoWgWPxpcjAD3ywxiF\/9WPMGppuo1idcmIeMRgoAC0AAgEBACsACwq6ugMEAwMDAgMBABsAAwIAAgoKAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2355,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687514756,"flow_src_last_pkt_time":1605291687545503,"flow_dst_last_pkt_time":1605291687545133,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687545503,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"platform.twitter.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01277{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2356,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687485783,"flow_src_last_pkt_time":1605291687513279,"flow_dst_last_pkt_time":1605291687552593,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291687552593,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"securepubads.g.doubleclick.net","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2367,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687545503,"flow_dst_last_pkt_time":1605291687592583,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687592583,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleJ0qAcsBIEmLB5kd7IUo3\/YpAbu8cGxxKx4ItjmZgBALMGodAAABAQgKwtc+mSRA7rE="}
-01297{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2382,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687514756,"flow_src_last_pkt_time":1605291687545503,"flow_dst_last_pkt_time":1605291687606576,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291687606576,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"platform.twitter.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01623{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2390,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291687514756,"flow_src_last_pkt_time":1605291687606628,"flow_dst_last_pkt_time":1605291687606672,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291687606672,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"platform.twitter.com","tls": {"version":"TLSv1.2","server_names":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=Twitter Security, CN=platform.twitter.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"2B:30:10:3B:07:2F:F2:EB:3D:08:E3:BB:45:61:F7:A3:9F:4C:A7:92"}}}
-02165{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2397,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291687485783,"flow_src_last_pkt_time":1605291687606682,"flow_dst_last_pkt_time":1605291687608302,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":978,"flow_dst_tot_l4_payload_len":10865,"midstream":0,"thread_ts_usec":1605291687608302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7852.2,"max":49462,"stddev":14324.2,"var":205184016.0,"ent":3.1,"data": [27211,27234,262,32139,7460,39332,541,0,528,9,1876,115,75,39448,325,0,11758,0,49462,14,229,1909,2,0,1682,24,5,95,52,1631,0]},"pktlen": {"min":72,"avg":442.6,"max":1460,"stddev":558.6,"var":312025.4,"ent":4.0,"data": [80,80,72,589,72,1460,72,1460,174,72,72,136,164,346,72,72,72,652,103,72,72,103,508,1460,1460,72,72,72,1460,72,1460,1460]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0,0,0,1,0,1,1],"entropies": [4.882011414,5.229951859,5.245904922,4.668323040,5.111409664,7.823575497,5.218127251,7.840838909,6.577263832,5.273682594,5.245904922,6.141845703,6.526543617,7.249311924,5.028076172,5.028076649,5.028076172,7.620381832,5.685565948,5.134794235,5.107016563,5.797031403,7.461103439,7.863368988,7.879219532,5.218127251,5.218127251,5.218127251,7.865433216,5.218127251,7.849226475,7.844064713]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
-01956{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2457,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291687514756,"flow_src_last_pkt_time":1605291687641122,"flow_dst_last_pkt_time":1605291687641103,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1012,"flow_dst_tot_l4_payload_len":8292,"midstream":0,"thread_ts_usec":1605291687641122,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8152.0,"max":61125,"stddev":15844.6,"var":251049776.0,"ent":2.9,"data": [30377,30415,332,47450,13993,61125,95,1,0,49,10,2,3286,115,139,30628,2061,91,0,29231,1271,1309,181,374,3,2,1,161,6,3,2]},"pktlen": {"min":72,"avg":363.2,"max":1120,"stddev":425.8,"var":181298.7,"ent":4.1,"data": [80,80,72,589,72,1120,72,1120,1120,704,72,72,72,165,171,337,72,72,72,330,72,138,72,110,1120,1120,1120,1120,72,72,72,72]},"bins": {"c_to_s": [12,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,1,1,1,1,0,1,0,0,1,1,1,1,0,0,0,0],"entropies": [4.882011890,5.254952908,5.245904922,4.537001133,5.045369625,6.921907902,5.119708538,7.178970814,7.321282864,7.568989754,5.190349579,5.162571907,5.096531868,5.980709553,6.354322433,7.210721493,5.083631516,5.139187336,5.111409664,7.047548294,5.218127251,6.254519463,5.162571907,5.573678017,7.803915977,7.831707001,7.839641571,7.817306042,5.245904922,5.245904922,5.245904922,5.245904922]}}
-01626{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2457,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291687514756,"flow_src_last_pkt_time":1605291687641122,"flow_dst_last_pkt_time":1605291687641103,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1012,"flow_dst_tot_l4_payload_len":8292,"midstream":0,"thread_ts_usec":1605291687641122,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"platform.twitter.com","tls": {"version":"TLSv1.2","server_names":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=Twitter Security, CN=platform.twitter.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"2B:30:10:3B:07:2F:F2:EB:3D:08:E3:BB:45:61:F7:A3:9F:4C:A7:92"}}}
-00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2460,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687642048,"flow_src_last_pkt_time":1605291687642048,"flow_dst_last_pkt_time":1605291687642048,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687642048,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2460,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1605291687642048,"flow_dst_last_pkt_time":1605291687642048,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687642048,"pkt":"qtsDr8lk5EKm5WPyht1gDI7+ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAImmABu4PHuxgAAAAAoAL9IGTNAAACBAWgBAIICsL4XLwAAAAAAQMDBw=="}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2543,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687642048,"flow_dst_last_pkt_time":1605291687676357,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687676357,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAgqAcsBIEmLB5kd7IUo3\/YpAbuaYOcfuuGDx7sZoBJXgGbFAAACBAV4AQMDAwQCCArC1z7qwvhcvA=="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2544,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687676396,"flow_dst_last_pkt_time":1605291687676357,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687676396,"pkt":"qtsDr8lk5EKm5WPyht1gDI7+ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAImmABu4PHuxnnH7rigBAB++qzAAABAQgKwvhc38LXPuo="}
-01226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2546,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687678071,"flow_dst_last_pkt_time":1605291687676357,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687678071,"pkt":"qtsDr8lk5EKm5WPyht1gDI7+AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAImmABu4PHuxnnH7rigBgB+7zOAAABAQgKwvhc4MLXPuoWAwECAAEAAfwDA2DQ5OxREVO95xl1cBrII9zoe+SeXEyLTL2RY3d38wEfIDXqjNmx1LhM5R6ahoCjZqYoEOLjS9cTu1r8mF5O4+z+ACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMaGgAAAAAAHQAbAAAYd3d3Lmdvb2dsZXRhZ21hbmFnZXIuY29tABcAAP8BAAEAAAoACgAIamoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClqagABAAAdACC7Hzx8NSeckRnAno888LeBaZNAd1ZxsSahddbprKYQMwAtAAIBAQArAAsK6uoDBAMDAwIDAQAbAAMCAAIKCgABAAAVAMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01228{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2546,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687642048,"flow_src_last_pkt_time":1605291687678071,"flow_dst_last_pkt_time":1605291687676357,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687678071,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2552,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687678071,"flow_dst_last_pkt_time":1605291687714410,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687714410,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAgqAcsBIEmLB5kd7IUo3\/YpAbuaYOcfuuKDx70egBALMN9QAAABAQgKwtc\/EsL4XOA="}
-01273{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2554,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687642048,"flow_src_last_pkt_time":1605291687678071,"flow_dst_last_pkt_time":1605291687721930,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291687721930,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2578,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687761761,"flow_src_last_pkt_time":1605291687761761,"flow_dst_last_pkt_time":1605291687761761,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687761761,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2578,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1605291687761761,"flow_dst_last_pkt_time":1605291687761761,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687761761,"pkt":"qtsDr8lk5EKm5WPyht1gCTrZACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7PRgMoBuzRK2bcAAAAAoAL9IFSZAAACBAWgBAIIClvEqOkAAAAAAQMDBw=="}
-02169{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2589,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291687642048,"flow_src_last_pkt_time":1605291687769797,"flow_dst_last_pkt_time":1605291687770512,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":967,"flow_dst_tot_l4_payload_len":10018,"midstream":0,"thread_ts_usec":1605291687770512,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8264.9,"max":43870,"stddev":14337.0,"var":205550432.0,"ent":3.2,"data": [34309,34348,1675,38053,7520,1,0,43870,15,3,2990,179,332,37258,1,401,1,34144,24,176,2332,6921,9068,836,1,863,34,109,28,721,0]},"pktlen": {"min":72,"avg":415.8,"max":1280,"stddev":486.5,"var":236643.5,"ent":4.1,"data": [80,80,72,589,72,1280,1280,550,72,72,72,136,164,335,72,72,652,103,72,72,103,72,545,72,1280,1280,72,72,1280,72,1280,1280]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,1,1,0,1,1,0,0,1,0,1,1],"entropies": [4.845952988,5.276736736,5.138828754,4.602811337,5.041796684,7.803936958,7.832890034,7.552286625,5.166606426,5.194384098,5.194384098,6.037216187,6.610102654,7.276579857,5.041796684,5.041796684,7.656215668,5.660604000,5.183899403,5.183899403,5.788832664,5.069574356,7.590582848,5.222161770,7.845970631,7.817458153,5.222161770,5.222161770,7.842357159,5.222161770,7.846263409,7.836318970]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2609,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687761761,"flow_dst_last_pkt_time":1605291687790624,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687790624,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGhTs9EqAcsBIEmLB5kd7IUo3\/YpAbuAylJzVUg0Stm4oBJXgFBhAAACBAV4AQMDAwQCCArC1z9gW8So6Q=="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2610,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687790646,"flow_dst_last_pkt_time":1605291687790624,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687790646,"pkt":"qtsDr8lk5EKm5WPyht1gCTrZACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7PRgMoBuzRK2bhSc1VJgBAB+9RVAAABAQgKW8SpBsLXP2A="}
-01227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2611,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687790793,"flow_dst_last_pkt_time":1605291687790624,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687790793,"pkt":"qtsDr8lk5EKm5WPyht1gCTrZAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7PRgMoBuzRK2bhSc1VJgBgB+28mAAABAQgKW8SpBsLXP2AWAwECAAEAAfwDA36LmdTGhSoOn80oilyfPNGRp5C4BlBBz5Xd3jcwfMKTIAaF+rCsUiCOU8bqK7O8i4N8LINKpStTbOqmpKKpf9E2ACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNaWgAAAAAAFgAUAAARd3d3LmFheGRldGVjdC5jb20AFwAA\/wEAAQAACgAKAAgKCgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKQoKAAEAAB0AIH6hi26DByeZiCnUzyO1ln0CmgKVhjsp0romzaxtOzIVAC0AAgEBACsACwqKigMEAwMDAgMBABsAAwIAApqaAAEAABUAywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2611,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687761761,"flow_src_last_pkt_time":1605291687790793,"flow_dst_last_pkt_time":1605291687790624,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687790793,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.aaxdetect.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2616,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291687800179,"flow_dst_last_pkt_time":1605291687800179,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687800179,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2616,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1605291687800179,"flow_dst_last_pkt_time":1605291687800179,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687800179,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MN8MAAAAAoAL9IICJAAACBAWgBAIICk1+jVUAAAAAAQMDBw=="}
-00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2626,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687790793,"flow_dst_last_pkt_time":1605291687820314,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687820314,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGhTs9EqAcsBIEmLB5kd7IUo3\/YpAbuAylJzVUk0Stu9gBALMMj9AAABAQgKwtc\/flvEqQY="}
-00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2645,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687800179,"flow_dst_last_pkt_time":1605291687829410,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687829410,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1dXkT\/jDfEoBJXgChEAAACBAV4AQMDAwQCCArC1z+HTX6NVQ=="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2646,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687829478,"flow_dst_last_pkt_time":1605291687829410,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687829478,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MN8SdXV5FgBAB+6w4AAABAQgKTX6NcsLXP4c="}
-01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2647,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687829706,"flow_dst_last_pkt_time":1605291687829410,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687829706,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MN8SdXV5FgBgB+6QUAAABAQgKTX6NcsLXP4cWAwECAAEAAfwDAzHyJHiw4CvySm\/wmMZSj93xjRQIb\/7lSao6BEVVselnIDSsTTPKNSgpPqgoZjsi0To1XtuBv2kZEOLdyhUMYBkRACDKyhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZO6ugAAAAAAHAAaAAAXc3luZGljYXRpb24udHdpdHRlci5jb20AFwAA\/wEAAQAACgAKAAiqqgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKaqqAAEAAB0AINkx20sEA6mpd6uYYzNH4dLwnJuropRMU+claKQ8nqNoAC0AAgEBACsACwrKygMEAwMDAgMBABsAAwIAAkpKAAEAABUAxQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2647,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291687829706,"flow_dst_last_pkt_time":1605291687829410,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687829706,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"syndication.twitter.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2651,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687761761,"flow_src_last_pkt_time":1605291687790793,"flow_dst_last_pkt_time":1605291687852902,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291687852902,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.aaxdetect.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2660,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687829706,"flow_dst_last_pkt_time":1605291687858949,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687858949,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1dXkX\/jDnJgBALMKDhAAABAQgKwtc\/pE1+jXI="}
-00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2861,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687896532,"flow_src_last_pkt_time":1605291687896532,"flow_dst_last_pkt_time":1605291687896532,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687896532,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2861,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1605291687896532,"flow_dst_last_pkt_time":1605291687896532,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687896532,"pkt":"qtsDr8lk5EKm5WPyht1gD27HACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAieM+UmsoBu3fYetUAAAAAoAL9ICsYAAACBAWgBAIIClOdBf4AAAAAAQMDBw=="}
-00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2916,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687931808,"flow_src_last_pkt_time":1605291687931808,"flow_dst_last_pkt_time":1605291687931808,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687931808,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2916,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1605291687931808,"flow_dst_last_pkt_time":1605291687931808,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687931808,"pkt":"qtsDr8lk5EKm5WPyht1gCkMmACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1k4Bu9FF0vYAAAAAoAL9ILpIAAACBAWgBAIICnCSuGYAAAAAAQMDBw=="}
-00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2917,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687896532,"flow_dst_last_pkt_time":1605291687932773,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687932773,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAACJ4z5QqAcsBIEmLB5kd7IUo3\/YpAbuayhO+xPN32HrWoBJXgPVcAAACBAV4AQMDAwQCCArC1z\/tU50F\/g=="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2918,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687932816,"flow_dst_last_pkt_time":1605291687932773,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687932816,"pkt":"qtsDr8lk5EKm5WPyht1gD27HACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAieM+UmsoBu3fYetYTvsT0gBAB+3lKAAABAQgKU50GIsLXP+0="}
-01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2919,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687933001,"flow_dst_last_pkt_time":1605291687932773,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687933001,"pkt":"qtsDr8lk5EKm5WPyht1gD27HAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAieM+UmsoBu3fYetYTvsT0gBgB+23VAAABAQgKU50GIsLXP+0WAwECAAEAAfwDAxJYusyWMNRYvoQ+T4tcugZ+135RcPMs1\/0JBeRbWLApILhMdGMSectfNYNoyEPWiVIYjZ7g96RKtpDC\/RD8oUA2ACBaWhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZN6egAAAAAAEQAPAAAMaWQucmxjZG4uY29tABcAAP8BAAEAAAoACgAIysoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACnKygABAAAdACC0arZ4rxNjn4Xd+ejLnNmuK7Q67NTZpqnUAPkLrcpuSgAtAAIBAQArAAsKWloDBAMDAwIDAQAbAAMCAALa2gABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01185{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2919,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687896532,"flow_src_last_pkt_time":1605291687933001,"flow_dst_last_pkt_time":1605291687932773,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687933001,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"id.rlcdn.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2920,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687933355,"flow_src_last_pkt_time":1605291687933355,"flow_dst_last_pkt_time":1605291687933355,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687933355,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2920,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1605291687933355,"flow_dst_last_pkt_time":1605291687933355,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687933355,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsACgGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6EoAAAAAoAL9IFfFAAACBAWgBAIICteKYnsAAAAAAQMDBw=="}
-00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2921,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687934638,"flow_src_last_pkt_time":1605291687934638,"flow_dst_last_pkt_time":1605291687934638,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687934638,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2921,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1605291687934638,"flow_dst_last_pkt_time":1605291687934638,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687934638,"pkt":"qtsDr8lk5EKm5WPyht1gA0MZACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAXNobxrOgBu0Y7yJAAAAAAoAL9ICibAAACBAWgBAIIClHJL\/gAAAAAAQMDBw=="}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2996,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687931808,"flow_dst_last_pkt_time":1605291687966627,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687966627,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvWTrVWRoTRRdL3oBJXgGFBAAACBAV4AQMDAwQCCArC10AQcJK4Zg=="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2997,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687966647,"flow_dst_last_pkt_time":1605291687966627,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687966647,"pkt":"qtsDr8lk5EKm5WPyht1gCkMmACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1k4Bu9FF0ve1VkaFgBAB++UvAAABAQgKcJK4icLXQBA="}
-01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2998,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687966872,"flow_dst_last_pkt_time":1605291687966627,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687966872,"pkt":"qtsDr8lk5EKm5WPyht1gCkMmAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1k4Bu9FF0ve1VkaFgBgB+zFNAAABAQgKcJK4icLXQBAWAwECAAEAAfwDA3WeIBLYdziEEn7QNz0OGHsUEusI6KY9\/RKF89EV1ileIBMHWJUBm+OFCD0sy0ylrulb4WElhpq\/dz7TuTzNb3wqACD6+hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAFAASAAAPd3d3LnlvdXR1YmUuY29tABcAAP8BAAEAAAoACgAIenoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACl6egABAAAdACBnIwLwO9uU6L4jUM5auBmPbrs7aOwSFobkFewcQ7OAAwAtAAIBAQArAAsKCgoDBAMDAwIDAQAbAAMCAAIqKgABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2998,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687931808,"flow_src_last_pkt_time":1605291687966872,"flow_dst_last_pkt_time":1605291687966627,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687966872,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2999,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687933355,"flow_dst_last_pkt_time":1605291687974700,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687974700,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYgARaADQAh+RZQSfh\/EI4qAcsBIEmLB5kd7IUo3\/YpAbu+CLYiE5XSRuhLoBJXgDDhAAACBAV4AQMDAwQCCArC10AQ14piew=="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3000,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687933001,"flow_dst_last_pkt_time":1605291687974700,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687974700,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAACJ4z5QqAcsBIEmLB5kd7IUo3\/YpAbuayhO+xPR32HzbgBALMG3oAAABAQgKwtdAFVOdBiI="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3002,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687974730,"flow_dst_last_pkt_time":1605291687974700,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687974730,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsACAGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6Eu2IhOWgBAB+7TJAAABAQgK14pipMLXQBA="}
-01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3004,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687974969,"flow_dst_last_pkt_time":1605291687974700,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687974969,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsAiUGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6Eu2IhOWgBgB+zY3AAABAQgK14pipMLXQBAWAwECAAEAAfwDA3sf7LZhCKu3FcQtfQQXpjU\/yJNKxK1Wu7mS7O\/nW0esIK9NcmR4uxEXTx0wl0DqrASosxQJ8d8M7I15cNDqZSjgACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAGgAYAAAVc2VjdXJlLnF1YW50c2VydmUuY29tABcAAP8BAAEAAAoACgAIenoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACl6egABAAAdACBi6uz3bgjuw2Flzm3cT5QZ5PbRQ8kZgg4sjV4aUfzKPgAtAAIBAQArAAsKKioDBAMDAwIDAQAbAAMCAAIqKgABAAAVAMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01212{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3004,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687933355,"flow_src_last_pkt_time":1605291687974969,"flow_dst_last_pkt_time":1605291687974700,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687974969,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"secure.quantserve.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3007,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687934638,"flow_dst_last_pkt_time":1605291687975138,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687975138,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAABc2hvEqAcsBIEmLB5kd7IUo3\/YpAbus6CNL5ddGO8iRoBJXgMJGAAACBAV4AQMDAwQCCArC10AVUckv+A=="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3009,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687975186,"flow_dst_last_pkt_time":1605291687975138,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687975186,"pkt":"qtsDr8lk5EKm5WPyht1gA0MZACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAXNobxrOgBu0Y7yJEjS+XYgBAB+0YvAAABAQgKUckwIcLXQBU="}
-01227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3014,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687975399,"flow_dst_last_pkt_time":1605291687975138,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687975399,"pkt":"qtsDr8lk5EKm5WPyht1gA0MZAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAXNobxrOgBu0Y7yJEjS+XYgBgB+6HOAAABAQgKUckwIcLXQBUWAwECAAEAAfwDAyyfGNXrQuJaooVOSAZWYwrICVdKySe7AfwbUmNJLrj6IPGtMcg+xk+\/4O6dPXPeOmaj7v3Le548CiQfbZu3tkOqACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAHQAbAAAYc2Iuc2NvcmVjYXJkcmVzZWFyY2guY29tABcAAP8BAAEAAAoACgAI+voAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACn6+gABAAAdACCtpKM+O77uTAjQEIT6uCXqvuLVOHqvZMFLfC1DKm+WSgAtAAIBAQArAAsKysoDBAMDAwIDAQAbAAMCAAIaGgABAAAVAMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3014,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687934638,"flow_src_last_pkt_time":1605291687975399,"flow_dst_last_pkt_time":1605291687975138,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687975399,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":101,"category":"Advertisement","hostname":"sb.scorecardresearch.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01230{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3016,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687896532,"flow_src_last_pkt_time":1605291687933001,"flow_dst_last_pkt_time":1605291687976086,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291687976086,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"id.rlcdn.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3088,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687966872,"flow_dst_last_pkt_time":1605291688019659,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688019659,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvWTrVWRoXRRdT8gBALMNnKAAABAQgKwtdAO3CSuIk="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3092,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687974969,"flow_dst_last_pkt_time":1605291688020339,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688020339,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYgARaADQAh+RZQSfh\/EI4qAcsBIEmLB5kd7IUo3\/YpAbu+CLYiE5bSRupQgBALMKljAAABAQgKwtdAPNeKYqQ="}
-01252{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3105,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687931808,"flow_src_last_pkt_time":1605291687966872,"flow_dst_last_pkt_time":1605291688024605,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688024605,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3112,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687975399,"flow_dst_last_pkt_time":1605291688025071,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688025071,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAABc2hvEqAcsBIEmLB5kd7IUo3\/YpAbus6CNL5dhGO8qWgBALMDrJAAABAQgKwtdAQVHJMCE="}
-01254{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3113,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687934638,"flow_src_last_pkt_time":1605291687975399,"flow_dst_last_pkt_time":1605291688025072,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688025072,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":101,"category":"Advertisement","hostname":"sb.scorecardresearch.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01295{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3144,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687933355,"flow_src_last_pkt_time":1605291687974969,"flow_dst_last_pkt_time":1605291688036417,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688036417,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"secure.quantserve.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01673{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3147,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1605291687933355,"flow_src_last_pkt_time":1605291687974969,"flow_dst_last_pkt_time":1605291688036418,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3364,"midstream":0,"thread_ts_usec":1605291688036418,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"secure.quantserve.com","tls": {"version":"TLSv1.2","server_names":"*.quantserve.com,*.quantcount.com,*.apextag.com,quantserve.com,quantcount.com,apextag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Quantcast Corporation, CN=*.quantserve.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3A:30:B1:4A:CE:62:AF:55:B1:89:FF:0C:CB:69:E3:80:CB:B0:91:90"}}}
-01300{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3171,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291687829706,"flow_dst_last_pkt_time":1605291688046248,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688046248,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"syndication.twitter.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01746{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291688046258,"flow_dst_last_pkt_time":1605291688046580,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3439,"midstream":0,"thread_ts_usec":1605291688046580,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"syndication.twitter.com","tls": {"version":"TLSv1.2","server_names":"syndication.twitter.com,syndication.twimg.com,syndication-o.twitter.com,syndication-o.twimg.com,cdn.syndication.twitter.com,cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=lon3, CN=syndication.twitter.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"09:D3:FE:9A:3E:39:A7:E2:90:5B:C9:1F:3B:7D:CE:7C:7E:08:1C:6F"}}}
-01998{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3293,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291687933355,"flow_src_last_pkt_time":1605291688258109,"flow_dst_last_pkt_time":1605291688258300,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1296,"flow_dst_tot_l4_payload_len":10685,"midstream":0,"thread_ts_usec":1605291688258300,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":20958.0,"max":180245,"stddev":38814.9,"var":1506599424.0,"ent":3.3,"data": [41345,41375,239,45639,16078,1,0,61463,16,3,3880,365,125,94049,180245,10480,2,92307,53,428,5467,8019,1891,14882,15513,1,15533,36,263,0,1]},"pktlen": {"min":72,"avg":446.9,"max":1460,"stddev":554.6,"var":307585.9,"ent":4.0,"data": [80,80,72,589,72,1460,1460,660,72,72,72,198,171,330,330,72,346,141,72,72,110,72,72,110,72,1460,1460,72,72,1460,1460,1460]},"bins": {"c_to_s": [10,1,0,2,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,1,1,0,0,1,1,1],"entropies": [5.270193100,5.621731281,5.459350586,4.656135082,5.421088219,6.918155670,7.356199741,7.583865643,5.431572914,5.431572914,5.348239899,6.523558617,6.440567493,7.245548248,7.233427525,5.403794765,7.155272961,6.347721100,5.459350586,5.459350586,5.820535183,5.393310547,5.355048180,6.026633739,5.409216881,7.855928898,7.870290756,5.487128258,5.459350586,7.867146015,7.870689869,7.867941856]}}
-01677{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3293,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291687933355,"flow_src_last_pkt_time":1605291688258109,"flow_dst_last_pkt_time":1605291688258300,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1296,"flow_dst_tot_l4_payload_len":10685,"midstream":0,"thread_ts_usec":1605291688258300,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"secure.quantserve.com","tls": {"version":"TLSv1.2","server_names":"*.quantserve.com,*.quantcount.com,*.apextag.com,quantserve.com,quantcount.com,apextag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Quantcast Corporation, CN=*.quantserve.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3A:30:B1:4A:CE:62:AF:55:B1:89:FF:0C:CB:69:E3:80:CB:B0:91:90"}}}
-02175{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3311,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291687931808,"flow_src_last_pkt_time":1605291688275672,"flow_dst_last_pkt_time":1605291688275738,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1514,"flow_dst_tot_l4_payload_len":8800,"midstream":0,"thread_ts_usec":1605291688275738,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":22186.9,"max":168765,"stddev":38280.1,"var":1465366144.0,"ent":3.3,"data": [34819,34839,225,53032,4946,57771,466,0,0,435,8,5,3584,2043,379,91732,168765,1823,72847,231,970,1993,2727,14555,61747,2,76315,38,696,685,116]},"pktlen": {"min":72,"avg":394.8,"max":1280,"stddev":466.2,"var":217386.3,"ent":4.1,"data": [80,80,72,589,72,1280,72,1280,1280,272,72,72,72,136,164,477,477,72,652,72,103,72,103,72,72,813,1280,72,72,1280,72,1280]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,0,1,1,0,0,1,1,0,1,1,1,0,0,1,0,1],"entropies": [4.855388641,5.336174011,5.166606426,4.455770016,5.107836723,7.809723854,5.222161770,7.834493160,7.853783131,7.186578274,5.194384098,5.194384098,5.222161770,6.074600697,6.474341869,7.424253941,7.412911415,5.135614395,7.636740208,5.081305027,5.736714840,5.107836723,5.719827175,5.194384098,5.063430309,7.714984417,7.833517075,5.166606426,5.204868793,7.844364166,5.194384098,7.833867073]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
-00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3346,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688324076,"flow_src_last_pkt_time":1605291688324076,"flow_dst_last_pkt_time":1605291688324076,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688324076,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3346,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688324076,"flow_dst_last_pkt_time":1605291688324076,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688324076,"pkt":"qtsDr8lk5EKm5WPyht1gDP1bACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx5wBu0pXpjQAAAAAoAL9INe7AAACBAWgBAIICn8mSwwAAAAAAQMDBw=="}
-00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3358,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688336354,"flow_src_last_pkt_time":1605291688336354,"flow_dst_last_pkt_time":1605291688336354,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688336354,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3358,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688336354,"flow_dst_last_pkt_time":1605291688336354,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688336354,"pkt":"qtsDr8lk5EKm5WPyht1gC0OFACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx54BuzYIpzgAAAAAoAL9IOr4AAACBAWgBAIICn8mSxgAAAAAAQMDBw=="}
-00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3372,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688344280,"flow_src_last_pkt_time":1605291688344280,"flow_dst_last_pkt_time":1605291688344280,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688344280,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3372,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688344280,"flow_dst_last_pkt_time":1605291688344280,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688344280,"pkt":"qtsDr8lk5EKm5WPyht1gATUNACgGQCoBywEgSYsHmR3shSjf9ikmAJAAIZzuAAAGROP4wJOh23oBu4m0PmAAAAAAoAL9ICpwAAACBAWgBAIICgi3lpgAAAAAAQMDBw=="}
-00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3437,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688324076,"flow_dst_last_pkt_time":1605291688365155,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688365155,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnC63k25KV6Y1oBJXgLbhAAACBAV4AQMDAwQCCArC10GYfyZLDA=="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3438,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688365176,"flow_dst_last_pkt_time":1605291688365155,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688365176,"pkt":"qtsDr8lk5EKm5WPyht1gDP1bACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx5wBu0pXpjUut5NvgBAB+zrKAAABAQgKfyZLNcLXQZg="}
-01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3439,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688365341,"flow_dst_last_pkt_time":1605291688365155,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688365341,"pkt":"qtsDr8lk5EKm5WPyht1gDP1bAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx5wBu0pXpjUut5NvgBgB+7buAAABAQgKfyZLNcLXQZgWAwECAAEAAfwDA4SpSUX6niItAQ8Maifw8WwrZv9VwJth3ahSGxyzgKqiIJ+TN+GJohJ\/sCFH1vMdRLlZ2ieR3T3a5tv50MEc6iCkACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZN6egAAAAAAFwAVAAASYWQuZG91YmxlY2xpY2submV0ABcAAP8BAAEAAAoACgAIamoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClqagABAAAdACD\/3R8L0Iz+Y65v46jR4P68ZYP7Yr6kSULFXg4YFIANVgAtAAIBAQArAAsKenoDBAMDAwIDAQAbAAMCAAK6ugABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3439,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688324076,"flow_src_last_pkt_time":1605291688365341,"flow_dst_last_pkt_time":1605291688365155,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688365341,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ad.doubleclick.net","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3440,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688336354,"flow_dst_last_pkt_time":1605291688370931,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688370931,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnlMkjxA2CKc5oBJXgKoEAAACBAV4AQMDAwQCCArC10GjfyZLGA=="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3444,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688370943,"flow_dst_last_pkt_time":1605291688370931,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688370943,"pkt":"qtsDr8lk5EKm5WPyht1gC0OFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx54BuzYIpzlTJI8RgBAB+y30AAABAQgKfyZLOsLXQaM="}
-01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3446,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688371089,"flow_dst_last_pkt_time":1605291688370931,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688371089,"pkt":"qtsDr8lk5EKm5WPyht1gC0OFAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx54BuzYIpzlTJI8RgBgB+970AAABAQgKfyZLO8LXQaMWAwECAAEAAfwDAwgp1anJVpvxZgRnK\/Ii+gtEvGbJCYcqFRsrqueQf6vRIJCDNh4n+qlo6kd0ODvy\/AwDjBO0nZ+gYy2KZgyiYgg0ACDa2hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOamgAAAAAAFwAVAAASYWQuZG91YmxlY2xpY2submV0ABcAAP8BAAEAAAoACgAICgoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkKCgABAAAdACCaFYCIYTRmnTxfH8RhAM0mES96Hrj9vGr3nYL6Ox9VMwAtAAIBAQArAAsKGhoDBAMDAwIDAQAbAAMCAAKqqgABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3446,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688336354,"flow_src_last_pkt_time":1605291688371089,"flow_dst_last_pkt_time":1605291688370931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688371089,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ad.doubleclick.net","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3449,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688344280,"flow_dst_last_pkt_time":1605291688371819,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688371819,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYAkAAhnO4AAAZE4\/jAk6EqAcsBIEmLB5kd7IUo3\/YpAbvbeuzTe9OJtD5hoBJXgGMHAAACBAV4AQMDAwQCCArC10GlCLeWmA=="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3451,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688371834,"flow_dst_last_pkt_time":1605291688371819,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688371834,"pkt":"qtsDr8lk5EKm5WPyht1gATUNACAGQCoBywEgSYsHmR3shSjf9ikmAJAAIZzuAAAGROP4wJOh23oBu4m0PmHs03vUgBAB++b9AAABAQgKCLeWs8LXQaU="}
-01233{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3453,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688371819,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688372055,"pkt":"qtsDr8lk5EKm5WPyht1gATUNAiUGQCoBywEgSYsHmR3shSjf9ikmAJAAIZzuAAAGROP4wJOh23oBu4m0PmHs03vUgBgB+yzJAAABAQgKCLeWs8LXQaUWAwECAAEAAfwDA9hatQx\/QktbULCFc2FQNgXPGrp+qPvBQrE5NDlBZlE\/IMd+e8Lduh2\/OW58Rm5lIQBoGyh8j\/3MT9YMf0bL3Me3ACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAGQAXAAAUcnVsZXMucXVhbnRjb3VudC5jb20AFwAA\/wEAAQAACgAKAAhKSgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKUpKAAEAAB0AIOhk20ZK7Hqhb4\/e3Kx4aK6U4Kcjb5InvqFomt\/cTww3AC0AAgEBACsACwr6+gMEAwMDAgMBABsAAwIAAtraAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3453,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688344280,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688371819,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688372055,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"rules.quantcount.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3505,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688365341,"flow_dst_last_pkt_time":1605291688397011,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688397011,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnC63k29KV6g6gBALMC9uAAABAQgKwtdBun8mSzU="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3516,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688371089,"flow_dst_last_pkt_time":1605291688408044,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688408044,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnlMkjxE2CKk+gBALMCKeAAABAQgKwtdBvn8mSzs="}
-01265{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3517,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688324076,"flow_src_last_pkt_time":1605291688365341,"flow_dst_last_pkt_time":1605291688408044,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688408044,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ad.doubleclick.net","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01265{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3521,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688336354,"flow_src_last_pkt_time":1605291688371089,"flow_dst_last_pkt_time":1605291688408514,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688408514,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ad.doubleclick.net","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3524,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688408515,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688408515,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYAkAAhnO4AAAZE4\/jAk6EqAcsBIEmLB5kd7IUo3\/YpAbvbeuzTe9SJtEBmgBALMNufAAABAQgKwtdByQi3lrM="}
-01256{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3538,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688344280,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688411963,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688411963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"rules.quantcount.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-02177{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3794,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1605291688324076,"flow_src_last_pkt_time":1605291688488430,"flow_dst_last_pkt_time":1605291688495517,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1402,"flow_dst_tot_l4_payload_len":4278,"midstream":0,"thread_ts_usec":1605291688495517,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":10832.1,"max":42730,"stddev":14959.8,"var":223794400.0,"ent":3.6,"data": [41079,41100,165,31856,11033,42730,469,1,470,25,2812,1299,93,34223,10205,1,40205,536,1458,1,938,16571,1,3,16547,20,17,4417,310,12670,24540]},"pktlen": {"min":72,"avg":250.0,"max":1460,"stddev":362.6,"var":131502.0,"ent":4.0,"data": [80,80,72,589,72,1460,72,1460,172,72,72,136,164,486,72,652,72,72,103,72,103,72,793,103,111,72,72,72,111,107,282,72]},"bins": {"c_to_s": [11,2,2,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,1],"entropies": [4.857011318,5.329952717,5.273682594,4.540163040,5.139187336,7.843326092,5.273682594,7.862450600,6.539532185,5.273682594,5.273682594,6.134756088,6.541216850,7.446951866,5.166965008,7.636521339,5.100924969,5.273682594,5.932955742,5.111409664,5.777672768,5.263197899,7.737014294,5.703792095,5.962306976,5.301460266,5.329237938,5.329237938,6.057867527,5.878192425,7.107053280,5.166965008]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
-01992{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3882,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291688483940,"flow_dst_last_pkt_time":1605291688560007,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":4488,"midstream":0,"thread_ts_usec":1605291688560007,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":46567.4,"max":216552,"stddev":67587.7,"var":4568099328.0,"ent":3.6,"data": [29231,29299,228,29539,187299,216552,332,0,326,7,1815,188,30,70254,211900,6516,1,182884,58339,20162,41757,64,46,873,11694,10868,9898,6233,112514,128634,76106]},"pktlen": {"min":72,"avg":258.4,"max":1460,"stddev":353.4,"var":124913.6,"ent":4.1,"data": [80,80,72,589,72,1460,72,1460,735,72,72,198,171,362,362,72,72,72,172,72,314,72,116,72,110,110,72,72,72,531,72,338]},"bins": {"c_to_s": [9,1,0,3,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,0,0,0,0,1,1,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1],"entropies": [4.822575092,5.245516300,5.245904922,4.574756145,5.111409664,6.787540913,5.218127251,7.353115559,7.586227894,5.162571907,5.190349579,6.362659931,6.273279667,7.149994850,7.138213634,5.083631992,5.055854321,5.055854321,6.419822216,5.083631992,6.981730461,5.245904922,5.900056362,5.218127251,5.636374950,5.857635021,5.190349579,5.083631992,5.083631992,7.496485710,5.175263882,7.287763596]}}
-01749{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3882,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291688483940,"flow_dst_last_pkt_time":1605291688560007,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":4488,"midstream":0,"thread_ts_usec":1605291688560007,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"syndication.twitter.com","tls": {"version":"TLSv1.2","server_names":"syndication.twitter.com,syndication.twimg.com,syndication-o.twitter.com,syndication-o.twimg.com,cdn.syndication.twitter.com,cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=lon3, CN=syndication.twitter.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"09:D3:FE:9A:3E:39:A7:E2:90:5B:C9:1F:3B:7D:CE:7C:7E:08:1C:6F"}}}
-00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3906,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688611238,"flow_src_last_pkt_time":1605291688611238,"flow_dst_last_pkt_time":1605291688611238,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688611238,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3906,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688611238,"flow_dst_last_pkt_time":1605291688611238,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688611238,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/ACgGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3Z44AAAAAoAL9IIe6AAACBAWgBAIICvY2BR4AAAAAAQMDBw=="}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3908,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688611238,"flow_dst_last_pkt_time":1605291688654248,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688654248,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNBoNFCkHQgeCALYqAcsBIEmLB5kd7IUo3\/YpAbubOJS20cTxd2ePoBJXgMFkAAACBAV4AQMDAwQCCArC10K+9jYFHg=="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3910,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688654303,"flow_dst_last_pkt_time":1605291688654248,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688654303,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3Z4+UttHFgBAB+0VLAAABAQgK9jYFScLXQr4="}
-01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3911,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688654612,"flow_dst_last_pkt_time":1605291688654248,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688654612,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/AiUGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3Z4+UttHFgBgB+9l4AAABAQgK9jYFScLXQr4WAwECAAEAAfwDA46RLPCXby2v1fhhEaIIot6g8XiGmSWLgLgejrMgyw66ICkvsU+x9q1tILELIWe9u4V18z4rsB3VSuGPlE2gOpFxACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMKCgAAAAAAHgAcAAAZY2RuLnN5bmRpY2F0aW9uLnR3aW1nLmNvbQAXAAD\/AQABAAAKAAoACNraAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwAp2toAAQAAHQAgkrvLnn5W3A5xznxU8nIj0ij8otKT8iVeuL\/XwL97plwALQACAQEAKwALClpaAwQDAwMCAwEAGwADAgAC2toAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3911,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688611238,"flow_src_last_pkt_time":1605291688654612,"flow_dst_last_pkt_time":1605291688654248,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688654612,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"cdn.syndication.twimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3996,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688654612,"flow_dst_last_pkt_time":1605291688695528,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688695528,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYGKAABNBoNFCkHQgeCALYqAcsBIEmLB5kd7IUo3\/YpAbubOJS20cXxd2mUgBALMDnoAAABAQgKwtdC5\/Y2BUk="}
-01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3999,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688611238,"flow_src_last_pkt_time":1605291688654612,"flow_dst_last_pkt_time":1605291688705717,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1605291688705717,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"cdn.syndication.twimg.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4030,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688712501,"flow_src_last_pkt_time":1605291688712501,"flow_dst_last_pkt_time":1605291688712501,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688712501,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4030,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688712501,"flow_dst_last_pkt_time":1605291688712501,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688712501,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhHQQAAAAAoAL9IGnKAAACBAWgBAIICoWLJ5EAAAAAAQMDBw=="}
-00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4145,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688749044,"flow_dst_last_pkt_time":1605291688749044,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688749044,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4145,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688749044,"flow_dst_last_pkt_time":1605291688749044,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688749044,"pkt":"qtsDr8lk5EKm5WPyht1gCJDMACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAE38IBu+NAO7IAAAAAoAL9ICgwAAACBAWgBAIICm3\/yPIAAAAAAQMDBw=="}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4156,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688712501,"flow_dst_last_pkt_time":1605291688754068,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688754068,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAYqAcsBIEmLB5kd7IUo3\/YpAbvVxjGyAqhUIR0FoBJXgNU8AAACBAV4AQMDAwQCCArC10MXhYsnkQ=="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4158,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688754101,"flow_dst_last_pkt_time":1605291688754068,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688754101,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhHQUxsgKpgBAB+1kkAAABAQgKhYsnu8LXQxc="}
-01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4161,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688754330,"flow_dst_last_pkt_time":1605291688754068,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688754330,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhHQUxsgKpgBgB+7qNAAABAQgKhYsnu8LXQxcWAwECAAEAAfwDAyXaTUGeswmyVM8\/Dl2Qf5fitrGFmVKyru8OELloUAwbIMUqQj\/L7tNTcV3UD9UpA2mjeLajzAaCv8lzw2\/F86fvACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAGwAZAAAWc3RhdGljLmRvdWJsZWNsaWNrLm5ldAAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApSkoAAQAAHQAgkJbXOIyvxcmniIJLU3Qom4gz6w8\/FjW9fJVELvdvcGIALQACAQEAKwALCvr6AwQDAwMCAwEAGwADAgACWloAAQAAFQDGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01230{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4161,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688712501,"flow_src_last_pkt_time":1605291688754330,"flow_dst_last_pkt_time":1605291688754068,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688754330,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4267,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688749044,"flow_dst_last_pkt_time":1605291688786435,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688786435,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbvfwoEYYXPjQDuzoBJXgOVIAAACBAV4AQMDAwQCCArC10M\/bf\/I8g=="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4268,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688786460,"flow_dst_last_pkt_time":1605291688786435,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688786460,"pkt":"qtsDr8lk5EKm5WPyht1gCJDMACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAE38IBu+NAO7OBGGF0gBAB+2k0AAABAQgKbf\/JGMLXQz8="}
-01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4269,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688786633,"flow_dst_last_pkt_time":1605291688786435,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688786633,"pkt":"qtsDr8lk5EKm5WPyht1gCJDMAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAE38IBu+NAO7OBGGF0gBgB+9LpAAABAQgKbf\/JGMLXQz8WAwECAAEAAfwDAxslW\/nV6n4TSU+WU427vUmpkTBTAfJMCiXCjsW6jsM1IDI9pBtUEgNPXXn3m6DfkXTykQkxvHtW6AlECtSxtZwqACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAEwARAAAOd3d3Lmdvb2dsZS5jb20AFwAA\/wEAAQAACgAKAAh6egAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKXp6AAEAAB0AIOcwVI1IhWdfqyJF52U0JaQN9BKpJPL3krZ3EsrflGwKAC0AAgEBACsACwq6ugMEAwMDAgMBABsAAwIAAvr6AAEAABUAzgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4269,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688786633,"flow_dst_last_pkt_time":1605291688786435,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688786633,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4296,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688754330,"flow_dst_last_pkt_time":1605291688794873,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688794873,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAYqAcsBIEmLB5kd7IUo3\/YpAbvVxjGyAqlUIR8KgBALME23AAABAQgKwtdDSoWLJ7s="}
-02180{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":4390,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291688611238,"flow_src_last_pkt_time":1605291688786771,"flow_dst_last_pkt_time":1605291688811895,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":523,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1624,"flow_dst_tot_l4_payload_len":5905,"midstream":0,"thread_ts_usec":1605291688811895,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":12135.2,"max":51136,"stddev":17866.3,"var":319203328.0,"ent":3.5,"data": [43010,43065,309,41280,10189,51136,400,38397,3509,41489,471,1,468,4,62,52,2291,169,102,38533,0,1,0,35978,9,3,58,5162,2233,17560,249]},"pktlen": {"min":72,"avg":307.8,"max":1280,"stddev":396.4,"var":157103.1,"ent":4.1,"data": [80,80,72,589,72,171,72,595,72,1280,72,1280,1280,72,72,409,72,146,164,459,72,327,327,168,72,72,72,103,72,72,103,1280]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,2,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1],"entropies": [5.156615734,5.498501778,5.447478771,4.680018902,5.305136681,6.159050465,5.343176365,5.095525742,5.322429657,7.814732552,5.475256443,7.833696365,7.860356808,5.419701099,5.436994553,7.369849682,5.475256443,6.433616161,6.626874924,7.528322220,5.360692024,7.254635811,7.262678146,6.541914940,5.447478771,5.475256443,5.447478771,6.000376225,5.388469696,5.360692024,5.934231758,7.832221508]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-01275{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4414,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688712501,"flow_src_last_pkt_time":1605291688754330,"flow_dst_last_pkt_time":1605291688813598,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688813598,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4492,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291688830061,"flow_dst_last_pkt_time":1605291688830061,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688830061,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4492,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688830061,"flow_dst_last_pkt_time":1605291688830061,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688830061,"pkt":"qtsDr8lk5EKm5WPyht1gBrB0ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAB4woBuyKqv5AAAAAAoAL9IFwjAAACBAWgBAIICu7gTZEAAAAAAQMDBw=="}
-00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4499,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688831210,"flow_src_last_pkt_time":1605291688831210,"flow_dst_last_pkt_time":1605291688831210,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688831210,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4499,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688831210,"flow_dst_last_pkt_time":1605291688831210,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688831210,"pkt":"qtsDr8lk5EKm5WPyht1gDPOvACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACAWzEgBu0zLu+wAAAAAoAL9IM9TAAACBAWgBAIICkSadMcAAAAAAQMDBw=="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4508,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688786633,"flow_dst_last_pkt_time":1605291688833881,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688833881,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbvfwoEYYXTjQD24gBALMF3PAAABAQgKwtdDam3\/yRg="}
-00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4537,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688843899,"flow_src_last_pkt_time":1605291688843899,"flow_dst_last_pkt_time":1605291688843899,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688843899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4537,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688843899,"flow_dst_last_pkt_time":1605291688843899,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688843899,"pkt":"qtsDr8lk5EKm5WPyht1gAjZHACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMYBu5\/Vp\/oAAAAAoAL9IC3PAAACBAWgBAIICjfz93gAAAAAAQMDBw=="}
-00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4538,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688843948,"flow_src_last_pkt_time":1605291688843948,"flow_dst_last_pkt_time":1605291688843948,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688843948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4538,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688843948,"flow_dst_last_pkt_time":1605291688843948,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688843948,"pkt":"qtsDr8lk5EKm5WPyht1gC3ZcACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMgBu1ulIdYAAAAAoAL9IPghAAACBAWgBAIICjfz93gAAAAAAQMDBw=="}
-01255{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4539,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688786633,"flow_dst_last_pkt_time":1605291688848925,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688848925,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4815,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688843899,"flow_dst_last_pkt_time":1605291688889230,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688889230,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4xvp17E2f1af7oBJXgOZHAAACBAV4AQMDAwQCCArC10OnN\/P3eA=="}
-00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4816,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688843948,"flow_dst_last_pkt_time":1605291688889231,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688889231,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4yD8lZERbpSHXoBJXgPP1AAACBAV4AQMDAwQCCArC10OmN\/P3eA=="}
-00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4820,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688889272,"flow_dst_last_pkt_time":1605291688889230,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688889272,"pkt":"qtsDr8lk5EKm5WPyht1gAjZHACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMYBu5\/Vp\/v6dexOgBAB+2orAAABAQgKN\/P3psLXQ6c="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4821,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688889299,"flow_dst_last_pkt_time":1605291688889231,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688889299,"pkt":"qtsDr8lk5EKm5WPyht1gC3ZcACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMgBu1ulIdc\/JWRFgBAB+3fZAAABAQgKN\/P3psLXQ6Y="}
-01234{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4826,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688889651,"flow_dst_last_pkt_time":1605291688889230,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688889651,"pkt":"qtsDr8lk5EKm5WPyht1gAjZHAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMYBu5\/Vp\/v6dexOgBgB+wBCAAABAQgKN\/P3psLXQ6cWAwECAAEAAfwDAznRqrI3BjpH0fMAjhWc3pmJOvHC\/\/j965\/A5lDlxh6gIDLxR7\/ypcsELHSllGpRYQ5lC32jGxm0ISoXtgzdDW32ACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPKygAAAAAAFgAUAAARZm9udHMuZ3N0YXRpYy5jb20AFwAA\/wEAAQAACgAKAAh6egAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKXp6AAEAAB0AILgo0nok9EKnwiVyB76v1YPllAYprQfO501YUPqbQH86AC0AAgEBACsACwrKygMEAwMDAgMBABsAAwIAAtraAAEAABUAywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01213{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4826,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688843899,"flow_src_last_pkt_time":1605291688889651,"flow_dst_last_pkt_time":1605291688889230,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688889651,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4827,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688889830,"flow_dst_last_pkt_time":1605291688889231,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688889830,"pkt":"qtsDr8lk5EKm5WPyht1gC3ZcAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMgBu1ulIdc\/JWRFgBgB+\/TaAAABAQgKN\/P3psLXQ6YWAwECAAEAAfwDAy7heESofJEzNLpKC6m4EcWF3nwglvjLt2LPUv7yUvYtICOazh2ftjIMIz\/UcLVP0+BLLLQerkGXc0LbFnQmwjmQACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAFgAUAAARZm9udHMuZ3N0YXRpYy5jb20AFwAA\/wEAAQAACgAKAAgaGgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKRoaAAEAAB0AINLvbr+LEAbtuJUEM5hwiBTekJnwVlsSGnoYC4BLgTo4AC0AAgEBACsACwoaGgMEAwMDAgMBABsAAwIAAhoaAAEAABUAywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01213{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4827,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688843948,"flow_src_last_pkt_time":1605291688889830,"flow_dst_last_pkt_time":1605291688889231,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688889830,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4856,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688830061,"flow_dst_last_pkt_time":1605291688893806,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688893806,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvjCkXQfikiqr+RoBJXgDd0AAACBAV4AQMDAwQCCArC10OZ7uBNkQ=="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4858,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688893841,"flow_dst_last_pkt_time":1605291688893806,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688893841,"pkt":"qtsDr8lk5EKm5WPyht1gBrB0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAB4woBuyKqv5FF0H4qgBAB+7tFAAABAQgK7uBN0cLXQ5k="}
-01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4861,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688894065,"flow_dst_last_pkt_time":1605291688893806,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688894065,"pkt":"qtsDr8lk5EKm5WPyht1gBrB0AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAB4woBuyKqv5FF0H4qgBgB+5EWAAABAQgK7uBN0cLXQ5kWAwECAAEAAfwDAw\/cwYtpk8EY2nFSet6HfhMTIva07YBjsHCyF\/EXCY4lIET\/tOg8vSE9lW4MNj+8zcNcKH9YOh6jVhMXDVw4Nj\/KACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAEgAQAAANeXQzLmdncGh0LmNvbQAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApSkoAAQAAHQAgNH1NsmWXDLZE3tZCuT77ObLFazHLQDqNeh9VcGafUUsALQACAQEAKwALCrq6AwQDAwMCAwEAGwADAgACWloAAQAAFQDPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4861,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291688894065,"flow_dst_last_pkt_time":1605291688893806,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688894065,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4865,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688831210,"flow_dst_last_pkt_time":1605291688894545,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688894545,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgVAAAAAAAAIBYqAcsBIEmLB5kd7IUo3\/YpAbvMSCvRvaZMy7vtoBJXgIUlAAACBAV4AQMDAwQCCArC10OaRJp0xw=="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4867,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688894570,"flow_dst_last_pkt_time":1605291688894545,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688894570,"pkt":"qtsDr8lk5EKm5WPyht1gDPOvACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACAWzEgBu0zLu+0r0b2ngBAB+wj4AAABAQgKRJp1BsLXQ5o="}
-02164{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":4882,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688895635,"flow_dst_last_pkt_time":1605291688895679,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":990,"flow_dst_tot_l4_payload_len":9898,"midstream":0,"thread_ts_usec":1605291688895679,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9458.9,"max":62320,"stddev":17558.3,"var":308293920.0,"ent":3.0,"data": [37391,37416,173,47446,15044,0,62320,24,361,320,2535,232,269,39947,114,0,2294,39328,242,2903,2650,782,796,254,1,2,253,13,20,95,1]},"pktlen": {"min":72,"avg":412.8,"max":1280,"stddev":483.3,"var":233579.9,"ent":4.1,"data": [80,80,72,589,72,1280,1280,72,72,289,72,136,164,358,72,72,72,652,72,103,497,72,1280,72,1280,1280,1280,72,72,72,1280,292]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,0,1,1,1,0,0,0,1,1],"entropies": [4.742643356,5.251736641,5.156122208,4.431118965,5.052281380,7.795456409,7.833138943,5.183899879,5.183899879,7.222666740,5.183899879,6.136840343,6.526112080,7.291018963,5.080059052,5.080059052,5.107836723,7.666177273,5.098598480,5.762085438,7.464744568,5.183899879,7.830111027,5.156122208,7.819734097,7.865944386,7.829904556,5.128344536,5.156122208,5.100566864,7.822502613,7.162058353]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4885,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688895701,"flow_dst_last_pkt_time":1605291688894545,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688895701,"pkt":"qtsDr8lk5EKm5WPyht1gDPOvAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACAWzEgBu0zLu+0r0b2ngBgB+10nAAABAQgKRJp1B8LXQ5oWAwECAAEAAfwDA7oV79R4wHgRAL7AbVXE9v058PsBigjvSIOLh78hsprPIH89NlzV0TnECw3jtHrFgKXeJLtftYSCOzC0pH+h068qACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAEAAOAAALaS55dGltZy5jb20AFwAA\/wEAAQAACgAKAAhqagAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKWpqAAEAAB0AIDrwMaG6jpMb0YufYlUyECjXCvQ2CIEExX7BF92xG1MCAC0AAgEBACsACwoqKgMEAwMDAgMBABsAAwIAAvr6AAEAABUA0QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01203{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4885,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688831210,"flow_src_last_pkt_time":1605291688895701,"flow_dst_last_pkt_time":1605291688894545,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688895701,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5519,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688889651,"flow_dst_last_pkt_time":1605291688954910,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688954910,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4xvp17E6f1aoAgBALMF7QAAABAQgKwtdDyDfz96Y="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5581,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688894065,"flow_dst_last_pkt_time":1605291688962330,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688962330,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvjCkXQfioiqsGWgBALMK\/YAAABAQgKwtdDzO7gTdE="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5584,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688895701,"flow_dst_last_pkt_time":1605291688962332,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688962332,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgVAAAAAAAAIBYqAcsBIEmLB5kd7IUo3\/YpAbvMSCvRvadMy73ygBALMP2JAAABAQgKwtdDzUSadQc="}
-01250{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5588,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291688894065,"flow_dst_last_pkt_time":1605291688963049,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688963049,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01248{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5606,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688831210,"flow_src_last_pkt_time":1605291688895701,"flow_dst_last_pkt_time":1605291688963101,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688963101,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5607,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688889830,"flow_dst_last_pkt_time":1605291688963102,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688963102,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4yD8lZEVbpSPcgBALMGx9AAABAQgKwtdDyDfz96Y="}
-01258{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5611,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688843899,"flow_src_last_pkt_time":1605291688889651,"flow_dst_last_pkt_time":1605291688963103,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688963103,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01258{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5621,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688843948,"flow_src_last_pkt_time":1605291688889830,"flow_dst_last_pkt_time":1605291688963145,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688963145,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-02150{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":5669,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291689005944,"flow_dst_last_pkt_time":1605291689006046,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1039,"flow_dst_tot_l4_payload_len":8982,"midstream":0,"thread_ts_usec":1605291689006046,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":11350.6,"max":68993,"stddev":22767.9,"var":518376128.0,"ent":2.8,"data": [63745,63780,224,68524,719,1,1,1,68993,14,7,6,49,23,8336,2581,2495,40185,1017,0,0,27807,170,1594,1,1430,17,147,0,1,0]},"pktlen": {"min":72,"avg":385.7,"max":1280,"stddev":459.2,"var":210886.5,"ent":4.1,"data": [80,80,72,589,72,1280,1280,1280,1280,72,72,72,72,469,72,136,164,407,72,652,72,72,72,103,103,503,72,72,1280,1280,328,111]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,0,0,1,1,0,0,1,1,1,1],"entropies": [4.810268402,5.216053009,5.081305027,4.495285511,5.070961475,7.775168419,7.813756466,7.830919743,7.820947170,5.175122738,5.202900410,5.175122738,5.164638042,7.419659138,5.202900410,6.144525528,6.597908497,7.465239525,5.081446171,7.628419399,5.025890350,5.081446171,5.136860371,5.834997177,5.649486065,7.575581074,5.202900410,5.202900410,7.817056179,7.851086140,7.198029995,5.871317387]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
-02157{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":5691,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291688843899,"flow_src_last_pkt_time":1605291689013039,"flow_dst_last_pkt_time":1605291689013078,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1086,"flow_dst_tot_l4_payload_len":9699,"midstream":0,"thread_ts_usec":1605291689013078,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":10913.5,"max":73480,"stddev":20451.9,"var":418282080.0,"ent":3.0,"data": [45331,45373,379,65680,8193,73480,42,0,21,5,12589,926,174,173,41157,1595,28896,105,3348,1,0,3744,1,0,1,6991,22,3,3,85,1]},"pktlen": {"min":72,"avg":409.5,"max":1280,"stddev":484.5,"var":234727.2,"ent":4.1,"data": [80,80,72,589,72,1280,72,1280,341,72,72,136,164,373,153,72,652,72,103,72,72,72,466,1280,1280,1280,72,72,72,72,1280,1280]},"bins": {"c_to_s": [11,0,3,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,0,0,0,0,1,1,0,0,1,1,1,1,1,1,1,0,0,0,0,1,1],"entropies": [4.855388641,5.270608902,5.232646942,4.480056286,5.091208458,7.815004349,5.193278790,7.850385666,7.281913757,5.248834610,5.137723923,6.052643776,6.521836281,7.361442566,6.438180447,5.052281380,7.594014645,5.288202286,5.794967651,5.135614395,5.191169739,5.137001514,7.486030579,7.839892864,7.804619789,7.849721909,5.260424614,5.260424614,5.288202286,5.277717590,7.826467514,7.832191467]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-02163{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":5714,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291688831210,"flow_src_last_pkt_time":1605291689029453,"flow_dst_last_pkt_time":1605291689029440,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1007,"flow_dst_tot_l4_payload_len":10130,"midstream":0,"thread_ts_usec":1605291689029453,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":12789.5,"max":67787,"stddev":22343.4,"var":499229344.0,"ent":3.2,"data": [63335,63360,1131,67787,769,1,1,67414,6,6,11732,1751,188,41623,368,28482,452,4153,0,1923,5466,17937,17942,106,77,226,1,0,0,229,7]},"pktlen": {"min":72,"avg":420.5,"max":1280,"stddev":488.8,"var":238946.4,"ent":4.1,"data": [80,80,72,589,72,1280,1280,751,72,72,72,136,164,375,72,652,72,103,72,72,103,72,456,72,1280,72,1280,1280,1280,1280,72,72]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,0,0],"entropies": [4.855387688,5.286172390,5.166606426,4.403482437,5.097352028,7.810871601,7.864149094,7.683444977,5.164638042,5.232646465,5.288201809,6.259301662,6.552115440,7.385071278,5.107836723,7.668366432,5.149313450,5.867877483,5.069574356,5.080059052,5.803856373,5.204868793,7.481070042,5.260424137,7.860325813,5.260424137,7.834439754,7.818997860,7.817288876,7.835785389,5.232646465,5.260424137]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
-00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7094,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291689408040,"flow_src_last_pkt_time":1605291689408040,"flow_dst_last_pkt_time":1605291689408040,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291689408040,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7094,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1605291689408040,"flow_dst_last_pkt_time":1605291689408040,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291689408040,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPoYYAAAAAoAL9IMRnAAACBAWgBAIICql08xMAAAAAAQMDBw=="}
-00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7110,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1605291689408040,"flow_dst_last_pkt_time":1605291689433785,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291689433785,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdQHZ86cETj6GHoBJXgAFCAAACBAV4AQMDAwQCCArC10XLqXTzEw=="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7111,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_src_last_pkt_time":1605291689433808,"flow_dst_last_pkt_time":1605291689433785,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291689433808,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPoYd2fOnCgBAB+4U5AAABAQgKqXTzLcLXRcs="}
-01227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7112,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_src_last_pkt_time":1605291689434011,"flow_dst_last_pkt_time":1605291689433785,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291689434011,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPoYd2fOnCgBgB++8gAAABAQgKqXTzLcLXRcsWAwECAAEAAfwDA6RBXFL39VgIijsWwJFOltTc3vBqkkKxNvmogVMM7+5TILt5Vv+iuY3iWQRNNnRaBO\/M2VarJ+AOmhROa9hHR21oACDKyhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAFwAVAAASZ2F0ZXdheS5yZWRkaXQuY29tABcAAP8BAAEAAAoACgAImpoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmamgABAAAdACALvUrkozxMntRnju+5MswRTyImrHAw8nJkdOYI+WcPaQAtAAIBAQArAAsKamoDBAMDAwIDAQAbAAMCAAJaWgABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7112,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291689408040,"flow_src_last_pkt_time":1605291689434011,"flow_dst_last_pkt_time":1605291689433785,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291689434011,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"gateway.reddit.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8668,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1605291689434011,"flow_dst_last_pkt_time":1605291689577974,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291689577974,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdQHZ86cITj6OMgBALMHnhAAABAQgKwtdF6al08y0="}
-01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8671,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291689408040,"flow_src_last_pkt_time":1605291689434011,"flow_dst_last_pkt_time":1605291689577976,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291689577976,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"gateway.reddit.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01563{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8678,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291689408040,"flow_src_last_pkt_time":1605291689578012,"flow_dst_last_pkt_time":1605291689578047,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291689578047,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"gateway.reddit.com","tls": {"version":"TLSv1.2","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}}}
-01959{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":8914,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291689408040,"flow_src_last_pkt_time":1605291689629927,"flow_dst_last_pkt_time":1605291689672104,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1710,"flow_dst_tot_l4_payload_len":4392,"midstream":0,"thread_ts_usec":1605291689672104,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":15675.8,"max":144189,"stddev":36484.9,"var":1331146624.0,"ent":2.7,"data": [25745,25768,203,144189,2,0,143997,4,71,1,41,7,2508,597,1253,49737,1,0,1,45397,18,103,1,65,704,437,888,38392,2516,1067,2238]},"pktlen": {"min":72,"avg":263.2,"max":1120,"stddev":320.8,"var":102914.8,"ent":4.2,"data": [80,80,72,589,72,1120,1120,72,72,1120,587,72,72,165,171,471,72,72,330,138,72,72,72,439,72,110,566,142,72,72,72,114]},"bins": {"c_to_s": [9,1,2,1,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,1,1,0,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,0,0,1,1,1,1],"entropies": [4.857011795,5.259831905,5.179864883,4.529115200,5.055853844,6.908260822,7.364731312,5.245904922,5.218127251,7.327914715,7.541935444,5.162571907,5.218127251,6.139030457,6.351455688,7.439690113,5.166965008,5.139187336,7.125073433,6.245332241,5.235420227,5.273682594,5.139187336,7.450459003,5.273682594,5.556783676,7.574505329,6.164192200,5.085018635,5.139187336,5.139187336,5.963419437]}}
-01566{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8914,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291689408040,"flow_src_last_pkt_time":1605291689629927,"flow_dst_last_pkt_time":1605291689672104,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1710,"flow_dst_tot_l4_payload_len":4392,"midstream":0,"thread_ts_usec":1605291689672104,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"gateway.reddit.com","tls": {"version":"TLSv1.2","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}}}
-00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9080,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690373466,"flow_src_last_pkt_time":1605291690373466,"flow_dst_last_pkt_time":1605291690373466,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690373466,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9080,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690373466,"flow_dst_last_pkt_time":1605291690373466,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690373466,"pkt":"qtsDr8lk5EKm5WPyht1gB68TACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6Su2UAAAAAoAL9IFr7AAACBAWgBAIIClRf7UgAAAAAAQMDBw=="}
-00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9081,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690384370,"flow_dst_last_pkt_time":1605291690384370,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690384370,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9081,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690384370,"flow_dst_last_pkt_time":1605291690384370,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690384370,"pkt":"qtsDr8lk5EKm5WPyht1gCvtsACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC58gBu5uynDEAAAAAoAL9IAqWAAACBAWgBAIICgxmJysAAAAAAQMDBw=="}
-00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9082,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690373466,"flow_dst_last_pkt_time":1605291690396189,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690396189,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHPls7Xl4+krtmoBJXgDq4AAACBAV4AQMDAwQCCArC10mNVF\/tSA=="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9083,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690396234,"flow_dst_last_pkt_time":1605291690396189,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690396234,"pkt":"qtsDr8lk5EKm5WPyht1gB68TACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6Su2ZbO15fgBAB+76yAAABAQgKVF\/tX8LXSY0="}
-01232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9084,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690396643,"flow_dst_last_pkt_time":1605291690396189,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690396643,"pkt":"qtsDr8lk5EKm5WPyht1gB68TAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6Su2ZbO15fgBgB+zbbAAABAQgKVF\/tX8LXSY0WAwECAAEAAfwDA64SJmrzxm107yvjOKaI1Pu1cjYSBc\/95exz0rjqcLhjILOfYHr0cqvSKZIJSl3WjM8QRUOiyuVNGA\/I6TMdHCRqACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMqKgAAAAAAGAAWAAATYWRzZXJ2aWNlLmdvb2dsZS5mcgAXAAD\/AQABAAAKAAoACLq6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApuroAAQAAHQAg3\/\/2kWIRuw+qhxFZZt2KiDOELUjK40mC0jcHETc2SkcALQACAQEAKwALCrq6AwQDAwMCAwEAGwADAgAC2toAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9084,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690373466,"flow_src_last_pkt_time":1605291690396643,"flow_dst_last_pkt_time":1605291690396189,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690396643,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adservice.google.fr","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9086,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690384370,"flow_dst_last_pkt_time":1605291690402898,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690402898,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvnyP\/5OOmbspwyoBJXgGsCAAACBAV4AQMDAwQCCArC10mUDGYnKw=="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9087,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690402927,"flow_dst_last_pkt_time":1605291690402898,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690402927,"pkt":"qtsDr8lk5EKm5WPyht1gCvtsACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC58gBu5uynDL\/+TjqgBAB++8BAAABAQgKDGYnPcLXSZQ="}
-01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9088,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690403285,"flow_dst_last_pkt_time":1605291690402898,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690403285,"pkt":"qtsDr8lk5EKm5WPyht1gCvtsAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC58gBu5uynDL\/+TjqgBgB+\/ThAAABAQgKDGYnPsLXSZQWAwECAAEAAfwDA4n27fFOQ6rPQPzYRqsTa+ksdP+rX8jQfVLwbnF3RpAXIBwq2w1JrwHlb\/2ndJG1eusXeLh3OPImRURXIKxQ06mYACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAGQAXAAAUYWRzZXJ2aWNlLmdvb2dsZS5jb20AFwAA\/wEAAQAACgAKAAhqagAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKWpqAAEAAB0AIA4zyVNHsOh16GCQNKxzMVItdEoHGWpyv6xL6OCprXNaAC0AAgEBACsACwrKygMEAwMDAgMBABsAAwIAAkpKAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9088,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690403285,"flow_dst_last_pkt_time":1605291690402898,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690403285,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adservice.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9089,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690405354,"flow_src_last_pkt_time":1605291690405354,"flow_dst_last_pkt_time":1605291690405354,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690405354,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9089,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690405354,"flow_dst_last_pkt_time":1605291690405354,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690405354,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO15YAAAAAoAL9IOjCAAACBAWgBAIICgKUPwEAAAAAAQMDBw=="}
-00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9090,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690421002,"flow_dst_last_pkt_time":1605291690421002,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690421002,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9090,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690421002,"flow_dst_last_pkt_time":1605291690421002,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690421002,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTDYMAAAAAoAL9IIEIAAACBAWgBAIICl8E6ogAAAAAAQMDBw=="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9091,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690396643,"flow_dst_last_pkt_time":1605291690433317,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690433317,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHPls7Xl8+kr1rgBALMLNSAAABAQgKwtdJs1Rf7V8="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9092,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690403285,"flow_dst_last_pkt_time":1605291690440083,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690440083,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvnyP\/5OOqbsp43gBALMOOjAAABAQgKwtdJtwxmJz4="}
-00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9093,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690405354,"flow_dst_last_pkt_time":1605291690440084,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690440084,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAADRffKUqAcsBIEmLB5kd7IUo3\/YpAbu2Nv\/zx++bDteXoBJXgLoLAAACBAV4AQMDAwQCCArC10m3ApQ\/AQ=="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9094,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690440123,"flow_dst_last_pkt_time":1605291690440084,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690440123,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO15f\/88fwgBAB+z36AAABAQgKApQ\/JMLXSbc="}
-01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9095,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690440589,"flow_dst_last_pkt_time":1605291690440084,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690440589,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO15f\/88fwgBgB+yZ+AAABAQgKApQ\/JMLXSbcWAwECAAEAAfwDAzHDxH8OuokaXnmRWM2CrbjAfCHYM2BC4ANSO6awxT1HIBoNB1TgmMo5CTve1OPkdOp8A4hHU4yRFabWOk7A1qHlACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAHwAdAAAaYWF4LWV1LmFtYXpvbi1hZHN5c3RlbS5jb20AFwAA\/wEAAQAACgAKAAjKygAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKcrKAAEAAB0AIEwwmHcuEXQApsPC5EO8tn5U4uHYbi4IBrp\/HgLH72EYAC0AAgEBACsACwrq6gMEAwMDAgMBABsAAwIAAgoKAAEAABUAwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9095,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690405354,"flow_src_last_pkt_time":1605291690440589,"flow_dst_last_pkt_time":1605291690440084,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690440589,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"aax-eu.amazon-adsystem.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01260{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9096,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690373466,"flow_src_last_pkt_time":1605291690396643,"flow_dst_last_pkt_time":1605291690448852,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690448852,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adservice.google.fr","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9098,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690421002,"flow_dst_last_pkt_time":1605291690449108,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690449108,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvo6PvOtUOc0w2EoBJXgGkiAAACBAV4AQMDAwQCCArC10m3XwTqiA=="}
-01261{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9099,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690403285,"flow_dst_last_pkt_time":1605291690449109,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690449109,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adservice.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9105,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690449141,"flow_dst_last_pkt_time":1605291690449108,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690449141,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTDYT7zrVEgBAB++0WAAABAQgKXwTqpcLXSbc="}
-01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9112,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690449108,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690449801,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTDYT7zrVEgBgB+08XAAABAQgKXwTqpcLXSbcWAwECAAEAAfwDAxCE81jPge8Q+eqa2\/VX8jLyZJaHeUn1XbD4+8ZfZCrNIP1iGayHUC21LtXXhZv4JDAqZ2p5lGfiZ6mCAOAtx5YLACBKShMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAARQBDAABAOGE3NTVhM2ZlZjBiMTg5ZDhhYjViMGQxMDc1OGY2OGEuc2FmZWZyYW1lLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACOrqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwAp6uoAAQAAHQAg8Yk1cLvPAYaln8LnFtEe1h9mnh8DzZmOv04zXf8MiXgALQACAQEAKwALCmpqAwQDAwMCAwEAGwADAgACGhoAAQAAFQCcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01272{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9112,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690449108,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690449801,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9120,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690440589,"flow_dst_last_pkt_time":1605291690482348,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690482348,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAADRffKUqAcsBIEmLB5kd7IUo3\/YpAbu2Nv\/zx\/CbDtmcgBALMDKbAAABAQgKwtdJ3AKUPyQ="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9121,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690482349,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690482349,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvo6PvOtUSc0w+JgBALMOG0AAABAQgKwtdJ318E6qU="}
-01317{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9134,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690483975,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690483975,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01306{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9160,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690405354,"flow_src_last_pkt_time":1605291690440589,"flow_dst_last_pkt_time":1605291690501383,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":1605291690501383,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"aax-eu.amazon-adsystem.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01610{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9166,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1605291690405354,"flow_src_last_pkt_time":1605291690502241,"flow_dst_last_pkt_time":1605291690502750,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5440,"midstream":0,"thread_ts_usec":1605291690502750,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"aax-eu.amazon-adsystem.com","tls": {"version":"TLSv1.2","server_names":"aax-eu.amazon-adsystem.com,aax.amazon-adsystem.com,aax-cpm.amazon-adsystem.com,aax-dtb-web.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=aax-eu.amazon-adsystem.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"5D:18:8E:CB:B7:91:5C:79:26:B5:08:49:FF:2C:24:D8:06:54:91:8B"}}}
-02154{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":9174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690495032,"flow_dst_last_pkt_time":1605291690511816,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1020,"flow_dst_tot_l4_payload_len":5622,"midstream":0,"thread_ts_usec":1605291690511816,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":7680.9,"max":45875,"stddev":12464.9,"var":155373568.0,"ent":3.4,"data": [18528,18557,358,37185,9026,1,2,1,45875,10,14,14,8672,419,266,33620,1,89,1151,1,25433,25,482,7313,1,1,6808,24,7,3698,20526]},"pktlen": {"min":72,"avg":280.1,"max":1280,"stddev":371.7,"var":138197.8,"ent":4.1,"data": [80,80,72,589,72,1280,1280,1280,273,72,72,72,72,136,164,349,72,72,72,652,103,72,72,103,775,516,111,72,72,72,111,72]},"bins": {"c_to_s": [12,1,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0,0,0,0,1],"entropies": [4.830388546,5.286173820,5.175123215,4.582562923,5.135614395,7.820514202,7.848834991,7.840905190,7.029392242,5.204868793,5.232646465,5.232646465,5.232646465,6.256432056,6.550828457,7.277585983,5.097352028,5.107836723,5.107836723,7.629249096,5.686814308,5.260424137,5.260424137,5.854413509,7.698106289,7.556940079,5.871694088,5.222162247,5.166606903,5.166606903,5.962721825,5.004921436]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-02176{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":9193,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690527565,"flow_dst_last_pkt_time":1605291690527527,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1054,"flow_dst_tot_l4_payload_len":6986,"midstream":0,"thread_ts_usec":1605291690527565,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":6873.8,"max":34221,"stddev":11275.4,"var":127133528.0,"ent":3.4,"data": [28106,28139,660,33241,1626,34221,71,30,636,643,4625,213,224,27018,3512,25468,241,4283,1409,5453,77,6348,1,0,6424,34,8,196,1,158,22]},"pktlen": {"min":72,"avg":323.8,"max":1280,"stddev":408.2,"var":166632.7,"ent":4.1,"data": [80,80,72,589,72,1280,72,1280,72,534,72,136,164,422,72,652,72,103,72,103,72,72,482,1280,1280,72,72,72,704,111,72,72]},"bins": {"c_to_s": [13,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,0,1,1,0,1,1,1,1,0,0,0,1,1,0,0],"entropies": [4.750831604,5.256616592,5.147345066,5.037306786,5.025890827,7.794999599,5.175122738,7.849133015,5.175122738,7.594861984,5.147345066,6.103534698,6.601645947,7.415776730,5.023922443,7.687021732,5.175123215,5.854413509,4.959850788,5.758662224,5.147345066,5.053668499,7.493776798,7.824415684,7.830970287,5.175122738,5.175122738,5.147345066,7.700448990,5.878117561,5.175122738,5.175122738]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
-00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9279,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690926655,"flow_src_last_pkt_time":1605291690926655,"flow_dst_last_pkt_time":1605291690926655,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690926655,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9279,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690926655,"flow_dst_last_pkt_time":1605291690926655,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690926655,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX0dQAAAAAoAL9IKwyAAACBAWgBAIIChrDFp8AAAAAAQMDBw=="}
-00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9280,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690926734,"flow_src_last_pkt_time":1605291690926734,"flow_dst_last_pkt_time":1605291690926734,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690926734,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9280,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690926734,"flow_dst_last_pkt_time":1605291690926734,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690926734,"pkt":"qtsDr8lk5EKm5WPyht1gDtx5ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttgBu8JSReQAAAAAoAL9IG1mAAACBAWgBAIIChrDFp8AAAAAAQMDBw=="}
-00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9281,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690926769,"flow_src_last_pkt_time":1605291690926769,"flow_dst_last_pkt_time":1605291690926769,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690926769,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9281,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690926769,"flow_dst_last_pkt_time":1605291690926769,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690926769,"pkt":"qtsDr8lk5EKm5WPyht1gDhnPACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttoBu0y3s24AAAAAoAL9IHV1AAACBAWgBAIIChrDFp8AAAAAAQMDBw=="}
-00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9282,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690926802,"flow_src_last_pkt_time":1605291690926802,"flow_dst_last_pkt_time":1605291690926802,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690926802,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9282,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690926802,"flow_dst_last_pkt_time":1605291690926802,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690926802,"pkt":"qtsDr8lk5EKm5WPyht1gAc2lACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttwBu9DGzOkAAAAAoAL9INfoAAACBAWgBAIIChrDFp8AAAAAAQMDBw=="}
-00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9283,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690926830,"flow_src_last_pkt_time":1605291690926830,"flow_dst_last_pkt_time":1605291690926830,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690926830,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9283,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690926830,"flow_dst_last_pkt_time":1605291690926830,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690926830,"pkt":"qtsDr8lk5EKm5WPyht1gClWEACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABtt4BuzO7JFQAAAAAoAL9IB2IAAACBAWgBAIIChrDFp8AAAAAAQMDBw=="}
-00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9284,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690926867,"flow_src_last_pkt_time":1605291690926867,"flow_dst_last_pkt_time":1605291690926867,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690926867,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9284,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690926867,"flow_dst_last_pkt_time":1605291690926867,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690926867,"pkt":"qtsDr8lk5EKm5WPyht1gBhSQACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAKlRYBu2QKygYAAAAAoAL9IOOcAAACBAWgBAIICqpUDK0AAAAAAQMDBw=="}
-00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9285,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690926912,"flow_src_last_pkt_time":1605291690926912,"flow_dst_last_pkt_time":1605291690926912,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690926912,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9285,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690926912,"flow_dst_last_pkt_time":1605291690926912,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690926912,"pkt":"qtsDr8lk5EKm5WPyht1gBnVWACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGQBuyvivtsAAAAAoAL9IO7kAAACBAWgBAIICriVOzQAAAAAAQMDBw=="}
-00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9286,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690926944,"flow_src_last_pkt_time":1605291690926944,"flow_dst_last_pkt_time":1605291690926944,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690926944,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9286,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690926944,"flow_dst_last_pkt_time":1605291690926944,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690926944,"pkt":"qtsDr8lk5EKm5WPyht1gDhWZACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGYBu2Ns154AAAAAoAL9IJ6VAAACBAWgBAIICriVOzQAAAAAAQMDBw=="}
-00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9287,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690926978,"flow_src_last_pkt_time":1605291690926978,"flow_dst_last_pkt_time":1605291690926978,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690926978,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9287,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690926978,"flow_dst_last_pkt_time":1605291690926978,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690926978,"pkt":"qtsDr8lk5EKm5WPyht1gB5miACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGgBu54QLUEAAAAAoAL9IA5NAAACBAWgBAIICriVOzQAAAAAAQMDBw=="}
-00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9288,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690926998,"flow_src_last_pkt_time":1605291690926998,"flow_dst_last_pkt_time":1605291690926998,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690926998,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9288,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690926998,"flow_dst_last_pkt_time":1605291690926998,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690926998,"pkt":"qtsDr8lk5EKm5WPyht1gCQMiACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGoBuxhoCyUAAAAAoAL9ILYPAAACBAWgBAIICriVOzQAAAAAAQMDBw=="}
-00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9293,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926655,"flow_dst_last_pkt_time":1605291690952219,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690952219,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu21pGefV\/3l9HVoBJXgDRiAAACBAV4AQMDAwQCCArC10u2GsMWnw=="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9294,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690952238,"flow_dst_last_pkt_time":1605291690952219,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690952238,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX0dWRnn1ggBAB+7hZAAABAQgKGsMWucLXS7Y="}
-01227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9298,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690953297,"flow_dst_last_pkt_time":1605291690952219,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690953297,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX0dWRnn1ggBgB+1vDAAABAQgKGsMWusLXS7YWAwECAAEAAfwDA96WEVYjbITPXvxDhOji6nCQdC0KhgTdN6+o+9OqeXt9IDI6n9jVTXE+7b4jG8xDV1LuLRTUARgCyh8fXh42V1VjACD6+hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMqKgAAAAAAFwAVAAASY2RuLmFtcHByb2plY3Qub3JnABcAAP8BAAEAAAoACgAISkoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClKSgABAAAdACC0+5SyJ2jt8tT3w+Is8x7czlNEdFH4IL1ppCYO49RWZwAtAAIBAQArAAsKamoDBAMDAwIDAQAbAAMCAAKKigABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9298,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926655,"flow_src_last_pkt_time":1605291690953297,"flow_dst_last_pkt_time":1605291690952219,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690953297,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9300,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926734,"flow_dst_last_pkt_time":1605291690954541,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690954541,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22KVwltPCUkXloBJXgMhIAAACBAV4AQMDAwQCCArC10u9GsMWnw=="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9301,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690954562,"flow_dst_last_pkt_time":1605291690954541,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690954562,"pkt":"qtsDr8lk5EKm5WPyht1gDtx5ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttgBu8JSReWlcJbUgBAB+0w+AAABAQgKGsMWu8LXS70="}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9302,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926769,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690954643,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22it1t9ZMt7NvoBJXgClQAAACBAV4AQMDAwQCCArC10u9GsMWnw=="}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9303,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926802,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690954643,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23LTmo6vQxszqoBJXgBZ9AAACBAV4AQMDAwQCCArC10u9GsMWnw=="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9304,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690954649,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690954649,"pkt":"qtsDr8lk5EKm5WPyht1gDhnPACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttoBu0y3s28rdbfXgBAB+61FAAABAQgKGsMWu8LXS70="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9305,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690954655,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690954655,"pkt":"qtsDr8lk5EKm5WPyht1gAc2lACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttwBu9DGzOq05qOsgBAB+5pyAAABAQgKGsMWu8LXS70="}
-01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9306,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690954747,"flow_dst_last_pkt_time":1605291690954541,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690954747,"pkt":"qtsDr8lk5EKm5WPyht1gDtx5AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttgBu8JSReWlcJbUgBgB+8dGAAABAQgKGsMWu8LXS70WAwECAAEAAfwDA3+7YXN8uULghjn9Yx4k2QYB36376hmbrRggZ0eXr\/9+IP2iD+DA1k36xX9GOoNszd6eNYaj3dekN9x\/XE8bE1dIACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAFwAVAAASY2RuLmFtcHByb2plY3Qub3JnABcAAP8BAAEAAAoACgAIOjoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACk6OgABAAAdACBER8lo38zcpkmaCPLiXoa6+JDbprOR\/VESBxZzwiOrBgAtAAIBAQArAAsKamoDBAMDAwIDAQAbAAMCAAJaWgABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9306,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926734,"flow_src_last_pkt_time":1605291690954747,"flow_dst_last_pkt_time":1605291690954541,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690954747,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9307,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690954937,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690954937,"pkt":"qtsDr8lk5EKm5WPyht1gDhnPAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttoBu0y3s28rdbfXgBgB+yg+AAABAQgKGsMWu8LXS70WAwECAAEAAfwDAwV9PSLZiieFTsrwb5ePEiAq+zIrQhR0EBkPYuTZcw2xIK9+Ya8AvxlseoGAhp8z2wcy4GRd\/2tgmLnTQoGAr7lmACD6+hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAFwAVAAASY2RuLmFtcHByb2plY3Qub3JnABcAAP8BAAEAAAoACgAIqqoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmqqgABAAAdACCDMYORaya1YaUyb39J38cNu+oTtZdlNYXEhdiyzjyDBAAtAAIBAQArAAsKysoDBAMDAwIDAQAbAAMCAALKygABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9307,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926769,"flow_src_last_pkt_time":1605291690954937,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690954937,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9308,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690955129,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690955129,"pkt":"qtsDr8lk5EKm5WPyht1gAc2lAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttwBu9DGzOq05qOsgBgB+8QTAAABAQgKGsMWvMLXS70WAwECAAEAAfwDA9NQXnr9EPQV5HU7sHg21zD\/k9mVMQCLGTscCRIJvvLdIGZv95UrdgGMWa\/TkNOulH2VrZ4BEKc4CasnxiGwlqMaACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZO6ugAAAAAAFwAVAAASY2RuLmFtcHByb2plY3Qub3JnABcAAP8BAAEAAAoACgAIamoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClqagABAAAdACBaC+dtrwuc9yhJo5wqXEwHFEsHVbwYnP6Z3gN8xzV+DwAtAAIBAQArAAsKKioDBAMDAwIDAQAbAAMCAAJqagABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9308,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926802,"flow_src_last_pkt_time":1605291690955129,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690955129,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9309,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926830,"flow_dst_last_pkt_time":1605291690955375,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690955375,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23lfa6eczuyRVoBJXgHLsAAACBAV4AQMDAwQCCArC10u9GsMWnw=="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9310,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690955404,"flow_dst_last_pkt_time":1605291690955375,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690955404,"pkt":"qtsDr8lk5EKm5WPyht1gClWEACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABtt4BuzO7JFVX2unogBAB+\/bgAAABAQgKGsMWvMLXS70="}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9311,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926867,"flow_dst_last_pkt_time":1605291690955522,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690955522,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgRAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuVFgHH2llkCsoHoBJXgJ6iAAACBAV4AQMDAwQCCArC10u9qlQMrQ=="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9312,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690955530,"flow_dst_last_pkt_time":1605291690955522,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690955530,"pkt":"qtsDr8lk5EKm5WPyht1gBhSQACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAKlRYBu2QKygcBx9pagBAB+yKXAAABAQgKqlQMysLXS70="}
-01226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9313,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690955637,"flow_dst_last_pkt_time":1605291690955375,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690955637,"pkt":"qtsDr8lk5EKm5WPyht1gClWEAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABtt4BuzO7JFVX2unogBgB+4TBAAABAQgKGsMWvMLXS70WAwECAAEAAfwDAyJmBycAvyCH8SnNB2CBC3yfxoIM+Ymce0POg8ZwpXtBIH9PfR9yCxA5tGPPT4cExrc3Qkmd4YTExNykGp6bEZH3ACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAFwAVAAASY2RuLmFtcHByb2plY3Qub3JnABcAAP8BAAEAAAoACgAIqqoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmqqgABAAAdACA6eb9HkRnUV512a5EvGRTLrw7IdAlKbphWjXQpKHePSAAtAAIBAQArAAsK2toDBAMDAwIDAQAbAAMCAAKqqgABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9313,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926830,"flow_src_last_pkt_time":1605291690955637,"flow_dst_last_pkt_time":1605291690955375,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690955637,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9314,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690955751,"flow_dst_last_pkt_time":1605291690955522,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690955751,"pkt":"qtsDr8lk5EKm5WPyht1gBhSQAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAKlRYBu2QKygcBx9pagBgB+7ghAAABAQgKqlQMysLXS70WAwECAAEAAfwDA0MhDCfgcZQW\/qt2QzKimm0T\/Isca8JmVqeJQDbrvBrqINQ4uQD4cMulecpeDh4RGq5zfSr3G28+STtUMIilUyfGACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNaWgAAAAAAGQAXAAAUZm9udHMuZ29vZ2xlYXBpcy5jb20AFwAA\/wEAAQAACgAKAAiqqgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKaqqAAEAAB0AIKLIRrB\/9d\/081INPFyx1jcz47jhpMuBOz2amAM9LokCAC0AAgEBACsACwqKigMEAwMDAgMBABsAAwIAAsrKAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9314,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926867,"flow_src_last_pkt_time":1605291690955751,"flow_dst_last_pkt_time":1605291690955522,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690955751,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.googleapis.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9315,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926912,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690956447,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZEy\/C8or4r7coBJXgC2BAAACBAV4AQMDAwQCCArC10u+uJU7NA=="}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9316,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926944,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690956447,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZgWfUkJjbNefoBJXgN3ZAAACBAV4AQMDAwQCCArC10u+uJU7NA=="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9317,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690956458,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690956458,"pkt":"qtsDr8lk5EKm5WPyht1gBnVWACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGQBuyvivtxMvwvLgBAB+7F0AAABAQgKuJU7UsLXS74="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9318,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690956464,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690956464,"pkt":"qtsDr8lk5EKm5WPyht1gDhWZACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGYBu2Ns158Fn1JDgBAB+2HNAAABAQgKuJU7UsLXS74="}
-01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9319,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690956563,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690956563,"pkt":"qtsDr8lk5EKm5WPyht1gBnVWAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGQBuyvivtxMvwvLgBgB+weLAAABAQgKuJU7UsLXS74WAwECAAEAAfwDA\/KqVcb+jqsuy+pc9KilYVgZAEzQ86cjwq67GKq7nQtaIOrgXduV1ht3HJ4NSaQ01nhk1SGFsiLuJ4S0a7eBU0YJACCKihMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMqKgAAAAAAHgAcAAAZdHBjLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACAoKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApCgoAAQAAHQAgQy2WiyCHDU6V4a0QbWLV7\/15JREGysw3jo2qrGJjK34ALQACAQEAKwALCqqqAwQDAwMCAwEAGwADAgACCgoAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9319,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926912,"flow_src_last_pkt_time":1605291690956563,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690956563,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9320,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690956668,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690956668,"pkt":"qtsDr8lk5EKm5WPyht1gDhWZAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGYBu2Ns158Fn1JDgBgB+7CTAAABAQgKuJU7UsLXS74WAwECAAEAAfwDA4K6LYgb9peQAaC+yGKSfQ44ncZ84XdNSq8PqNFo+UyoIJHCilmb8BVAxV8SeOqltgKl5o0ytImnEj4UpvBg7WThACC6uhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAHgAcAAAZdHBjLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACLq6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApuroAAQAAHQAgMcGXgSTPtAvtHwaBrppAs1ogUhPlYdie8\/zN2rMve0cALQACAQEAKwALCkpKAwQDAwMCAwEAGwADAgACiooAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9320,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926944,"flow_src_last_pkt_time":1605291690956668,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690956668,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9321,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926998,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690957467,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQan0Owi4YaAsmoBJXgA33AAACBAV4AQMDAwQCCArC10u\/uJU7NA=="}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9322,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926978,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690957467,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQaPhCx3meEC1CoBJXgOW1AAACBAV4AQMDAwQCCArC10u+uJU7NA=="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9323,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690957477,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690957477,"pkt":"qtsDr8lk5EKm5WPyht1gCQMiACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGoBuxhoCyZ9DsIvgBAB+5HpAAABAQgKuJU7U8LXS78="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9324,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690957484,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690957484,"pkt":"qtsDr8lk5EKm5WPyht1gB5miACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGgBu54QLUL4Qsd6gBAB+2moAAABAQgKuJU7U8LXS74="}
-01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9325,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690957577,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690957577,"pkt":"qtsDr8lk5EKm5WPyht1gCQMiAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGoBuxhoCyZ9DsIvgBgB+\/1RAAABAQgKuJU7U8LXS78WAwECAAEAAfwDA65NQ9z+8vgCXkINXWcIT6WxgXSerIkD30OtzZ9Uf8RRIDWtk7CyEcZiHB5uWIXfY5Croj84Q3kSS9jhYTHY4t\/XACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAHgAcAAAZdHBjLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACGpqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApamoAAQAAHQAgAZPl\/EpHfkyE8GocRMfQRm6hqCG5SYQknfR1D0l4PTwALQACAQEAKwALCsrKAwQDAwMCAwEAGwADAgACKioAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9325,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926998,"flow_src_last_pkt_time":1605291690957577,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690957577,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9326,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690957682,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690957682,"pkt":"qtsDr8lk5EKm5WPyht1gB5miAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGgBu54QLUL4Qsd6gBgB+673AAABAQgKuJU7U8LXS74WAwECAAEAAfwDA+YyRlzceVtjHpKgho8tByOApAEJPG4M0zvRjAEsHgJBIF8\/qPM2GhQmlTMTYTjE9hyVNZH92oU6Aa5vM+YWAZkYACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMKCgAAAAAAHgAcAAAZdHBjLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACKqqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApqqoAAQAAHQAgklNVX2zbnVcJGiMo7ZekGZnIRwL3wUnQ0+pmG+dpG2cALQACAQEAKwALCsrKAwQDAwMCAwEAGwADAgACmpoAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9326,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926978,"flow_src_last_pkt_time":1605291690957682,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690957682,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9329,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690953297,"flow_dst_last_pkt_time":1605291690983708,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690983708,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu21pGefWD3l9PagBALMKz6AAABAQgKwtdL2hrDFro="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9342,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690954747,"flow_dst_last_pkt_time":1605291690987243,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690987243,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22KVwltTCUkfqgBALMEDkAAABAQgKwtdL3RrDFrs="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9343,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690954937,"flow_dst_last_pkt_time":1605291690989609,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690989609,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22it1t9dMt7V0gBALMKHqAAABAQgKwtdL3hrDFrs="}
-01259{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9344,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926655,"flow_src_last_pkt_time":1605291690953297,"flow_dst_last_pkt_time":1605291690990862,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690990862,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9355,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690955129,"flow_dst_last_pkt_time":1605291690991527,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690991527,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23LTmo6zQxs7vgBALMI8TAAABAQgKwtdL4RrDFrw="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9356,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690955637,"flow_dst_last_pkt_time":1605291690992341,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690992341,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23lfa6egzuyZagBALMOuCAAABAQgKwtdL4RrDFrw="}
-00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9357,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690992851,"flow_src_last_pkt_time":1605291690992851,"flow_dst_last_pkt_time":1605291690992851,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690992851,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9357,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690992851,"flow_dst_last_pkt_time":1605291690992851,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690992851,"pkt":"qtsDr8lk5EKm5WPyht1gDPazACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGwBu4uuzGcAAAAAoAL9IIFCAAACBAWgBAIICriVO3YAAAAAAQMDBw=="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9358,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690955751,"flow_dst_last_pkt_time":1605291690993446,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690993446,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgRAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuVFgHH2lpkCswMgBALMBc4AAABAQgKwtdL4qpUDMo="}
-01259{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9359,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926734,"flow_src_last_pkt_time":1605291690954747,"flow_dst_last_pkt_time":1605291690994995,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690994995,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01259{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9373,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926769,"flow_src_last_pkt_time":1605291690954937,"flow_dst_last_pkt_time":1605291690996121,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690996121,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9386,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690956563,"flow_dst_last_pkt_time":1605291690996246,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690996246,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZEy\/C8sr4sDhgBALMKYUAAABAQgKwtdL5LiVO1I="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9388,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690956668,"flow_dst_last_pkt_time":1605291690996826,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690996826,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZgWfUkNjbNmkgBALMFZsAAABAQgKwtdL5biVO1I="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9390,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690957682,"flow_dst_last_pkt_time":1605291690998160,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690998160,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQaPhCx3qeEC9HgBALMF5GAAABAQgKwtdL5riVO1M="}
-01259{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9391,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926802,"flow_src_last_pkt_time":1605291690955129,"flow_dst_last_pkt_time":1605291690998161,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690998161,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9392,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690957577,"flow_dst_last_pkt_time":1605291690998162,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690998162,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQan0Owi8YaA0rgBALMIaIAAABAQgKwtdL5riVO1M="}
-01259{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9406,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926830,"flow_src_last_pkt_time":1605291690955637,"flow_dst_last_pkt_time":1605291690999060,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690999060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01269{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9417,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926867,"flow_src_last_pkt_time":1605291690955751,"flow_dst_last_pkt_time":1605291690999503,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690999503,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.googleapis.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9427,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926912,"flow_src_last_pkt_time":1605291690956563,"flow_dst_last_pkt_time":1605291691002443,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291691002443,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9434,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926944,"flow_src_last_pkt_time":1605291690956668,"flow_dst_last_pkt_time":1605291691003085,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291691003085,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9436,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926998,"flow_src_last_pkt_time":1605291690957577,"flow_dst_last_pkt_time":1605291691003087,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291691003087,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9446,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926978,"flow_src_last_pkt_time":1605291690957682,"flow_dst_last_pkt_time":1605291691004686,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291691004686,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9475,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690992851,"flow_dst_last_pkt_time":1605291691029572,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291691029572,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQbO1037mLrsxooBJXgErvAAACBAV4AQMDAwQCCArC10wIuJU7dg=="}
-00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9476,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_src_last_pkt_time":1605291691029601,"flow_dst_last_pkt_time":1605291691029572,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"thread_ts_usec":1605291691029601,"pkt":"qtsDr8lk5EKm5WPyht1gBfK\/ABQGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGwBu4uuzGgAAAAAUAQAANo6AAA="}
-02162{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":9501,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605291690926655,"flow_src_last_pkt_time":1605291691043702,"flow_dst_last_pkt_time":1605291691043566,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1291,"flow_dst_tot_l4_payload_len":11382,"midstream":0,"thread_ts_usec":1605291691043702,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7547.0,"max":42183,"stddev":12243.2,"var":149896752.0,"ent":3.3,"data": [25564,25583,1059,31489,7154,1,37586,36,127,1,1,0,1,87,28,7124,13598,568,199,42183,2,20688,340,10112,7,263,1,3,2,10101,50]},"pktlen": {"min":72,"avg":468.5,"max":1280,"stddev":513.4,"var":263601.8,"ent":4.2,"data": [80,80,72,589,72,1280,1280,72,72,1280,1280,1280,1280,220,72,72,136,164,342,389,72,652,72,103,72,72,72,1062,1280,1280,72,72]},"bins": {"c_to_s": [10,0,2,0,0,0,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,1,1,1,0,0,0,0,0,0,1,1,0,0,1,1,1,1,1,1,0,0],"entropies": [4.825832367,5.281616688,5.136860847,4.553145885,5.043183804,7.811286926,7.839466095,5.164638519,5.164638519,7.864381790,7.859279633,7.843964577,7.841698170,6.810353279,5.109083176,5.136860847,6.135817528,6.436379910,7.296087742,7.276475906,5.025890350,7.637989998,5.136860847,5.737908840,5.098739147,5.043183804,5.070961475,7.799327850,7.850948334,7.827920914,5.136860847,5.136860847]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-02175{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":9585,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291690926912,"flow_src_last_pkt_time":1605291691067608,"flow_dst_last_pkt_time":1605291691069122,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":6622,"midstream":0,"thread_ts_usec":1605291691069122,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9126.0,"max":45897,"stddev":14144.4,"var":200064000.0,"ent":3.4,"data": [29535,29546,105,39799,6197,1,1,45897,20,10,16645,7440,877,217,45409,188,20393,461,14689,1873,1,1,16098,2949,2,0,2950,29,8,1564,1]},"pktlen": {"min":72,"avg":320.9,"max":1280,"stddev":398.4,"var":158685.9,"ent":4.1,"data": [80,80,72,589,72,1280,1280,311,72,72,72,136,164,391,375,72,652,72,103,72,103,72,72,72,551,398,207,72,72,72,1280,1280]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,1,0,0,1,0,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,1,1,1,1,0,1,1,1,0,0,0,1,1],"entropies": [4.860268116,5.316052437,5.175122738,4.626070023,5.053668499,7.798489094,7.858765125,7.213901043,5.175122738,5.175122738,5.136860371,6.074123383,6.494878292,7.385508060,7.250154495,4.998777390,7.691906452,5.175122738,5.820339203,5.053668022,5.765991211,5.015406132,5.015406132,5.147345066,7.610651970,7.403194427,6.718353748,5.175122738,5.175122738,5.114727020,7.829133987,7.837005138]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
-02173{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":9629,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291690926867,"flow_src_last_pkt_time":1605291691075065,"flow_dst_last_pkt_time":1605291691075150,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":987,"flow_dst_tot_l4_payload_len":5335,"midstream":0,"thread_ts_usec":1605291691075150,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9563.9,"max":43801,"stddev":13475.5,"var":181588928.0,"ent":3.6,"data": [28655,28663,221,37924,6057,43801,75,33,588,595,16415,9761,878,43789,3898,20653,579,14876,1700,0,16044,10542,2,1,1,10492,40,13,10,172,3]},"pktlen": {"min":72,"avg":270.1,"max":1280,"stddev":336.6,"var":113301.5,"ent":4.2,"data": [80,80,72,589,72,1280,72,1280,72,572,72,136,164,355,72,652,72,103,72,103,72,72,531,897,272,357,72,72,72,72,111,72]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,0,0,0,0,1,0,1,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,0,1,1,1,0,1,1,1,1,0,0,0,0,1,1],"entropies": [4.786516666,5.247180939,5.070820332,4.566688538,5.043183804,7.807061672,5.053527355,7.847422123,5.025749683,7.577804089,5.043042660,6.031175137,6.392292976,7.341467381,4.977143764,7.597589493,5.081305027,5.788832188,5.004921436,5.547259808,5.015406132,5.081305027,7.471312523,7.741707325,7.060866833,7.323482037,5.109082699,5.109082699,5.064012051,5.053527355,5.763209343,5.043183804]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11226,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291696948991,"flow_src_last_pkt_time":1605291696948991,"flow_dst_last_pkt_time":1605291696948991,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291696948991,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11226,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1605291696948991,"flow_dst_last_pkt_time":1605291696948991,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291696948991,"pkt":"qtsDr8lk5EKm5WPyht1gDNdJACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA006zst54Bu3jHKBQAAAAAoAL9IL45AAACBAWgBAIIClIhuaMAAAAAAQMDBw=="}
-00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11227,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_src_last_pkt_time":1605291696948991,"flow_dst_last_pkt_time":1605291696965238,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291696965238,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAADTTrOwqAcsBIEmLB5kd7IUo3\/YpAbu3nh9OKxV4xygVoBJXgPOCAAACBAV4AQMDAwQCCArC12M3UiG5ow=="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11228,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_src_last_pkt_time":1605291696965302,"flow_dst_last_pkt_time":1605291696965238,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291696965302,"pkt":"qtsDr8lk5EKm5WPyht1gDNdJACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA006zst54Bu3jHKBUfTisWgBAB+3eDAAABAQgKUiG5tMLXYzc="}
-01232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11229,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":4,"flow_src_last_pkt_time":1605291696965939,"flow_dst_last_pkt_time":1605291696965238,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291696965939,"pkt":"qtsDr8lk5EKm5WPyht1gDNdJAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA006zst54Bu3jHKBUfTisWgBgB+wO1AAABAQgKUiG5tMLXYzcWAwECAAEAAfwDAwHqoerYjfOaFlsdXktRRD3igdgx3qxQ0CcSKew4vtFlIIbnh\/g\/aalJEnrSSRBrTzEV6+fgBkXEzuoX27iz\/grEACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOKigAAAAAAGAAWAAATZDkuZmxhc2h0YWxraW5nLmNvbQAXAAD\/AQABAAAKAAoACMrKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApysoAAQAAHQAgPbO2qWewDD8TkBGwdmJPtUCWKvxNvYBt\/Ur80maJ31sALQACAQEAKwALCgoKAwQDAwMCAwEAGwADAgACWloAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11229,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291696948991,"flow_src_last_pkt_time":1605291696965939,"flow_dst_last_pkt_time":1605291696965238,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291696965939,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"d9.flashtalking.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11230,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":5,"flow_src_last_pkt_time":1605291696965939,"flow_dst_last_pkt_time":1605291697012854,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291697012854,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAADTTrOwqAcsBIEmLB5kd7IUo3\/YpAbu3nh9OKxZ4xyoagBALMGwaAAABAQgKwtdjZlIhubQ="}
-01253{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11233,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291696948991,"flow_src_last_pkt_time":1605291696965939,"flow_dst_last_pkt_time":1605291697033621,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291697033621,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"d9.flashtalking.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01666{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11239,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1605291696948991,"flow_src_last_pkt_time":1605291697033689,"flow_dst_last_pkt_time":1605291697034463,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5484,"midstream":0,"thread_ts_usec":1605291697034463,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"d9.flashtalking.com","tls": {"version":"TLSv1.2","server_names":"tag.device9.com,www.tag.device9.com,fp.zenaps.com,the.sciencebehindecommerce.com,d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=tag.device9.com","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"8B:5C:A4:62:70:92:3A:09:C3:72:49:B2:A2:22:32:16:22:87:9D:F3"}}}
-01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":19,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688896703,"flow_dst_last_pkt_time":1605291688963146,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1029,"flow_dst_tot_l4_payload_len":9937,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690495032,"flow_dst_last_pkt_time":1605291690520906,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1020,"flow_dst_tot_l4_payload_len":5622,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":346,"flow_dst_packets_processed":436,"flow_first_seen":1605291687514756,"flow_src_last_pkt_time":1605291688963112,"flow_dst_last_pkt_time":1605291688963101,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6288,"flow_src_tot_l4_payload_len":2635,"flow_dst_tot_l4_payload_len":593653,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":53,"flow_first_seen":1605291690926912,"flow_src_last_pkt_time":1605291691251514,"flow_dst_last_pkt_time":1605291691284111,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2470,"flow_src_tot_l4_payload_len":1613,"flow_dst_tot_l4_payload_len":35472,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
-00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1605291690926944,"flow_src_last_pkt_time":1605291691053408,"flow_dst_last_pkt_time":1605291691053353,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":3236,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1605291690926978,"flow_src_last_pkt_time":1605291691064462,"flow_dst_last_pkt_time":1605291691064427,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":3234,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1605291690926998,"flow_src_last_pkt_time":1605291691062791,"flow_dst_last_pkt_time":1605291691062731,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":3235,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00940{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1605291690992851,"flow_src_last_pkt_time":1605291691029601,"flow_dst_last_pkt_time":1605291691029572,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00794{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1605291690992851,"flow_src_last_pkt_time":1605291691029601,"flow_dst_last_pkt_time":1605291691029572,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1605291687934638,"flow_src_last_pkt_time":1605291688340797,"flow_dst_last_pkt_time":1605291688340782,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":534,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":2175,"flow_dst_tot_l4_payload_len":4448,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":404,"flow_dst_packets_processed":443,"flow_first_seen":1605291684452132,"flow_src_last_pkt_time":1605291698703492,"flow_dst_last_pkt_time":1605291698703481,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":6245,"flow_src_tot_l4_payload_len":148669,"flow_dst_tot_l4_payload_len":333351,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":71,"flow_first_seen":1605291688843899,"flow_src_last_pkt_time":1605291691196841,"flow_dst_last_pkt_time":1605291691232930,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":1372,"flow_dst_tot_l4_payload_len":67858,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1605291684481568,"flow_src_last_pkt_time":1605291684654534,"flow_dst_last_pkt_time":1605291684654507,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":3917,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1605291688843948,"flow_src_last_pkt_time":1605291689005940,"flow_dst_last_pkt_time":1605291689005898,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1605291686035717,"flow_src_last_pkt_time":1605291686148850,"flow_dst_last_pkt_time":1605291686148836,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3664,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":595,"flow_dst_packets_processed":847,"flow_first_seen":1605291686035769,"flow_src_last_pkt_time":1605291696381164,"flow_dst_last_pkt_time":1605291696381155,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":11528,"flow_src_tot_l4_payload_len":9577,"flow_dst_tot_l4_payload_len":1912782,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1605291686035788,"flow_src_last_pkt_time":1605291686148842,"flow_dst_last_pkt_time":1605291686148836,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3664,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1605291686035808,"flow_src_last_pkt_time":1605291686148854,"flow_dst_last_pkt_time":1605291686148837,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3664,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1605291686035833,"flow_src_last_pkt_time":1605291686149793,"flow_dst_last_pkt_time":1605291686149788,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3664,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1605291686035852,"flow_src_last_pkt_time":1605291686156766,"flow_dst_last_pkt_time":1605291686156758,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3664,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00800{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1605291686060608,"flow_src_last_pkt_time":1605291686196906,"flow_dst_last_pkt_time":1605291686196891,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":3963,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00800{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1605291686060634,"flow_src_last_pkt_time":1605291686196376,"flow_dst_last_pkt_time":1605291686196374,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":3963,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":57,"flow_dst_packets_processed":76,"flow_first_seen":1605291686060652,"flow_src_last_pkt_time":1605291697854613,"flow_dst_last_pkt_time":1605291697854587,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":10480,"flow_src_tot_l4_payload_len":2437,"flow_dst_tot_l4_payload_len":96578,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1605291686060669,"flow_src_last_pkt_time":1605291686196363,"flow_dst_last_pkt_time":1605291686196301,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3674,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1182,"flow_dst_packets_processed":4298,"flow_first_seen":1605291686064532,"flow_src_last_pkt_time":1605291695840067,"flow_dst_last_pkt_time":1605291695839757,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":9432,"flow_src_tot_l4_payload_len":6265,"flow_dst_tot_l4_payload_len":5717274,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00800{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1605291686064563,"flow_src_last_pkt_time":1605291686203978,"flow_dst_last_pkt_time":1605291686203957,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":3937,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1605291686064586,"flow_src_last_pkt_time":1605291686203774,"flow_dst_last_pkt_time":1605291686203769,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3648,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1605291686064604,"flow_src_last_pkt_time":1605291686203778,"flow_dst_last_pkt_time":1605291686203769,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3648,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00800{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1605291686084924,"flow_src_last_pkt_time":1605291686232927,"flow_dst_last_pkt_time":1605291686232866,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":3963,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":18,"flow_first_seen":1605291686084954,"flow_src_last_pkt_time":1605291686248308,"flow_dst_last_pkt_time":1605291686283135,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1145,"flow_dst_tot_l4_payload_len":8775,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690530149,"flow_dst_last_pkt_time":1605291690571265,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1093,"flow_dst_tot_l4_payload_len":6986,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
-00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":56,"flow_dst_packets_processed":56,"flow_first_seen":1605291686301196,"flow_src_last_pkt_time":1605291696305230,"flow_dst_last_pkt_time":1605291696305202,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1755,"flow_dst_tot_l4_payload_len":39171,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":22,"flow_first_seen":1605291689408040,"flow_src_last_pkt_time":1605291689979594,"flow_dst_last_pkt_time":1605291689979542,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1710,"flow_dst_tot_l4_payload_len":6627,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1605291688344280,"flow_src_last_pkt_time":1605291688470730,"flow_dst_last_pkt_time":1605291688502649,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":951,"flow_dst_tot_l4_payload_len":6261,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":56,"flow_dst_packets_processed":62,"flow_first_seen":1605291686996891,"flow_src_last_pkt_time":1605291688354639,"flow_dst_last_pkt_time":1605291688354627,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":579,"flow_dst_max_l4_payload_len":5552,"flow_src_tot_l4_payload_len":1679,"flow_dst_tot_l4_payload_len":92457,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":22,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291692129663,"flow_dst_last_pkt_time":1605291692129653,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":768,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":3044,"flow_dst_tot_l4_payload_len":5392,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1605291690405354,"flow_src_last_pkt_time":1605291690626396,"flow_dst_last_pkt_time":1605291690626372,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":676,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":1989,"flow_dst_tot_l4_payload_len":7324,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1605291688611238,"flow_src_last_pkt_time":1605291688858846,"flow_dst_last_pkt_time":1605291688835279,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":523,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1624,"flow_dst_tot_l4_payload_len":5971,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":36,"flow_first_seen":1605291687642048,"flow_src_last_pkt_time":1605291687821101,"flow_dst_last_pkt_time":1605291687853616,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":1006,"flow_dst_tot_l4_payload_len":35001,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":37,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291698436193,"flow_dst_last_pkt_time":1605291698440198,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1474,"flow_dst_tot_l4_payload_len":17331,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
-01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":66,"flow_dst_packets_processed":80,"flow_first_seen":1605291687485783,"flow_src_last_pkt_time":1605291690953734,"flow_dst_last_pkt_time":1605291690985375,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1047,"flow_dst_max_l4_payload_len":5552,"flow_src_tot_l4_payload_len":2823,"flow_dst_tot_l4_payload_len":118668,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
-01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":22,"flow_first_seen":1605291688324076,"flow_src_last_pkt_time":1605291688544035,"flow_dst_last_pkt_time":1605291688572828,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1441,"flow_dst_tot_l4_payload_len":4595,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
-00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1605291696948991,"flow_src_last_pkt_time":1605291697249997,"flow_dst_last_pkt_time":1605291697249971,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":577,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1220,"flow_dst_tot_l4_payload_len":6397,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1605291688336354,"flow_src_last_pkt_time":1605291688453280,"flow_dst_last_pkt_time":1605291688453229,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":3457,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":60,"flow_dst_packets_processed":114,"flow_first_seen":1605291688831210,"flow_src_last_pkt_time":1605291698454977,"flow_dst_last_pkt_time":1605291698470943,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3624,"flow_src_tot_l4_payload_len":1346,"flow_dst_tot_l4_payload_len":122429,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
-01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":28,"flow_first_seen":1605291684451133,"flow_src_last_pkt_time":1605291698565327,"flow_dst_last_pkt_time":1605291698602574,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":824,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":2920,"flow_dst_tot_l4_payload_len":5412,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1605291684451247,"flow_src_last_pkt_time":1605291684592898,"flow_dst_last_pkt_time":1605291684592779,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":3497,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1605291687761761,"flow_src_last_pkt_time":1605291687902854,"flow_dst_last_pkt_time":1605291687902833,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1053,"flow_dst_tot_l4_payload_len":3947,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":22,"flow_first_seen":1605291687933355,"flow_src_last_pkt_time":1605291688585627,"flow_dst_last_pkt_time":1605291688585505,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1673,"flow_dst_tot_l4_payload_len":13072,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1605291690926867,"flow_src_last_pkt_time":1605291691088193,"flow_dst_last_pkt_time":1605291691119107,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1026,"flow_dst_tot_l4_payload_len":5335,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":41,"flow_first_seen":1605291686985710,"flow_src_last_pkt_time":1605291690314896,"flow_dst_last_pkt_time":1605291690314835,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2776,"flow_src_tot_l4_payload_len":1370,"flow_dst_tot_l4_payload_len":39870,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":15,"flow_first_seen":1605291688712501,"flow_src_last_pkt_time":1605291688883590,"flow_dst_last_pkt_time":1605291688927912,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1007,"flow_dst_tot_l4_payload_len":3998,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
-01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":253,"flow_dst_packets_processed":383,"flow_first_seen":1605291687931808,"flow_src_last_pkt_time":1605291698756135,"flow_dst_last_pkt_time":1605291698785302,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":7248,"flow_src_tot_l4_payload_len":5966,"flow_dst_tot_l4_payload_len":742587,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
-00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":15,"flow_first_seen":1605291687896532,"flow_src_last_pkt_time":1605291688158853,"flow_dst_last_pkt_time":1605291688326694,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1060,"flow_dst_tot_l4_payload_len":5643,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":37,"flow_dst_packets_processed":67,"flow_first_seen":1605291690926655,"flow_src_last_pkt_time":1605291691154393,"flow_dst_last_pkt_time":1605291691154374,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":10872,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":109795,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1605291690926734,"flow_src_last_pkt_time":1605291691043840,"flow_dst_last_pkt_time":1605291691043780,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":7975,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1605291690926769,"flow_src_last_pkt_time":1605291691043854,"flow_dst_last_pkt_time":1605291691043782,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":7974,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1605291690926802,"flow_src_last_pkt_time":1605291691043975,"flow_dst_last_pkt_time":1605291691043952,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":7975,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1605291690926830,"flow_src_last_pkt_time":1605291691044050,"flow_dst_last_pkt_time":1605291691043957,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":7976,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":63,"flow_dst_packets_processed":101,"flow_first_seen":1605291686985114,"flow_src_last_pkt_time":1605291698488081,"flow_dst_last_pkt_time":1605291698522640,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1168,"flow_dst_max_l4_payload_len":2333,"flow_src_tot_l4_payload_len":3956,"flow_dst_tot_l4_payload_len":41414,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":15,"flow_first_seen":1605291690373466,"flow_src_last_pkt_time":1605291690495529,"flow_dst_last_pkt_time":1605291690520905,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1020,"flow_dst_tot_l4_payload_len":4664,"midstream":0,"thread_ts_usec":1605291698785302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00576{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","packets-captured":11682,"packets-processed":11682,"total-skipped-flows":0,"total-l4-payload-len":10573423,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":59,"total-detection-updates":94,"total-updates":0,"current-active-flows":0,"total-active-flows":60,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":603,"global_ts_usec":1605291698785302}
+01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686035717,"flow_src_last_pkt_time":1605291686108927,"flow_dst_last_pkt_time":1605291686110087,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686110087,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01568{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":489,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686035717,"flow_src_last_pkt_time":1605291686108927,"flow_dst_last_pkt_time":1605291686110088,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686110088,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","tls": {"version":"TLSv1.2","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}}
+01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":495,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686035808,"flow_src_last_pkt_time":1605291686109012,"flow_dst_last_pkt_time":1605291686127575,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686127575,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":498,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686035833,"flow_src_last_pkt_time":1605291686109028,"flow_dst_last_pkt_time":1605291686128443,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686128443,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01568{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":499,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686035808,"flow_src_last_pkt_time":1605291686127595,"flow_dst_last_pkt_time":1605291686128443,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686128443,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","tls": {"version":"TLSv1.2","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}}
+01568{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":505,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686035833,"flow_src_last_pkt_time":1605291686128460,"flow_dst_last_pkt_time":1605291686128567,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686128567,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","tls": {"version":"TLSv1.2","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}}
+01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":507,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686035788,"flow_src_last_pkt_time":1605291686108978,"flow_dst_last_pkt_time":1605291686128567,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686128567,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01568{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":513,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686035788,"flow_src_last_pkt_time":1605291686128585,"flow_dst_last_pkt_time":1605291686129580,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686129580,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","tls": {"version":"TLSv1.2","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686084954,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686129581,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdELkPzEPbiYGyoBJXgE4hAAACBAV4AQMDAwQCCArC1zjcqXTmGA=="}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686084924,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686129581,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDvdaN0mUbYB0oBJXgO0tAAACBAV4AQMDAwQCCArC1zjbqXTmGA=="}
+01295{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":518,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686035852,"flow_src_last_pkt_time":1605291686109044,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686129581,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1605291686129607,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686129607,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJgbK5D8xEgBAB+9IFAAABAQgKqXTmRcLXONw="}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1605291686129611,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686129611,"pkt":"qtsDr8lk5EKm5WPyht1gBTHMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3Q4Bu5RtgHT3WjdKgBAB+3ESAAABAQgKqXTmRcLXONs="}
+01227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1605291686129954,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291686129954,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJgbK5D8xEgBgB+3f+AAABAQgKqXTmRcLXONwWAwECAAEAAfwDA9erSYCt3PYYZEktL7MJcpGlYIX2xYNgs1\/AtKvB7xt0IOR+LE0dhUbDAJPbNSHJ7ZIObTOEyDbEgQFzR3Tqo8K3ACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNaWgAAAAAAGgAYAAAVZW1vamkucmVkZGl0bWVkaWEuY29tABcAAP8BAAEAAAoACgAIiooAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmKigABAAAdACA5IMr2gd92bNdZoVSKNUS0n14cDWaYPOFRO\/ISsXyZWAAtAAIBAQArAAsKOjoDBAMDAwIDAQAbAAMCAAI6OgABAAAVAMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01213{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686084954,"flow_src_last_pkt_time":1605291686129954,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686129954,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1605291686130302,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291686130302,"pkt":"qtsDr8lk5EKm5WPyht1gBTHMAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3Q4Bu5RtgHT3WjdKgBgB+\/3uAAABAQgKqXTmRsLXONsWAwECAAEAAfwDA4GdOggSfHPw+AY29Rg\/SPpX1EvYgag3sKMDz0p3DP7TIO0fmepycQbGXW2mLDxW3tcA\/yME9vaj7LwCLtdTp4PsACBaWhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZN6egAAAAAAGgAYAAAVZW1vamkucmVkZGl0bWVkaWEuY29tABcAAP8BAAEAAAoACgAIGhoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkaGgABAAAdACDCTo9dia+yCi8f0GaLNc2V6H3a5\/JGRsJBcmD\/97c\/aQAtAAIBAQArAAsKOjoDBAMDAwIDAQAbAAMCAAK6ugABAAAVAMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01213{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":525,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686084924,"flow_src_last_pkt_time":1605291686130302,"flow_dst_last_pkt_time":1605291686129581,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686130302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686099717,"flow_dst_last_pkt_time":1605291686137679,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686137679,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdABmbR4Z8rX95gBALME5BAAABAQgKwtc44ql05ic="}
+01569{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":532,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1605291686035852,"flow_src_last_pkt_time":1605291686137695,"flow_dst_last_pkt_time":1605291686137882,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686137882,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.redditstatic.com","tls": {"version":"TLSv1.2","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686099570,"flow_dst_last_pkt_time":1605291686137883,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686137883,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdAmJL0E0Gjp0kgBALMNU7AAABAQgKwtc44ql05ic="}
+01297{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":538,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686060652,"flow_src_last_pkt_time":1605291686099570,"flow_dst_last_pkt_time":1605291686137884,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686137884,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01581{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":551,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686060652,"flow_src_last_pkt_time":1605291686137929,"flow_dst_last_pkt_time":1605291686138254,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686138254,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}}
+01297{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":568,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686060634,"flow_src_last_pkt_time":1605291686099717,"flow_dst_last_pkt_time":1605291686138281,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686138281,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01581{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":570,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1605291686060634,"flow_src_last_pkt_time":1605291686099717,"flow_dst_last_pkt_time":1605291686138281,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686138281,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686099811,"flow_dst_last_pkt_time":1605291686138302,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686138302,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc\/oyw49TvcdbcgBALMHS1AAABAQgKwtc45Kl05ic="}
+01297{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":677,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686060608,"flow_src_last_pkt_time":1605291686099811,"flow_dst_last_pkt_time":1605291686141552,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686141552,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686100889,"flow_dst_last_pkt_time":1605291686141552,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686141552,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBGVsk6YAYOGSgBALMNB1AAABAQgKwtc466l05ig="}
+01297{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":683,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686060669,"flow_src_last_pkt_time":1605291686100889,"flow_dst_last_pkt_time":1605291686141731,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686141731,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01581{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":685,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686060608,"flow_src_last_pkt_time":1605291686141570,"flow_dst_last_pkt_time":1605291686141731,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686141731,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686100785,"flow_dst_last_pkt_time":1605291686141909,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686141909,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBugO8IiJd61ngBALMJwEAAABAQgKwtc46al05ig="}
+01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":693,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686064532,"flow_src_last_pkt_time":1605291686100785,"flow_dst_last_pkt_time":1605291686141910,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686141910,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01550{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":697,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686064532,"flow_src_last_pkt_time":1605291686141956,"flow_dst_last_pkt_time":1605291686142640,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686142640,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","tls": {"version":"TLSv1.2","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}}}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686100989,"flow_dst_last_pkt_time":1605291686144251,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686144251,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCGPwRcYBxWgngBALMJfQAAABAQgKwtc476l05ig="}
+01581{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":710,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291686060669,"flow_src_last_pkt_time":1605291686143310,"flow_dst_last_pkt_time":1605291686144252,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686144252,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686101082,"flow_dst_last_pkt_time":1605291686144252,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686144252,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCnzgy8cZci+BgBALMBnUAAABAQgKwtc48Kl05ik="}
+01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":714,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686064563,"flow_src_last_pkt_time":1605291686100989,"flow_dst_last_pkt_time":1605291686144351,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686144351,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01550{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":719,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686064563,"flow_src_last_pkt_time":1605291686144359,"flow_dst_last_pkt_time":1605291686145060,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686145060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","tls": {"version":"TLSv1.2","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}}}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686103163,"flow_dst_last_pkt_time":1605291686145061,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686145061,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDA6Vo\/ls46ULgBALMObsAAABAQgKwtc48al05is="}
+01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":733,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686064586,"flow_src_last_pkt_time":1605291686146132,"flow_dst_last_pkt_time":1605291686146916,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686146916,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01550{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":735,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686064586,"flow_src_last_pkt_time":1605291686146132,"flow_dst_last_pkt_time":1605291686146919,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686146919,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","tls": {"version":"TLSv1.2","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}}}
+01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":747,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605291686064604,"flow_src_last_pkt_time":1605291686146162,"flow_dst_last_pkt_time":1605291686148836,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686148836,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01550{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":750,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686064604,"flow_src_last_pkt_time":1605291686146162,"flow_dst_last_pkt_time":1605291686148836,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686148836,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"preview.redd.it","tls": {"version":"TLSv1.2","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}}}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":764,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686129954,"flow_dst_last_pkt_time":1605291686180561,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686180561,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdELkPzETbiYO3gBALMMaaAAABAQgKwtc5Dal05kU="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686130302,"flow_dst_last_pkt_time":1605291686180589,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686180589,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDvdaN0qUbYJ5gBALMGWmAAABAQgKwtc5DKl05kY="}
+01296{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":766,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686084954,"flow_src_last_pkt_time":1605291686129954,"flow_dst_last_pkt_time":1605291686182404,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686182404,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01580{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":768,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1605291686084954,"flow_src_last_pkt_time":1605291686129954,"flow_dst_last_pkt_time":1605291686182405,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686182405,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}}
+01296{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":770,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686084924,"flow_src_last_pkt_time":1605291686130302,"flow_dst_last_pkt_time":1605291686182406,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686182406,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01580{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":777,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686084924,"flow_src_last_pkt_time":1605291686182436,"flow_dst_last_pkt_time":1605291686183890,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686183890,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}}
+01966{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":824,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605291686060652,"flow_src_last_pkt_time":1605291686199280,"flow_dst_last_pkt_time":1605291686201936,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1550,"flow_dst_tot_l4_payload_len":9238,"midstream":0,"thread_ts_usec":1605291686201936,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9029.4,"max":48292,"stddev":15572.2,"var":242494768.0,"ent":3.2,"data": [38700,38720,198,38531,1,38345,41,14,329,0,334,4,2216,2804,187,210,6465,48292,2910,39329,6844,2704,1,9551,251,801,2129,0,0,1,0]},"pktlen": {"min":72,"avg":409.6,"max":1120,"stddev":435.5,"var":189657.0,"ent":4.2,"data": [80,80,72,589,72,1120,72,1120,72,1120,602,72,72,165,171,436,468,115,72,330,72,72,72,138,72,110,72,1120,1120,1120,1120,1120]},"bins": {"c_to_s": [8,2,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1,1,1,1,1],"entropies": [4.734510422,5.203058243,5.273682594,4.560284615,5.139187336,6.919415474,5.273682594,7.320698738,5.273682594,7.355862617,7.598192215,5.301460266,5.301460266,6.043826580,6.386544228,7.400215149,7.219000340,5.771939278,5.139187336,7.067717552,5.190349579,5.055854321,5.055854321,6.171116352,5.245904922,5.665874481,5.111409664,7.825948715,7.822474480,7.825513840,7.821124554,7.834854126]}}
+01584{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":824,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605291686060652,"flow_src_last_pkt_time":1605291686199280,"flow_dst_last_pkt_time":1605291686201936,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1550,"flow_dst_tot_l4_payload_len":9238,"midstream":0,"thread_ts_usec":1605291686201936,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"styles.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}}
+01952{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":955,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291686084954,"flow_src_last_pkt_time":1605291686233012,"flow_dst_last_pkt_time":1605291686233017,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1107,"flow_dst_tot_l4_payload_len":8188,"midstream":0,"thread_ts_usec":1605291686233017,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9552.3,"max":52464,"stddev":18854.0,"var":355471904.0,"ent":2.8,"data": [44627,44653,347,50980,1843,1,0,0,52464,10,3,2,2413,668,102,121,49031,1,45760,75,169,1186,0,1,1,1443,16,7,133,49,15]},"pktlen": {"min":72,"avg":363.0,"max":1120,"stddev":422.8,"var":178733.3,"ent":4.1,"data": [80,80,72,589,72,1120,1120,1120,602,72,72,72,72,165,171,389,153,72,330,72,72,72,138,72,1120,1118,72,72,72,1120,72,1120]},"bins": {"c_to_s": [11,0,2,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,0,1,1,1,1,1,1,0,0,0,1,0,1],"entropies": [4.907011986,5.354953289,5.301460266,4.552157402,5.139187336,6.938700199,7.322981834,7.354511738,7.534717083,5.245904922,5.218127251,5.245904922,5.273682594,6.089848042,6.412801743,7.335155964,6.124976635,5.139187336,7.085140228,5.273682594,5.111409664,5.028076649,6.191080093,5.111409664,7.845114708,7.817538738,5.273682594,5.245904922,5.263197899,7.819205284,5.245904922,7.795106411]}}
+01583{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":955,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291686084954,"flow_src_last_pkt_time":1605291686233012,"flow_dst_last_pkt_time":1605291686233017,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1107,"flow_dst_tot_l4_payload_len":8188,"midstream":0,"thread_ts_usec":1605291686233017,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"emoji.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}}
+00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":993,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291686301196,"flow_src_last_pkt_time":1605291686301196,"flow_dst_last_pkt_time":1605291686301196,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686301196,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":993,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1605291686301196,"flow_dst_last_pkt_time":1605291686301196,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686301196,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3ML0AAAAAoAL9IDDZAAACBAWgBAIICql05vEAAAAAAQMDBw=="}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":994,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686301196,"flow_dst_last_pkt_time":1605291686327034,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686327034,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdEkHBFWUkNzC+oBJXgILuAAACBAV4AQMDAwQCCArC1zmoqXTm8Q=="}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":995,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1605291686327076,"flow_dst_last_pkt_time":1605291686327034,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686327076,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3ML5BwRVmgBAB+wbmAAABAQgKqXTnC8LXOag="}
+01226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":996,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1605291686327471,"flow_dst_last_pkt_time":1605291686327034,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291686327471,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3ML5BwRVmgBgB+6IBAAABAQgKqXTnC8LXOagWAwECAAEAAfwDA3fQE2bFMSg9V0ArEx1DsWJIv73oxXvB9GJfjd2ybJfQIFrXxaRDJ9lBszDg6UwzwOQonUBDW8zTTtfnwcTvyt2MACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMqKgAAAAAAHQAbAAAYYi50aHVtYnMucmVkZGl0bWVkaWEuY29tABcAAP8BAAEAAAoACgAISkoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClKSgABAAAdACBQ4ydRyS\/5f7HpSvaHkgvC0msLXL39ObHQFVtCoyAcOQAtAAIBAQArAAsKenoDBAMDAwIDAQAbAAMCAAKamgABAAAVAMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":996,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686301196,"flow_src_last_pkt_time":1605291686327471,"flow_dst_last_pkt_time":1605291686327034,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686327471,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"b.thumbs.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":997,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1605291686327471,"flow_dst_last_pkt_time":1605291686393401,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291686393401,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdEkHBFWYkNzLDgBALMPtvAAABAQgKwtc55Kl05ws="}
+01299{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":998,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686301196,"flow_src_last_pkt_time":1605291686327471,"flow_dst_last_pkt_time":1605291686419456,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291686419456,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"b.thumbs.redditmedia.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01605{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1001,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291686301196,"flow_src_last_pkt_time":1605291686419467,"flow_dst_last_pkt_time":1605291686420291,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291686420291,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"b.thumbs.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.thumbs.redditmedia.com,thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.thumbs.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:F4:6C:CF:D6:FD:64:3E:50:17:A2:DE:B0:F2:B6:9B:76:59:C6:75"}}}
+01948{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1024,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291686301196,"flow_src_last_pkt_time":1605291686469619,"flow_dst_last_pkt_time":1605291686468646,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1078,"flow_dst_tot_l4_payload_len":8227,"midstream":0,"thread_ts_usec":1605291686469619,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":10834.6,"max":91996,"stddev":22155.6,"var":490868928.0,"ent":2.8,"data": [25838,25880,395,66367,26055,91996,835,0,0,829,7,4,1579,121,254,42141,1,1,6209,0,2,0,0,1,46395,10,6,2,1,4,940]},"pktlen": {"min":72,"avg":363.3,"max":1120,"stddev":424.0,"var":179781.3,"ent":4.1,"data": [80,80,72,589,72,1120,72,1120,1120,623,72,72,72,165,171,403,72,72,72,346,138,1120,1120,1120,1120,72,72,72,72,72,72,110]},"bins": {"c_to_s": [12,1,1,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0],"entropies": [4.907011986,5.304953098,5.301460266,4.568593025,5.139187336,6.968538761,5.258596897,7.334045410,7.344312668,7.577483654,5.301460266,5.329237938,5.301460266,6.086132526,6.472829342,7.337939262,5.128702641,5.166965008,5.166965008,7.241396427,6.241778851,7.834823132,7.795830250,7.800470352,7.816886902,5.273682594,5.301460266,5.273682594,5.329237938,5.301460266,5.329237938,5.684057236]}}
+01608{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1024,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291686301196,"flow_src_last_pkt_time":1605291686469619,"flow_dst_last_pkt_time":1605291686468646,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1078,"flow_dst_tot_l4_payload_len":8227,"midstream":0,"thread_ts_usec":1605291686469619,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"b.thumbs.redditmedia.com","tls": {"version":"TLSv1.2","server_names":"*.thumbs.redditmedia.com,thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.thumbs.redditmedia.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:F4:6C:CF:D6:FD:64:3E:50:17:A2:DE:B0:F2:B6:9B:76:59:C6:75"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1028,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291686985114,"flow_src_last_pkt_time":1605291686985114,"flow_dst_last_pkt_time":1605291686985114,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686985114,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1028,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1605291686985114,"flow_dst_last_pkt_time":1605291686985114,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686985114,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duD88AAAAAoAL9IJsfAAACBAWgBAIIClRf4AwAAAAAAQMDBw=="}
+00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1029,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291686985710,"flow_src_last_pkt_time":1605291686985710,"flow_dst_last_pkt_time":1605291686985710,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686985710,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1029,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1605291686985710,"flow_dst_last_pkt_time":1605291686985710,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686985710,"pkt":"qtsDr8lk5EKm5WPyht1gDjDtACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAN+SHGqeQBu3kB4hEAAAAAoAL9ICE+AAACBAWgBAIICkv6YkkAAAAAAQMDBw=="}
+00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1030,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291686996891,"flow_src_last_pkt_time":1605291686996891,"flow_dst_last_pkt_time":1605291686996891,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686996891,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1605291686996891,"flow_dst_last_pkt_time":1605291686996891,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686996891,"pkt":"qtsDr8lk5EKm5WPyht1gCh2fACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7O2lbABu20FmjEAAAAAoAL9ILJdAAACBAWgBAIICnOjJUYAAAAAAQMDBw=="}
+00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686985114,"flow_dst_last_pkt_time":1605291687016591,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687016591,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHENPm6q63bg\/QoBJXgIMUAAACBAV4AQMDAwQCCArC1zxZVF\/gDA=="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687016621,"flow_dst_last_pkt_time":1605291687016591,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687016621,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duD9DT5uqvgBAB+wcHAAABAQgKVF\/gK8LXPFk="}
+01232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687016854,"flow_dst_last_pkt_time":1605291687016591,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687016854,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duD9DT5uqvgBgB+0cnAAABAQgKVF\/gK8LXPFkWAwECAAEAAfwDA2TZVj7uQEkCD0qaduyi4bmVPP7zAKvO9+7Wlc8AMGeTIIS\/CXAHw3XUf20VSt6oh4Hf\/WTHeXksbYFJmbfF89a\/ACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAHgAcAAAZd3d3Lmdvb2dsZXRhZ3NlcnZpY2VzLmNvbQAXAAD\/AQABAAAKAAoACDo6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApOjoAAQAAHQAgYKiZy5yb0i6Knp9i3yjCivd+Ief6i7v0\/AghN6n2uzkALQACAQEAKwALCoqKAwQDAwMCAwEAGwADAgAC2toAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686985114,"flow_src_last_pkt_time":1605291687016854,"flow_dst_last_pkt_time":1605291687016591,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687016854,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1034,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686996891,"flow_dst_last_pkt_time":1605291687024247,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687024247,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGhTs7YqAcsBIEmLB5kd7IUo3\/YpAbuVsAnf\/VJtBZoyoBJXgFGuAAACBAV4AQMDAwQCCArC1zxhc6MlRg=="}
+00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1035,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686985710,"flow_dst_last_pkt_time":1605291687024248,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687024248,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAA35IcYqAcsBIEmLB5kd7IUo3\/YpAbup5BqPq4R5AeISoBJXgAGtAAACBAV4AQMDAwQCCArC1zxhS\/piSQ=="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1036,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687024307,"flow_dst_last_pkt_time":1605291687024247,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687024307,"pkt":"qtsDr8lk5EKm5WPyht1gCh2fACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7O2lbABu20FmjIJ3\/1TgBAB+9WjAAABAQgKc6MlYsLXPGE="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1037,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687024329,"flow_dst_last_pkt_time":1605291687024248,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687024329,"pkt":"qtsDr8lk5EKm5WPyht1gDjDtACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAN+SHGqeQBu3kB4hIaj6uFgBAB+4WXAAABAQgKS\/picMLXPGE="}
+01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1038,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687024606,"flow_dst_last_pkt_time":1605291687024247,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687024606,"pkt":"qtsDr8lk5EKm5WPyht1gCh2fAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7O2lbABu20FmjIJ3\/1TgBgB+\/A6AAABAQgKc6MlYsLXPGEWAwECAAEAAfwDA+eYPrfbBZwgBAyXsXNv1wHXo8qtfbtTLhb8K0WcNKMYICPAGuufUOrjlYhZGNPMkbG+4utdfOiWk6+0nf\/wCDAKACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAEQAPAAAMYy5hYXhhZHMuY29tABcAAP8BAAEAAAoACgAICgoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkKCgABAAAdACDX5C\/1o+HW81YAOCcijSyF5B3qZmeI0oMefLtlAIvWHQAtAAIBAQArAAsKysoDBAMDAwIDAQAbAAMCAAIaGgABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01185{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1038,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686996891,"flow_src_last_pkt_time":1605291687024606,"flow_dst_last_pkt_time":1605291687024247,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687024606,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"c.aaxads.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1039,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687024727,"flow_dst_last_pkt_time":1605291687024248,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687024727,"pkt":"qtsDr8lk5EKm5WPyht1gDjDtAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAN+SHGqeQBu3kB4hIaj6uFgBgB+4vHAAABAQgKS\/picMLXPGEWAwECAAEAAfwDA5a9I0DX\/RoLLAwCTlolT1w7O+Tvbm6bAwmHB\/Gzvv4KIKCfkVZBs7YxSZgdkLoG0zKZeHzoKc6I+SIaE11zlfvtACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZM6OgAAAAAAGgAYAAAVYy5hbWF6b24tYWRzeXN0ZW0uY29tABcAAP8BAAEAAAoACgAI+voAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACn6+gABAAAdACC3JhULSj7xGhtoU9gOb9OIs2MhB9H2Fq8bhGiDmIiZGgAtAAIBAQArAAsKmpoDBAMDAwIDAQAbAAMCAAIqKgABAAAVAMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1039,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686985710,"flow_src_last_pkt_time":1605291687024727,"flow_dst_last_pkt_time":1605291687024248,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687024727,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"c.amazon-adsystem.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1040,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687016854,"flow_dst_last_pkt_time":1605291687053426,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687053426,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHENPm6q+3bhHVgBALMPumAAABAQgKwtc8f1Rf4Cs="}
+01274{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1041,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686985114,"flow_src_last_pkt_time":1605291687016854,"flow_dst_last_pkt_time":1605291687060476,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291687060476,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1047,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687024606,"flow_dst_last_pkt_time":1605291687061560,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687061560,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGhTs7YqAcsBIEmLB5kd7IUo3\/YpAbuVsAnf\/VNtBZw3gBALMMpCAAABAQgKwtc8iHOjJWI="}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1048,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687024727,"flow_dst_last_pkt_time":1605291687061560,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687061560,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAA35IcYqAcsBIEmLB5kd7IUo3\/YpAbup5BqPq4V5AeQXgBALMHo2AAABAQgKwtc8iEv6YnA="}
+01255{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1052,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686985710,"flow_src_last_pkt_time":1605291687024727,"flow_dst_last_pkt_time":1605291687075726,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291687075726,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"c.amazon-adsystem.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01230{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1065,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686996891,"flow_src_last_pkt_time":1605291687024606,"flow_dst_last_pkt_time":1605291687096859,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291687096859,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"c.aaxads.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+02172{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1097,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291686985114,"flow_src_last_pkt_time":1605291687110047,"flow_dst_last_pkt_time":1605291687110135,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":965,"flow_dst_tot_l4_payload_len":10234,"midstream":0,"thread_ts_usec":1605291687110135,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8063.0,"max":43636,"stddev":14163.2,"var":200595904.0,"ent":3.1,"data": [31477,31507,233,36835,7050,0,43636,16,599,576,2431,165,135,37718,689,1069,36764,111,89,22,531,8580,9121,90,75,174,0,158,5,98,0]},"pktlen": {"min":72,"avg":422.5,"max":1280,"stddev":490.0,"var":240053.7,"ent":4.1,"data": [80,80,72,589,72,1280,1280,72,72,533,72,136,164,333,72,72,652,72,103,72,103,72,778,72,1280,72,1280,1280,72,72,1280,1280]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,0,1,0,0,1,1,0,1,0,1,1,0,0,1,1],"entropies": [4.794175148,5.301737785,5.137723446,4.609352589,5.163392067,7.822265148,7.828993320,5.193279266,5.193279266,7.574356556,5.165501595,6.187675953,6.451539040,7.193062782,5.135614395,5.135614395,7.646523952,5.182794571,5.842692375,5.165501595,5.903290272,5.163392067,7.712309837,5.193279266,7.843823910,5.165501595,7.846527100,7.838549614,5.193279266,5.165501118,7.822370052,7.826137066]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01949{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1119,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291686985710,"flow_src_last_pkt_time":1605291687112023,"flow_dst_last_pkt_time":1605291687112006,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":962,"flow_dst_tot_l4_payload_len":11490,"midstream":0,"thread_ts_usec":1605291687112023,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8148.7,"max":51019,"stddev":15066.4,"var":226995168.0,"ent":3.0,"data": [38538,38619,398,37312,14166,1,0,0,1,51019,20,3,2,2,2408,107,140,31274,2,1645,1,30239,111,3355,1,0,0,3233,8,2,2]},"pktlen": {"min":72,"avg":461.6,"max":1460,"stddev":586.5,"var":343946.1,"ent":4.0,"data": [80,80,72,589,72,1460,1460,1460,1460,387,72,72,72,72,72,136,164,330,72,72,72,143,72,103,1460,1460,1460,1460,72,72,72,72]},"bins": {"c_to_s": [13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,0,0,1,1,1,1,0,0,0,0],"entropies": [4.836891651,5.211080551,5.205674171,4.514605999,5.057240963,7.814661026,7.847680092,7.865528107,7.842185020,7.380033970,5.243936539,5.243936539,5.155763149,5.188381195,5.132825851,6.139283180,6.518441677,7.254546165,5.029463291,5.029463291,5.057240963,6.252353668,5.243936539,5.873327255,7.877524853,7.827719688,7.871821880,7.839930534,5.243936539,5.243936539,5.271714211,5.271714211]}}
+01258{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1119,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291686985710,"flow_src_last_pkt_time":1605291687112023,"flow_dst_last_pkt_time":1605291687112006,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":962,"flow_dst_tot_l4_payload_len":11490,"midstream":0,"thread_ts_usec":1605291687112023,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"c.amazon-adsystem.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+02142{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1173,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605291686996891,"flow_src_last_pkt_time":1605291687186026,"flow_dst_last_pkt_time":1605291687186023,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":998,"flow_dst_tot_l4_payload_len":10536,"midstream":0,"thread_ts_usec":1605291687186026,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":12202.2,"max":72269,"stddev":18508.9,"var":342577632.0,"ent":3.4,"data": [27356,27416,299,37313,35299,1,0,72269,38,3,2523,128,130,31242,0,2117,15088,1,0,45626,28,24,154,29754,10263,39831,697,0,0,1,666]},"pktlen": {"min":72,"avg":432.9,"max":1460,"stddev":553.5,"var":306346.9,"ent":4.0,"data": [80,80,72,589,72,1460,1460,310,72,72,72,152,164,350,72,72,72,343,343,142,72,72,72,103,72,1460,72,1445,1460,1445,1460,72]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,1,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,5,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,1,0,1,1,1,1,0],"entropies": [4.857011795,5.304952145,5.190349579,4.366506100,5.111409664,7.825345039,7.835193157,7.203350067,5.273682594,5.245904922,5.245904922,6.284915447,6.470990181,7.367970467,5.111409664,5.139187336,5.055853844,7.210521698,7.280154705,6.282705784,5.207642555,5.273682594,5.245904922,5.913538456,5.139187336,7.867059231,5.245904922,7.855923176,7.844721794,7.856983662,7.858796120,5.273682594]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1270,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687485783,"flow_src_last_pkt_time":1605291687485783,"flow_dst_last_pkt_time":1605291687485783,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687485783,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1270,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1605291687485783,"flow_dst_last_pkt_time":1605291687485783,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687485783,"pkt":"qtsDr8lk5EKm5WPyht1gDGJhACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACs2RLCx1IBu5\/PXZ4AAAAAoAL9IP2VAAACBAWgBAIICruOxrcAAAAAAQMDBw=="}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687485783,"flow_dst_last_pkt_time":1605291687512994,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687512994,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAKzZEsIqAcsBIEmLB5kd7IUo3\/YpAbvHUvrRnoyfz12foBJXgAjWAAACBAV4AQMDAwQCCArC1z5Fu47Gtw=="}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687513017,"flow_dst_last_pkt_time":1605291687512994,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687513017,"pkt":"qtsDr8lk5EKm5WPyht1gDGJhACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACs2RLCx1IBu5\/PXZ\/60Z6NgBAB+4zMAAABAQgKu47G0sLXPkU="}
+01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1274,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687513279,"flow_dst_last_pkt_time":1605291687512994,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687513279,"pkt":"qtsDr8lk5EKm5WPyht1gDGJhAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACs2RLCx1IBu5\/PXZ\/60Z6NgBgB+yruAAABAQgKu47G08LXPkUWAwECAAEAAfwDA8gKXcgEK+eLAD0eAVBdxP494QtA9Q6J19dpsrnIF6s\/IJFjz4OkKAOopoyn1vDuvI+kyb3ehZCReTI9qtpTfphWACBKShMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAIwAhAAAec2VjdXJlcHViYWRzLmcuZG91YmxlY2xpY2submV0ABcAAP8BAAEAAAoACgAIKioAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkqKgABAAAdACCM+kww4XBsO9uZgHbtPEkxRf\/Li4AsKAzJSNegqbyUJAAtAAIBAQArAAsKGhoDBAMDAwIDAQAbAAMCAAJqagABAAAVAL4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687485783,"flow_src_last_pkt_time":1605291687513279,"flow_dst_last_pkt_time":1605291687512994,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687513279,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"securepubads.g.doubleclick.net","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1275,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687514756,"flow_src_last_pkt_time":1605291687514756,"flow_dst_last_pkt_time":1605291687514756,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687514756,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1605291687514756,"flow_dst_last_pkt_time":1605291687514756,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687514756,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2N5MAAAAAoAL9IOSoAAACBAWgBAIICiRA7pIAAAAAAQMDBw=="}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1279,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687513279,"flow_dst_last_pkt_time":1605291687545133,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687545133,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAKzZEsIqAcsBIEmLB5kd7IUo3\/YpAbvHUvrRno2fz1+kgBALMIFtAAABAQgKwtc+abuOxtM="}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1280,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687514756,"flow_dst_last_pkt_time":1605291687545133,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687545133,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleJ0qAcsBIEmLB5kd7IUo3\/YpAbu8cGxxKx0ItjeUoBJXgPGUAAACBAV4AQMDAwQCCArC1z5pJEDukg=="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687545171,"flow_dst_last_pkt_time":1605291687545133,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687545171,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2N5RscSsegBAB+3WHAAABAQgKJEDuscLXPmk="}
+01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1284,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687545503,"flow_dst_last_pkt_time":1605291687545133,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687545503,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2N5RscSsegBgB+1xOAAABAQgKJEDuscLXPmkWAwECAAEAAfwDA6sAiYRVVUdNeU6qgV+6RMsMCIZAzjq+68NrjIRzdTDzIH6Nje53IGXhSc03yuiyvZsWos5mhh1w53jt4PUlCtOeACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAGQAXAAAUcGxhdGZvcm0udHdpdHRlci5jb20AFwAA\/wEAAQAACgAKAAjKygAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKcrKAAEAAB0AIAjq9VoWgWPxpcjAD3ywxiF\/9WPMGppuo1idcmIeMRgoAC0AAgEBACsACwq6ugMEAwMDAgMBABsAAwIAAgoKAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1284,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687514756,"flow_src_last_pkt_time":1605291687545503,"flow_dst_last_pkt_time":1605291687545133,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687545503,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"platform.twitter.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01277{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1285,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687485783,"flow_src_last_pkt_time":1605291687513279,"flow_dst_last_pkt_time":1605291687552593,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291687552593,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"securepubads.g.doubleclick.net","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1295,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687545503,"flow_dst_last_pkt_time":1605291687592583,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687592583,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleJ0qAcsBIEmLB5kd7IUo3\/YpAbu8cGxxKx4ItjmZgBALMGodAAABAQgKwtc+mSRA7rE="}
+01297{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1305,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687514756,"flow_src_last_pkt_time":1605291687545503,"flow_dst_last_pkt_time":1605291687606576,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291687606576,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"platform.twitter.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01623{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1313,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291687514756,"flow_src_last_pkt_time":1605291687606628,"flow_dst_last_pkt_time":1605291687606672,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291687606672,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"platform.twitter.com","tls": {"version":"TLSv1.2","server_names":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=Twitter Security, CN=platform.twitter.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"2B:30:10:3B:07:2F:F2:EB:3D:08:E3:BB:45:61:F7:A3:9F:4C:A7:92"}}}
+02165{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1320,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291687485783,"flow_src_last_pkt_time":1605291687606682,"flow_dst_last_pkt_time":1605291687608302,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":978,"flow_dst_tot_l4_payload_len":10865,"midstream":0,"thread_ts_usec":1605291687608302,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7852.2,"max":49462,"stddev":14324.2,"var":205184016.0,"ent":3.1,"data": [27211,27234,262,32139,7460,39332,541,0,528,9,1876,115,75,39448,325,0,11758,0,49462,14,229,1909,2,0,1682,24,5,95,52,1631,0]},"pktlen": {"min":72,"avg":442.6,"max":1460,"stddev":558.6,"var":312025.4,"ent":4.0,"data": [80,80,72,589,72,1460,72,1460,174,72,72,136,164,346,72,72,72,652,103,72,72,103,508,1460,1460,72,72,72,1460,72,1460,1460]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0,0,0,1,0,1,1],"entropies": [4.882011414,5.229951859,5.245904922,4.668323040,5.111409664,7.823575497,5.218127251,7.840838909,6.577263832,5.273682594,5.245904922,6.141845703,6.526543617,7.249311924,5.028076172,5.028076649,5.028076172,7.620381832,5.685565948,5.134794235,5.107016563,5.797031403,7.461103439,7.863368988,7.879219532,5.218127251,5.218127251,5.218127251,7.865433216,5.218127251,7.849226475,7.844064713]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
+01956{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1380,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291687514756,"flow_src_last_pkt_time":1605291687641122,"flow_dst_last_pkt_time":1605291687641103,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1012,"flow_dst_tot_l4_payload_len":8292,"midstream":0,"thread_ts_usec":1605291687641122,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8152.0,"max":61125,"stddev":15844.6,"var":251049776.0,"ent":2.9,"data": [30377,30415,332,47450,13993,61125,95,1,0,49,10,2,3286,115,139,30628,2061,91,0,29231,1271,1309,181,374,3,2,1,161,6,3,2]},"pktlen": {"min":72,"avg":363.2,"max":1120,"stddev":425.8,"var":181298.7,"ent":4.1,"data": [80,80,72,589,72,1120,72,1120,1120,704,72,72,72,165,171,337,72,72,72,330,72,138,72,110,1120,1120,1120,1120,72,72,72,72]},"bins": {"c_to_s": [12,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,1,1,1,1,0,1,0,0,1,1,1,1,0,0,0,0],"entropies": [4.882011890,5.254952908,5.245904922,4.537001133,5.045369625,6.921907902,5.119708538,7.178970814,7.321282864,7.568989754,5.190349579,5.162571907,5.096531868,5.980709553,6.354322433,7.210721493,5.083631516,5.139187336,5.111409664,7.047548294,5.218127251,6.254519463,5.162571907,5.573678017,7.803915977,7.831707001,7.839641571,7.817306042,5.245904922,5.245904922,5.245904922,5.245904922]}}
+01626{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1380,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291687514756,"flow_src_last_pkt_time":1605291687641122,"flow_dst_last_pkt_time":1605291687641103,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1012,"flow_dst_tot_l4_payload_len":8292,"midstream":0,"thread_ts_usec":1605291687641122,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"platform.twitter.com","tls": {"version":"TLSv1.2","server_names":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=Twitter Security, CN=platform.twitter.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"2B:30:10:3B:07:2F:F2:EB:3D:08:E3:BB:45:61:F7:A3:9F:4C:A7:92"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1383,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687642048,"flow_src_last_pkt_time":1605291687642048,"flow_dst_last_pkt_time":1605291687642048,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687642048,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1383,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1605291687642048,"flow_dst_last_pkt_time":1605291687642048,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687642048,"pkt":"qtsDr8lk5EKm5WPyht1gDI7+ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAImmABu4PHuxgAAAAAoAL9IGTNAAACBAWgBAIICsL4XLwAAAAAAQMDBw=="}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1465,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687642048,"flow_dst_last_pkt_time":1605291687676357,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687676357,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAgqAcsBIEmLB5kd7IUo3\/YpAbuaYOcfuuGDx7sZoBJXgGbFAAACBAV4AQMDAwQCCArC1z7qwvhcvA=="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1466,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687676396,"flow_dst_last_pkt_time":1605291687676357,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687676396,"pkt":"qtsDr8lk5EKm5WPyht1gDI7+ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAImmABu4PHuxnnH7rigBAB++qzAAABAQgKwvhc38LXPuo="}
+01226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1468,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687678071,"flow_dst_last_pkt_time":1605291687676357,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687678071,"pkt":"qtsDr8lk5EKm5WPyht1gDI7+AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAImmABu4PHuxnnH7rigBgB+7zOAAABAQgKwvhc4MLXPuoWAwECAAEAAfwDA2DQ5OxREVO95xl1cBrII9zoe+SeXEyLTL2RY3d38wEfIDXqjNmx1LhM5R6ahoCjZqYoEOLjS9cTu1r8mF5O4+z+ACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMaGgAAAAAAHQAbAAAYd3d3Lmdvb2dsZXRhZ21hbmFnZXIuY29tABcAAP8BAAEAAAoACgAIamoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClqagABAAAdACC7Hzx8NSeckRnAno888LeBaZNAd1ZxsSahddbprKYQMwAtAAIBAQArAAsK6uoDBAMDAwIDAQAbAAMCAAIKCgABAAAVAMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01228{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1468,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687642048,"flow_src_last_pkt_time":1605291687678071,"flow_dst_last_pkt_time":1605291687676357,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687678071,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1474,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687678071,"flow_dst_last_pkt_time":1605291687714410,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687714410,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAgqAcsBIEmLB5kd7IUo3\/YpAbuaYOcfuuKDx70egBALMN9QAAABAQgKwtc\/EsL4XOA="}
+01273{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1476,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687642048,"flow_src_last_pkt_time":1605291687678071,"flow_dst_last_pkt_time":1605291687721930,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291687721930,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1500,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687761761,"flow_src_last_pkt_time":1605291687761761,"flow_dst_last_pkt_time":1605291687761761,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687761761,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1500,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1605291687761761,"flow_dst_last_pkt_time":1605291687761761,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687761761,"pkt":"qtsDr8lk5EKm5WPyht1gCTrZACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7PRgMoBuzRK2bcAAAAAoAL9IFSZAAACBAWgBAIIClvEqOkAAAAAAQMDBw=="}
+02169{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1511,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291687642048,"flow_src_last_pkt_time":1605291687769797,"flow_dst_last_pkt_time":1605291687770512,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":967,"flow_dst_tot_l4_payload_len":10018,"midstream":0,"thread_ts_usec":1605291687770512,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8264.9,"max":43870,"stddev":14337.0,"var":205550432.0,"ent":3.2,"data": [34309,34348,1675,38053,7520,1,0,43870,15,3,2990,179,332,37258,1,401,1,34144,24,176,2332,6921,9068,836,1,863,34,109,28,721,0]},"pktlen": {"min":72,"avg":415.8,"max":1280,"stddev":486.5,"var":236643.5,"ent":4.1,"data": [80,80,72,589,72,1280,1280,550,72,72,72,136,164,335,72,72,652,103,72,72,103,72,545,72,1280,1280,72,72,1280,72,1280,1280]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,1,1,0,1,1,0,0,1,0,1,1],"entropies": [4.845952988,5.276736736,5.138828754,4.602811337,5.041796684,7.803936958,7.832890034,7.552286625,5.166606426,5.194384098,5.194384098,6.037216187,6.610102654,7.276579857,5.041796684,5.041796684,7.656215668,5.660604000,5.183899403,5.183899403,5.788832664,5.069574356,7.590582848,5.222161770,7.845970631,7.817458153,5.222161770,5.222161770,7.842357159,5.222161770,7.846263409,7.836318970]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1531,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687761761,"flow_dst_last_pkt_time":1605291687790624,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687790624,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGhTs9EqAcsBIEmLB5kd7IUo3\/YpAbuAylJzVUg0Stm4oBJXgFBhAAACBAV4AQMDAwQCCArC1z9gW8So6Q=="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1532,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687790646,"flow_dst_last_pkt_time":1605291687790624,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687790646,"pkt":"qtsDr8lk5EKm5WPyht1gCTrZACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7PRgMoBuzRK2bhSc1VJgBAB+9RVAAABAQgKW8SpBsLXP2A="}
+01227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1533,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687790793,"flow_dst_last_pkt_time":1605291687790624,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687790793,"pkt":"qtsDr8lk5EKm5WPyht1gCTrZAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7PRgMoBuzRK2bhSc1VJgBgB+28mAAABAQgKW8SpBsLXP2AWAwECAAEAAfwDA36LmdTGhSoOn80oilyfPNGRp5C4BlBBz5Xd3jcwfMKTIAaF+rCsUiCOU8bqK7O8i4N8LINKpStTbOqmpKKpf9E2ACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNaWgAAAAAAFgAUAAARd3d3LmFheGRldGVjdC5jb20AFwAA\/wEAAQAACgAKAAgKCgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKQoKAAEAAB0AIH6hi26DByeZiCnUzyO1ln0CmgKVhjsp0romzaxtOzIVAC0AAgEBACsACwqKigMEAwMDAgMBABsAAwIAApqaAAEAABUAywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1533,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687761761,"flow_src_last_pkt_time":1605291687790793,"flow_dst_last_pkt_time":1605291687790624,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687790793,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.aaxdetect.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1538,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291687800179,"flow_dst_last_pkt_time":1605291687800179,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687800179,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1538,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1605291687800179,"flow_dst_last_pkt_time":1605291687800179,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687800179,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MN8MAAAAAoAL9IICJAAACBAWgBAIICk1+jVUAAAAAAQMDBw=="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1548,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687790793,"flow_dst_last_pkt_time":1605291687820314,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687820314,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGhTs9EqAcsBIEmLB5kd7IUo3\/YpAbuAylJzVUk0Stu9gBALMMj9AAABAQgKwtc\/flvEqQY="}
+00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687800179,"flow_dst_last_pkt_time":1605291687829410,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687829410,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1dXkT\/jDfEoBJXgChEAAACBAV4AQMDAwQCCArC1z+HTX6NVQ=="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687829478,"flow_dst_last_pkt_time":1605291687829410,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687829478,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MN8SdXV5FgBAB+6w4AAABAQgKTX6NcsLXP4c="}
+01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1569,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687829706,"flow_dst_last_pkt_time":1605291687829410,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687829706,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MN8SdXV5FgBgB+6QUAAABAQgKTX6NcsLXP4cWAwECAAEAAfwDAzHyJHiw4CvySm\/wmMZSj93xjRQIb\/7lSao6BEVVselnIDSsTTPKNSgpPqgoZjsi0To1XtuBv2kZEOLdyhUMYBkRACDKyhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZO6ugAAAAAAHAAaAAAXc3luZGljYXRpb24udHdpdHRlci5jb20AFwAA\/wEAAQAACgAKAAiqqgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKaqqAAEAAB0AINkx20sEA6mpd6uYYzNH4dLwnJuropRMU+claKQ8nqNoAC0AAgEBACsACwrKygMEAwMDAgMBABsAAwIAAkpKAAEAABUAxQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291687829706,"flow_dst_last_pkt_time":1605291687829410,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687829706,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"syndication.twitter.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1572,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687761761,"flow_src_last_pkt_time":1605291687790793,"flow_dst_last_pkt_time":1605291687852902,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291687852902,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.aaxdetect.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1581,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687829706,"flow_dst_last_pkt_time":1605291687858949,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687858949,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1dXkX\/jDnJgBALMKDhAAABAQgKwtc\/pE1+jXI="}
+00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1589,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687896532,"flow_src_last_pkt_time":1605291687896532,"flow_dst_last_pkt_time":1605291687896532,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687896532,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1589,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1605291687896532,"flow_dst_last_pkt_time":1605291687896532,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687896532,"pkt":"qtsDr8lk5EKm5WPyht1gD27HACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAieM+UmsoBu3fYetUAAAAAoAL9ICsYAAACBAWgBAIIClOdBf4AAAAAAQMDBw=="}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1599,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687931808,"flow_src_last_pkt_time":1605291687931808,"flow_dst_last_pkt_time":1605291687931808,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687931808,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1599,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1605291687931808,"flow_dst_last_pkt_time":1605291687931808,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687931808,"pkt":"qtsDr8lk5EKm5WPyht1gCkMmACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1k4Bu9FF0vYAAAAAoAL9ILpIAAACBAWgBAIICnCSuGYAAAAAAQMDBw=="}
+00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1600,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687896532,"flow_dst_last_pkt_time":1605291687932773,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687932773,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAACJ4z5QqAcsBIEmLB5kd7IUo3\/YpAbuayhO+xPN32HrWoBJXgPVcAAACBAV4AQMDAwQCCArC1z\/tU50F\/g=="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1601,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687932816,"flow_dst_last_pkt_time":1605291687932773,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687932816,"pkt":"qtsDr8lk5EKm5WPyht1gD27HACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAieM+UmsoBu3fYetYTvsT0gBAB+3lKAAABAQgKU50GIsLXP+0="}
+01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1602,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687933001,"flow_dst_last_pkt_time":1605291687932773,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687933001,"pkt":"qtsDr8lk5EKm5WPyht1gD27HAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAieM+UmsoBu3fYetYTvsT0gBgB+23VAAABAQgKU50GIsLXP+0WAwECAAEAAfwDAxJYusyWMNRYvoQ+T4tcugZ+135RcPMs1\/0JBeRbWLApILhMdGMSectfNYNoyEPWiVIYjZ7g96RKtpDC\/RD8oUA2ACBaWhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZN6egAAAAAAEQAPAAAMaWQucmxjZG4uY29tABcAAP8BAAEAAAoACgAIysoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACnKygABAAAdACC0arZ4rxNjn4Xd+ejLnNmuK7Q67NTZpqnUAPkLrcpuSgAtAAIBAQArAAsKWloDBAMDAwIDAQAbAAMCAALa2gABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01185{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1602,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687896532,"flow_src_last_pkt_time":1605291687933001,"flow_dst_last_pkt_time":1605291687932773,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687933001,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"id.rlcdn.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1603,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687933355,"flow_src_last_pkt_time":1605291687933355,"flow_dst_last_pkt_time":1605291687933355,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687933355,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1603,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1605291687933355,"flow_dst_last_pkt_time":1605291687933355,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687933355,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsACgGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6EoAAAAAoAL9IFfFAAACBAWgBAIICteKYnsAAAAAAQMDBw=="}
+00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1604,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687934638,"flow_src_last_pkt_time":1605291687934638,"flow_dst_last_pkt_time":1605291687934638,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687934638,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1604,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1605291687934638,"flow_dst_last_pkt_time":1605291687934638,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687934638,"pkt":"qtsDr8lk5EKm5WPyht1gA0MZACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAXNobxrOgBu0Y7yJAAAAAAoAL9ICibAAACBAWgBAIIClHJL\/gAAAAAAQMDBw=="}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1673,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687931808,"flow_dst_last_pkt_time":1605291687966627,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687966627,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvWTrVWRoTRRdL3oBJXgGFBAAACBAV4AQMDAwQCCArC10AQcJK4Zg=="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1674,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687966647,"flow_dst_last_pkt_time":1605291687966627,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687966647,"pkt":"qtsDr8lk5EKm5WPyht1gCkMmACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1k4Bu9FF0ve1VkaFgBAB++UvAAABAQgKcJK4icLXQBA="}
+01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1675,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687966872,"flow_dst_last_pkt_time":1605291687966627,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687966872,"pkt":"qtsDr8lk5EKm5WPyht1gCkMmAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1k4Bu9FF0ve1VkaFgBgB+zFNAAABAQgKcJK4icLXQBAWAwECAAEAAfwDA3WeIBLYdziEEn7QNz0OGHsUEusI6KY9\/RKF89EV1ileIBMHWJUBm+OFCD0sy0ylrulb4WElhpq\/dz7TuTzNb3wqACD6+hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAFAASAAAPd3d3LnlvdXR1YmUuY29tABcAAP8BAAEAAAoACgAIenoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACl6egABAAAdACBnIwLwO9uU6L4jUM5auBmPbrs7aOwSFobkFewcQ7OAAwAtAAIBAQArAAsKCgoDBAMDAwIDAQAbAAMCAAIqKgABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1675,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687931808,"flow_src_last_pkt_time":1605291687966872,"flow_dst_last_pkt_time":1605291687966627,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687966872,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1676,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687933355,"flow_dst_last_pkt_time":1605291687974700,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687974700,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYgARaADQAh+RZQSfh\/EI4qAcsBIEmLB5kd7IUo3\/YpAbu+CLYiE5XSRuhLoBJXgDDhAAACBAV4AQMDAwQCCArC10AQ14piew=="}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1677,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687933001,"flow_dst_last_pkt_time":1605291687974700,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687974700,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAACJ4z5QqAcsBIEmLB5kd7IUo3\/YpAbuayhO+xPR32HzbgBALMG3oAAABAQgKwtdAFVOdBiI="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1679,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687974730,"flow_dst_last_pkt_time":1605291687974700,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687974730,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsACAGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6Eu2IhOWgBAB+7TJAAABAQgK14pipMLXQBA="}
+01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1681,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687974969,"flow_dst_last_pkt_time":1605291687974700,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687974969,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsAiUGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6Eu2IhOWgBgB+zY3AAABAQgK14pipMLXQBAWAwECAAEAAfwDA3sf7LZhCKu3FcQtfQQXpjU\/yJNKxK1Wu7mS7O\/nW0esIK9NcmR4uxEXTx0wl0DqrASosxQJ8d8M7I15cNDqZSjgACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAGgAYAAAVc2VjdXJlLnF1YW50c2VydmUuY29tABcAAP8BAAEAAAoACgAIenoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACl6egABAAAdACBi6uz3bgjuw2Flzm3cT5QZ5PbRQ8kZgg4sjV4aUfzKPgAtAAIBAQArAAsKKioDBAMDAwIDAQAbAAMCAAIqKgABAAAVAMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01212{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1681,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687933355,"flow_src_last_pkt_time":1605291687974969,"flow_dst_last_pkt_time":1605291687974700,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687974969,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"secure.quantserve.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1684,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687934638,"flow_dst_last_pkt_time":1605291687975138,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687975138,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAABc2hvEqAcsBIEmLB5kd7IUo3\/YpAbus6CNL5ddGO8iRoBJXgMJGAAACBAV4AQMDAwQCCArC10AVUckv+A=="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1686,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687975186,"flow_dst_last_pkt_time":1605291687975138,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687975186,"pkt":"qtsDr8lk5EKm5WPyht1gA0MZACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAXNobxrOgBu0Y7yJEjS+XYgBAB+0YvAAABAQgKUckwIcLXQBU="}
+01227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687975399,"flow_dst_last_pkt_time":1605291687975138,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687975399,"pkt":"qtsDr8lk5EKm5WPyht1gA0MZAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAXNobxrOgBu0Y7yJEjS+XYgBgB+6HOAAABAQgKUckwIcLXQBUWAwECAAEAAfwDAyyfGNXrQuJaooVOSAZWYwrICVdKySe7AfwbUmNJLrj6IPGtMcg+xk+\/4O6dPXPeOmaj7v3Le548CiQfbZu3tkOqACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAHQAbAAAYc2Iuc2NvcmVjYXJkcmVzZWFyY2guY29tABcAAP8BAAEAAAoACgAI+voAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACn6+gABAAAdACCtpKM+O77uTAjQEIT6uCXqvuLVOHqvZMFLfC1DKm+WSgAtAAIBAQArAAsKysoDBAMDAwIDAQAbAAMCAAIaGgABAAAVAMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1691,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687934638,"flow_src_last_pkt_time":1605291687975399,"flow_dst_last_pkt_time":1605291687975138,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687975399,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":101,"category":"Advertisement","hostname":"sb.scorecardresearch.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01230{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1693,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687896532,"flow_src_last_pkt_time":1605291687933001,"flow_dst_last_pkt_time":1605291687976086,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291687976086,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"id.rlcdn.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1764,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687966872,"flow_dst_last_pkt_time":1605291688019659,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688019659,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvWTrVWRoXRRdT8gBALMNnKAAABAQgKwtdAO3CSuIk="}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1768,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687974969,"flow_dst_last_pkt_time":1605291688020339,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688020339,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYgARaADQAh+RZQSfh\/EI4qAcsBIEmLB5kd7IUo3\/YpAbu+CLYiE5bSRupQgBALMKljAAABAQgKwtdAPNeKYqQ="}
+01252{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1781,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687931808,"flow_src_last_pkt_time":1605291687966872,"flow_dst_last_pkt_time":1605291688024605,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688024605,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1788,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687975399,"flow_dst_last_pkt_time":1605291688025071,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688025071,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAABc2hvEqAcsBIEmLB5kd7IUo3\/YpAbus6CNL5dhGO8qWgBALMDrJAAABAQgKwtdAQVHJMCE="}
+01254{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1789,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687934638,"flow_src_last_pkt_time":1605291687975399,"flow_dst_last_pkt_time":1605291688025072,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688025072,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":101,"category":"Advertisement","hostname":"sb.scorecardresearch.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01295{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1818,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687933355,"flow_src_last_pkt_time":1605291687974969,"flow_dst_last_pkt_time":1605291688036417,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688036417,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"secure.quantserve.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01673{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1821,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1605291687933355,"flow_src_last_pkt_time":1605291687974969,"flow_dst_last_pkt_time":1605291688036418,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3364,"midstream":0,"thread_ts_usec":1605291688036418,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"secure.quantserve.com","tls": {"version":"TLSv1.2","server_names":"*.quantserve.com,*.quantcount.com,*.apextag.com,quantserve.com,quantcount.com,apextag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Quantcast Corporation, CN=*.quantserve.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3A:30:B1:4A:CE:62:AF:55:B1:89:FF:0C:CB:69:E3:80:CB:B0:91:90"}}}
+01300{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1844,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291687829706,"flow_dst_last_pkt_time":1605291688046248,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688046248,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"syndication.twitter.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01746{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1847,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291688046258,"flow_dst_last_pkt_time":1605291688046580,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3439,"midstream":0,"thread_ts_usec":1605291688046580,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"syndication.twitter.com","tls": {"version":"TLSv1.2","server_names":"syndication.twitter.com,syndication.twimg.com,syndication-o.twitter.com,syndication-o.twimg.com,cdn.syndication.twitter.com,cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=lon3, CN=syndication.twitter.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"09:D3:FE:9A:3E:39:A7:E2:90:5B:C9:1F:3B:7D:CE:7C:7E:08:1C:6F"}}}
+01998{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1955,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291687933355,"flow_src_last_pkt_time":1605291688258109,"flow_dst_last_pkt_time":1605291688258300,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1296,"flow_dst_tot_l4_payload_len":10685,"midstream":0,"thread_ts_usec":1605291688258300,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":20958.0,"max":180245,"stddev":38814.9,"var":1506599424.0,"ent":3.3,"data": [41345,41375,239,45639,16078,1,0,61463,16,3,3880,365,125,94049,180245,10480,2,92307,53,428,5467,8019,1891,14882,15513,1,15533,36,263,0,1]},"pktlen": {"min":72,"avg":446.9,"max":1460,"stddev":554.6,"var":307585.9,"ent":4.0,"data": [80,80,72,589,72,1460,1460,660,72,72,72,198,171,330,330,72,346,141,72,72,110,72,72,110,72,1460,1460,72,72,1460,1460,1460]},"bins": {"c_to_s": [10,1,0,2,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,1,1,0,0,1,1,1],"entropies": [5.270193100,5.621731281,5.459350586,4.656135082,5.421088219,6.918155670,7.356199741,7.583865643,5.431572914,5.431572914,5.348239899,6.523558617,6.440567493,7.245548248,7.233427525,5.403794765,7.155272961,6.347721100,5.459350586,5.459350586,5.820535183,5.393310547,5.355048180,6.026633739,5.409216881,7.855928898,7.870290756,5.487128258,5.459350586,7.867146015,7.870689869,7.867941856]}}
+01677{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1955,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291687933355,"flow_src_last_pkt_time":1605291688258109,"flow_dst_last_pkt_time":1605291688258300,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1296,"flow_dst_tot_l4_payload_len":10685,"midstream":0,"thread_ts_usec":1605291688258300,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"secure.quantserve.com","tls": {"version":"TLSv1.2","server_names":"*.quantserve.com,*.quantcount.com,*.apextag.com,quantserve.com,quantcount.com,apextag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Quantcast Corporation, CN=*.quantserve.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3A:30:B1:4A:CE:62:AF:55:B1:89:FF:0C:CB:69:E3:80:CB:B0:91:90"}}}
+00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1974,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688324076,"flow_src_last_pkt_time":1605291688324076,"flow_dst_last_pkt_time":1605291688324076,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688324076,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1974,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688324076,"flow_dst_last_pkt_time":1605291688324076,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688324076,"pkt":"qtsDr8lk5EKm5WPyht1gDP1bACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx5wBu0pXpjQAAAAAoAL9INe7AAACBAWgBAIICn8mSwwAAAAAAQMDBw=="}
+00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1981,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688336354,"flow_src_last_pkt_time":1605291688336354,"flow_dst_last_pkt_time":1605291688336354,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688336354,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1981,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688336354,"flow_dst_last_pkt_time":1605291688336354,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688336354,"pkt":"qtsDr8lk5EKm5WPyht1gC0OFACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx54BuzYIpzgAAAAAoAL9IOr4AAACBAWgBAIICn8mSxgAAAAAAQMDBw=="}
+00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1990,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688344280,"flow_src_last_pkt_time":1605291688344280,"flow_dst_last_pkt_time":1605291688344280,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688344280,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1990,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688344280,"flow_dst_last_pkt_time":1605291688344280,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688344280,"pkt":"qtsDr8lk5EKm5WPyht1gATUNACgGQCoBywEgSYsHmR3shSjf9ikmAJAAIZzuAAAGROP4wJOh23oBu4m0PmAAAAAAoAL9ICpwAAACBAWgBAIICgi3lpgAAAAAAQMDBw=="}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1997,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688324076,"flow_dst_last_pkt_time":1605291688365155,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688365155,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnC63k25KV6Y1oBJXgLbhAAACBAV4AQMDAwQCCArC10GYfyZLDA=="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1998,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688365176,"flow_dst_last_pkt_time":1605291688365155,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688365176,"pkt":"qtsDr8lk5EKm5WPyht1gDP1bACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx5wBu0pXpjUut5NvgBAB+zrKAAABAQgKfyZLNcLXQZg="}
+01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1999,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688365341,"flow_dst_last_pkt_time":1605291688365155,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688365341,"pkt":"qtsDr8lk5EKm5WPyht1gDP1bAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx5wBu0pXpjUut5NvgBgB+7buAAABAQgKfyZLNcLXQZgWAwECAAEAAfwDA4SpSUX6niItAQ8Maifw8WwrZv9VwJth3ahSGxyzgKqiIJ+TN+GJohJ\/sCFH1vMdRLlZ2ieR3T3a5tv50MEc6iCkACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZN6egAAAAAAFwAVAAASYWQuZG91YmxlY2xpY2submV0ABcAAP8BAAEAAAoACgAIamoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClqagABAAAdACD\/3R8L0Iz+Y65v46jR4P68ZYP7Yr6kSULFXg4YFIANVgAtAAIBAQArAAsKenoDBAMDAwIDAQAbAAMCAAK6ugABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1999,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688324076,"flow_src_last_pkt_time":1605291688365341,"flow_dst_last_pkt_time":1605291688365155,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688365341,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ad.doubleclick.net","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2000,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688336354,"flow_dst_last_pkt_time":1605291688370931,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688370931,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnlMkjxA2CKc5oBJXgKoEAAACBAV4AQMDAwQCCArC10GjfyZLGA=="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2003,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688370943,"flow_dst_last_pkt_time":1605291688370931,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688370943,"pkt":"qtsDr8lk5EKm5WPyht1gC0OFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx54BuzYIpzlTJI8RgBAB+y30AAABAQgKfyZLOsLXQaM="}
+01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2004,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688371089,"flow_dst_last_pkt_time":1605291688370931,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688371089,"pkt":"qtsDr8lk5EKm5WPyht1gC0OFAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx54BuzYIpzlTJI8RgBgB+970AAABAQgKfyZLO8LXQaMWAwECAAEAAfwDAwgp1anJVpvxZgRnK\/Ii+gtEvGbJCYcqFRsrqueQf6vRIJCDNh4n+qlo6kd0ODvy\/AwDjBO0nZ+gYy2KZgyiYgg0ACDa2hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOamgAAAAAAFwAVAAASYWQuZG91YmxlY2xpY2submV0ABcAAP8BAAEAAAoACgAICgoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkKCgABAAAdACCaFYCIYTRmnTxfH8RhAM0mES96Hrj9vGr3nYL6Ox9VMwAtAAIBAQArAAsKGhoDBAMDAwIDAQAbAAMCAAKqqgABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2004,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688336354,"flow_src_last_pkt_time":1605291688371089,"flow_dst_last_pkt_time":1605291688370931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688371089,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ad.doubleclick.net","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2006,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688344280,"flow_dst_last_pkt_time":1605291688371819,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688371819,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYAkAAhnO4AAAZE4\/jAk6EqAcsBIEmLB5kd7IUo3\/YpAbvbeuzTe9OJtD5hoBJXgGMHAAACBAV4AQMDAwQCCArC10GlCLeWmA=="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2007,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688371834,"flow_dst_last_pkt_time":1605291688371819,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688371834,"pkt":"qtsDr8lk5EKm5WPyht1gATUNACAGQCoBywEgSYsHmR3shSjf9ikmAJAAIZzuAAAGROP4wJOh23oBu4m0PmHs03vUgBAB++b9AAABAQgKCLeWs8LXQaU="}
+01233{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2008,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688371819,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688372055,"pkt":"qtsDr8lk5EKm5WPyht1gATUNAiUGQCoBywEgSYsHmR3shSjf9ikmAJAAIZzuAAAGROP4wJOh23oBu4m0PmHs03vUgBgB+yzJAAABAQgKCLeWs8LXQaUWAwECAAEAAfwDA9hatQx\/QktbULCFc2FQNgXPGrp+qPvBQrE5NDlBZlE\/IMd+e8Lduh2\/OW58Rm5lIQBoGyh8j\/3MT9YMf0bL3Me3ACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAGQAXAAAUcnVsZXMucXVhbnRjb3VudC5jb20AFwAA\/wEAAQAACgAKAAhKSgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKUpKAAEAAB0AIOhk20ZK7Hqhb4\/e3Kx4aK6U4Kcjb5InvqFomt\/cTww3AC0AAgEBACsACwr6+gMEAwMDAgMBABsAAwIAAtraAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2008,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688344280,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688371819,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688372055,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"rules.quantcount.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2009,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688365341,"flow_dst_last_pkt_time":1605291688397011,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688397011,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnC63k29KV6g6gBALMC9uAAABAQgKwtdBun8mSzU="}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2010,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688371089,"flow_dst_last_pkt_time":1605291688408044,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688408044,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnlMkjxE2CKk+gBALMCKeAAABAQgKwtdBvn8mSzs="}
+01265{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2011,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688324076,"flow_src_last_pkt_time":1605291688365341,"flow_dst_last_pkt_time":1605291688408044,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688408044,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ad.doubleclick.net","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01265{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2015,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688336354,"flow_src_last_pkt_time":1605291688371089,"flow_dst_last_pkt_time":1605291688408514,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688408514,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ad.doubleclick.net","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2018,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688408515,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688408515,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYAkAAhnO4AAAZE4\/jAk6EqAcsBIEmLB5kd7IUo3\/YpAbvbeuzTe9SJtEBmgBALMNufAAABAQgKwtdByQi3lrM="}
+01256{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2025,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688344280,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688411963,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688411963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"rules.quantcount.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+02177{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2077,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1605291688324076,"flow_src_last_pkt_time":1605291688488430,"flow_dst_last_pkt_time":1605291688495517,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1402,"flow_dst_tot_l4_payload_len":4278,"midstream":0,"thread_ts_usec":1605291688495517,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":10832.1,"max":42730,"stddev":14959.8,"var":223794400.0,"ent":3.6,"data": [41079,41100,165,31856,11033,42730,469,1,470,25,2812,1299,93,34223,10205,1,40205,536,1458,1,938,16571,1,3,16547,20,17,4417,310,12670,24540]},"pktlen": {"min":72,"avg":250.0,"max":1460,"stddev":362.6,"var":131502.0,"ent":4.0,"data": [80,80,72,589,72,1460,72,1460,172,72,72,136,164,486,72,652,72,72,103,72,103,72,793,103,111,72,72,72,111,107,282,72]},"bins": {"c_to_s": [11,2,2,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,1],"entropies": [4.857011318,5.329952717,5.273682594,4.540163040,5.139187336,7.843326092,5.273682594,7.862450600,6.539532185,5.273682594,5.273682594,6.134756088,6.541216850,7.446951866,5.166965008,7.636521339,5.100924969,5.273682594,5.932955742,5.111409664,5.777672768,5.263197899,7.737014294,5.703792095,5.962306976,5.301460266,5.329237938,5.329237938,6.057867527,5.878192425,7.107053280,5.166965008]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
+01992{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2091,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291688483940,"flow_dst_last_pkt_time":1605291688560007,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":4488,"midstream":0,"thread_ts_usec":1605291688560007,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":46567.4,"max":216552,"stddev":67587.7,"var":4568099328.0,"ent":3.6,"data": [29231,29299,228,29539,187299,216552,332,0,326,7,1815,188,30,70254,211900,6516,1,182884,58339,20162,41757,64,46,873,11694,10868,9898,6233,112514,128634,76106]},"pktlen": {"min":72,"avg":258.4,"max":1460,"stddev":353.4,"var":124913.6,"ent":4.1,"data": [80,80,72,589,72,1460,72,1460,735,72,72,198,171,362,362,72,72,72,172,72,314,72,116,72,110,110,72,72,72,531,72,338]},"bins": {"c_to_s": [9,1,0,3,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,0,0,0,0,1,1,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1],"entropies": [4.822575092,5.245516300,5.245904922,4.574756145,5.111409664,6.787540913,5.218127251,7.353115559,7.586227894,5.162571907,5.190349579,6.362659931,6.273279667,7.149994850,7.138213634,5.083631992,5.055854321,5.055854321,6.419822216,5.083631992,6.981730461,5.245904922,5.900056362,5.218127251,5.636374950,5.857635021,5.190349579,5.083631992,5.083631992,7.496485710,5.175263882,7.287763596]}}
+01749{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2091,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291688483940,"flow_dst_last_pkt_time":1605291688560007,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":4488,"midstream":0,"thread_ts_usec":1605291688560007,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"syndication.twitter.com","tls": {"version":"TLSv1.2","server_names":"syndication.twitter.com,syndication.twimg.com,syndication-o.twitter.com,syndication-o.twimg.com,cdn.syndication.twitter.com,cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=lon3, CN=syndication.twitter.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"09:D3:FE:9A:3E:39:A7:E2:90:5B:C9:1F:3B:7D:CE:7C:7E:08:1C:6F"}}}
+00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2115,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688611238,"flow_src_last_pkt_time":1605291688611238,"flow_dst_last_pkt_time":1605291688611238,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688611238,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2115,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688611238,"flow_dst_last_pkt_time":1605291688611238,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688611238,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/ACgGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3Z44AAAAAoAL9IIe6AAACBAWgBAIICvY2BR4AAAAAAQMDBw=="}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2116,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688611238,"flow_dst_last_pkt_time":1605291688654248,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688654248,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNBoNFCkHQgeCALYqAcsBIEmLB5kd7IUo3\/YpAbubOJS20cTxd2ePoBJXgMFkAAACBAV4AQMDAwQCCArC10K+9jYFHg=="}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2117,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688654303,"flow_dst_last_pkt_time":1605291688654248,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688654303,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3Z4+UttHFgBAB+0VLAAABAQgK9jYFScLXQr4="}
+01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2118,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688654612,"flow_dst_last_pkt_time":1605291688654248,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688654612,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/AiUGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3Z4+UttHFgBgB+9l4AAABAQgK9jYFScLXQr4WAwECAAEAAfwDA46RLPCXby2v1fhhEaIIot6g8XiGmSWLgLgejrMgyw66ICkvsU+x9q1tILELIWe9u4V18z4rsB3VSuGPlE2gOpFxACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMKCgAAAAAAHgAcAAAZY2RuLnN5bmRpY2F0aW9uLnR3aW1nLmNvbQAXAAD\/AQABAAAKAAoACNraAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwAp2toAAQAAHQAgkrvLnn5W3A5xznxU8nIj0ij8otKT8iVeuL\/XwL97plwALQACAQEAKwALClpaAwQDAwMCAwEAGwADAgAC2toAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2118,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688611238,"flow_src_last_pkt_time":1605291688654612,"flow_dst_last_pkt_time":1605291688654248,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688654612,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"cdn.syndication.twimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2119,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688654612,"flow_dst_last_pkt_time":1605291688695528,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688695528,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYGKAABNBoNFCkHQgeCALYqAcsBIEmLB5kd7IUo3\/YpAbubOJS20cXxd2mUgBALMDnoAAABAQgKwtdC5\/Y2BUk="}
+01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2120,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688611238,"flow_src_last_pkt_time":1605291688654612,"flow_dst_last_pkt_time":1605291688705717,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1605291688705717,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"cdn.syndication.twimg.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2124,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688712501,"flow_src_last_pkt_time":1605291688712501,"flow_dst_last_pkt_time":1605291688712501,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688712501,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2124,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688712501,"flow_dst_last_pkt_time":1605291688712501,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688712501,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhHQQAAAAAoAL9IGnKAAACBAWgBAIICoWLJ5EAAAAAAQMDBw=="}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2134,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688749044,"flow_dst_last_pkt_time":1605291688749044,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688749044,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2134,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688749044,"flow_dst_last_pkt_time":1605291688749044,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688749044,"pkt":"qtsDr8lk5EKm5WPyht1gCJDMACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAE38IBu+NAO7IAAAAAoAL9ICgwAAACBAWgBAIICm3\/yPIAAAAAAQMDBw=="}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2138,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688712501,"flow_dst_last_pkt_time":1605291688754068,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688754068,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAYqAcsBIEmLB5kd7IUo3\/YpAbvVxjGyAqhUIR0FoBJXgNU8AAACBAV4AQMDAwQCCArC10MXhYsnkQ=="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2139,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688754101,"flow_dst_last_pkt_time":1605291688754068,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688754101,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhHQUxsgKpgBAB+1kkAAABAQgKhYsnu8LXQxc="}
+01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2140,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688754330,"flow_dst_last_pkt_time":1605291688754068,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688754330,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhHQUxsgKpgBgB+7qNAAABAQgKhYsnu8LXQxcWAwECAAEAAfwDAyXaTUGeswmyVM8\/Dl2Qf5fitrGFmVKyru8OELloUAwbIMUqQj\/L7tNTcV3UD9UpA2mjeLajzAaCv8lzw2\/F86fvACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAGwAZAAAWc3RhdGljLmRvdWJsZWNsaWNrLm5ldAAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApSkoAAQAAHQAgkJbXOIyvxcmniIJLU3Qom4gz6w8\/FjW9fJVELvdvcGIALQACAQEAKwALCvr6AwQDAwMCAwEAGwADAgACWloAAQAAFQDGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01230{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2140,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688712501,"flow_src_last_pkt_time":1605291688754330,"flow_dst_last_pkt_time":1605291688754068,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688754330,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2147,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688749044,"flow_dst_last_pkt_time":1605291688786435,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688786435,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbvfwoEYYXPjQDuzoBJXgOVIAAACBAV4AQMDAwQCCArC10M\/bf\/I8g=="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2148,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688786460,"flow_dst_last_pkt_time":1605291688786435,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688786460,"pkt":"qtsDr8lk5EKm5WPyht1gCJDMACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAE38IBu+NAO7OBGGF0gBAB+2k0AAABAQgKbf\/JGMLXQz8="}
+01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2149,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688786633,"flow_dst_last_pkt_time":1605291688786435,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688786633,"pkt":"qtsDr8lk5EKm5WPyht1gCJDMAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAE38IBu+NAO7OBGGF0gBgB+9LpAAABAQgKbf\/JGMLXQz8WAwECAAEAAfwDAxslW\/nV6n4TSU+WU427vUmpkTBTAfJMCiXCjsW6jsM1IDI9pBtUEgNPXXn3m6DfkXTykQkxvHtW6AlECtSxtZwqACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAEwARAAAOd3d3Lmdvb2dsZS5jb20AFwAA\/wEAAQAACgAKAAh6egAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKXp6AAEAAB0AIOcwVI1IhWdfqyJF52U0JaQN9BKpJPL3krZ3EsrflGwKAC0AAgEBACsACwq6ugMEAwMDAgMBABsAAwIAAvr6AAEAABUAzgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2149,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688786633,"flow_dst_last_pkt_time":1605291688786435,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688786633,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2160,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688754330,"flow_dst_last_pkt_time":1605291688794873,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688794873,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAYqAcsBIEmLB5kd7IUo3\/YpAbvVxjGyAqlUIR8KgBALME23AAABAQgKwtdDSoWLJ7s="}
+02180{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2162,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291688611238,"flow_src_last_pkt_time":1605291688786771,"flow_dst_last_pkt_time":1605291688811895,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":523,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1624,"flow_dst_tot_l4_payload_len":5905,"midstream":0,"thread_ts_usec":1605291688811895,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":12135.2,"max":51136,"stddev":17866.3,"var":319203328.0,"ent":3.5,"data": [43010,43065,309,41280,10189,51136,400,38397,3509,41489,471,1,468,4,62,52,2291,169,102,38533,0,1,0,35978,9,3,58,5162,2233,17560,249]},"pktlen": {"min":72,"avg":307.8,"max":1280,"stddev":396.4,"var":157103.1,"ent":4.1,"data": [80,80,72,589,72,171,72,595,72,1280,72,1280,1280,72,72,409,72,146,164,459,72,327,327,168,72,72,72,103,72,72,103,1280]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,2,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1],"entropies": [5.156615734,5.498501778,5.447478771,4.680018902,5.305136681,6.159050465,5.343176365,5.095525742,5.322429657,7.814732552,5.475256443,7.833696365,7.860356808,5.419701099,5.436994553,7.369849682,5.475256443,6.433616161,6.626874924,7.528322220,5.360692024,7.254635811,7.262678146,6.541914940,5.447478771,5.475256443,5.447478771,6.000376225,5.388469696,5.360692024,5.934231758,7.832221508]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
+01275{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2165,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688712501,"flow_src_last_pkt_time":1605291688754330,"flow_dst_last_pkt_time":1605291688813598,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688813598,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2177,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291688830061,"flow_dst_last_pkt_time":1605291688830061,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688830061,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2177,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688830061,"flow_dst_last_pkt_time":1605291688830061,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688830061,"pkt":"qtsDr8lk5EKm5WPyht1gBrB0ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAB4woBuyKqv5AAAAAAoAL9IFwjAAACBAWgBAIICu7gTZEAAAAAAQMDBw=="}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2178,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688831210,"flow_src_last_pkt_time":1605291688831210,"flow_dst_last_pkt_time":1605291688831210,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688831210,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2178,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688831210,"flow_dst_last_pkt_time":1605291688831210,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688831210,"pkt":"qtsDr8lk5EKm5WPyht1gDPOvACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACAWzEgBu0zLu+wAAAAAoAL9IM9TAAACBAWgBAIICkSadMcAAAAAAQMDBw=="}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2180,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688786633,"flow_dst_last_pkt_time":1605291688833881,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688833881,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbvfwoEYYXTjQD24gBALMF3PAAABAQgKwtdDam3\/yRg="}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2183,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688843899,"flow_src_last_pkt_time":1605291688843899,"flow_dst_last_pkt_time":1605291688843899,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688843899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2183,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688843899,"flow_dst_last_pkt_time":1605291688843899,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688843899,"pkt":"qtsDr8lk5EKm5WPyht1gAjZHACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMYBu5\/Vp\/oAAAAAoAL9IC3PAAACBAWgBAIICjfz93gAAAAAAQMDBw=="}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2184,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688843948,"flow_src_last_pkt_time":1605291688843948,"flow_dst_last_pkt_time":1605291688843948,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688843948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2184,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688843948,"flow_dst_last_pkt_time":1605291688843948,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688843948,"pkt":"qtsDr8lk5EKm5WPyht1gC3ZcACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMgBu1ulIdYAAAAAoAL9IPghAAACBAWgBAIICjfz93gAAAAAAQMDBw=="}
+01255{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2185,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688786633,"flow_dst_last_pkt_time":1605291688848925,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688848925,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2227,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688843899,"flow_dst_last_pkt_time":1605291688889230,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688889230,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4xvp17E2f1af7oBJXgOZHAAACBAV4AQMDAwQCCArC10OnN\/P3eA=="}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2228,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688843948,"flow_dst_last_pkt_time":1605291688889231,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688889231,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4yD8lZERbpSHXoBJXgPP1AAACBAV4AQMDAwQCCArC10OmN\/P3eA=="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2230,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688889272,"flow_dst_last_pkt_time":1605291688889230,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688889272,"pkt":"qtsDr8lk5EKm5WPyht1gAjZHACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMYBu5\/Vp\/v6dexOgBAB+2orAAABAQgKN\/P3psLXQ6c="}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2231,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688889299,"flow_dst_last_pkt_time":1605291688889231,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688889299,"pkt":"qtsDr8lk5EKm5WPyht1gC3ZcACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMgBu1ulIdc\/JWRFgBAB+3fZAAABAQgKN\/P3psLXQ6Y="}
+01234{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2234,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688889651,"flow_dst_last_pkt_time":1605291688889230,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688889651,"pkt":"qtsDr8lk5EKm5WPyht1gAjZHAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMYBu5\/Vp\/v6dexOgBgB+wBCAAABAQgKN\/P3psLXQ6cWAwECAAEAAfwDAznRqrI3BjpH0fMAjhWc3pmJOvHC\/\/j965\/A5lDlxh6gIDLxR7\/ypcsELHSllGpRYQ5lC32jGxm0ISoXtgzdDW32ACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPKygAAAAAAFgAUAAARZm9udHMuZ3N0YXRpYy5jb20AFwAA\/wEAAQAACgAKAAh6egAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKXp6AAEAAB0AILgo0nok9EKnwiVyB76v1YPllAYprQfO501YUPqbQH86AC0AAgEBACsACwrKygMEAwMDAgMBABsAAwIAAtraAAEAABUAywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01213{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2234,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688843899,"flow_src_last_pkt_time":1605291688889651,"flow_dst_last_pkt_time":1605291688889230,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688889651,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2235,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688889830,"flow_dst_last_pkt_time":1605291688889231,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688889830,"pkt":"qtsDr8lk5EKm5WPyht1gC3ZcAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMgBu1ulIdc\/JWRFgBgB+\/TaAAABAQgKN\/P3psLXQ6YWAwECAAEAAfwDAy7heESofJEzNLpKC6m4EcWF3nwglvjLt2LPUv7yUvYtICOazh2ftjIMIz\/UcLVP0+BLLLQerkGXc0LbFnQmwjmQACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAFgAUAAARZm9udHMuZ3N0YXRpYy5jb20AFwAA\/wEAAQAACgAKAAgaGgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKRoaAAEAAB0AINLvbr+LEAbtuJUEM5hwiBTekJnwVlsSGnoYC4BLgTo4AC0AAgEBACsACwoaGgMEAwMDAgMBABsAAwIAAhoaAAEAABUAywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01213{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2235,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688843948,"flow_src_last_pkt_time":1605291688889830,"flow_dst_last_pkt_time":1605291688889231,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688889830,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2239,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688830061,"flow_dst_last_pkt_time":1605291688893806,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688893806,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvjCkXQfikiqr+RoBJXgDd0AAACBAV4AQMDAwQCCArC10OZ7uBNkQ=="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2240,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688893841,"flow_dst_last_pkt_time":1605291688893806,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688893841,"pkt":"qtsDr8lk5EKm5WPyht1gBrB0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAB4woBuyKqv5FF0H4qgBAB+7tFAAABAQgK7uBN0cLXQ5k="}
+01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2241,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688894065,"flow_dst_last_pkt_time":1605291688893806,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688894065,"pkt":"qtsDr8lk5EKm5WPyht1gBrB0AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAB4woBuyKqv5FF0H4qgBgB+5EWAAABAQgK7uBN0cLXQ5kWAwECAAEAAfwDAw\/cwYtpk8EY2nFSet6HfhMTIva07YBjsHCyF\/EXCY4lIET\/tOg8vSE9lW4MNj+8zcNcKH9YOh6jVhMXDVw4Nj\/KACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAEgAQAAANeXQzLmdncGh0LmNvbQAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApSkoAAQAAHQAgNH1NsmWXDLZE3tZCuT77ObLFazHLQDqNeh9VcGafUUsALQACAQEAKwALCrq6AwQDAwMCAwEAGwADAgACWloAAQAAFQDPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2241,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291688894065,"flow_dst_last_pkt_time":1605291688893806,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688894065,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2243,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688831210,"flow_dst_last_pkt_time":1605291688894545,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688894545,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgVAAAAAAAAIBYqAcsBIEmLB5kd7IUo3\/YpAbvMSCvRvaZMy7vtoBJXgIUlAAACBAV4AQMDAwQCCArC10OaRJp0xw=="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2245,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688894570,"flow_dst_last_pkt_time":1605291688894545,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688894570,"pkt":"qtsDr8lk5EKm5WPyht1gDPOvACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACAWzEgBu0zLu+0r0b2ngBAB+wj4AAABAQgKRJp1BsLXQ5o="}
+02164{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2255,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688895635,"flow_dst_last_pkt_time":1605291688895679,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":990,"flow_dst_tot_l4_payload_len":9898,"midstream":0,"thread_ts_usec":1605291688895679,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9458.9,"max":62320,"stddev":17558.3,"var":308293920.0,"ent":3.0,"data": [37391,37416,173,47446,15044,0,62320,24,361,320,2535,232,269,39947,114,0,2294,39328,242,2903,2650,782,796,254,1,2,253,13,20,95,1]},"pktlen": {"min":72,"avg":412.8,"max":1280,"stddev":483.3,"var":233579.9,"ent":4.1,"data": [80,80,72,589,72,1280,1280,72,72,289,72,136,164,358,72,72,72,652,72,103,497,72,1280,72,1280,1280,1280,72,72,72,1280,292]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,0,1,1,1,0,0,0,1,1],"entropies": [4.742643356,5.251736641,5.156122208,4.431118965,5.052281380,7.795456409,7.833138943,5.183899879,5.183899879,7.222666740,5.183899879,6.136840343,6.526112080,7.291018963,5.080059052,5.080059052,5.107836723,7.666177273,5.098598480,5.762085438,7.464744568,5.183899879,7.830111027,5.156122208,7.819734097,7.865944386,7.829904556,5.128344536,5.156122208,5.100566864,7.822502613,7.162058353]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2258,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688895701,"flow_dst_last_pkt_time":1605291688894545,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688895701,"pkt":"qtsDr8lk5EKm5WPyht1gDPOvAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACAWzEgBu0zLu+0r0b2ngBgB+10nAAABAQgKRJp1B8LXQ5oWAwECAAEAAfwDA7oV79R4wHgRAL7AbVXE9v058PsBigjvSIOLh78hsprPIH89NlzV0TnECw3jtHrFgKXeJLtftYSCOzC0pH+h068qACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAEAAOAAALaS55dGltZy5jb20AFwAA\/wEAAQAACgAKAAhqagAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKWpqAAEAAB0AIDrwMaG6jpMb0YufYlUyECjXCvQ2CIEExX7BF92xG1MCAC0AAgEBACsACwoqKgMEAwMDAgMBABsAAwIAAvr6AAEAABUA0QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01203{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2258,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688831210,"flow_src_last_pkt_time":1605291688895701,"flow_dst_last_pkt_time":1605291688894545,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688895701,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2646,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688889651,"flow_dst_last_pkt_time":1605291688954910,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688954910,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4xvp17E6f1aoAgBALMF7QAAABAQgKwtdDyDfz96Y="}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2708,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688894065,"flow_dst_last_pkt_time":1605291688962330,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688962330,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvjCkXQfioiqsGWgBALMK\/YAAABAQgKwtdDzO7gTdE="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2711,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688895701,"flow_dst_last_pkt_time":1605291688962332,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688962332,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgVAAAAAAAAIBYqAcsBIEmLB5kd7IUo3\/YpAbvMSCvRvadMy73ygBALMP2JAAABAQgKwtdDzUSadQc="}
+01250{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2715,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291688894065,"flow_dst_last_pkt_time":1605291688963049,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688963049,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01248{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2733,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688831210,"flow_src_last_pkt_time":1605291688895701,"flow_dst_last_pkt_time":1605291688963101,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688963101,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2734,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688889830,"flow_dst_last_pkt_time":1605291688963102,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688963102,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4yD8lZEVbpSPcgBALMGx9AAABAQgKwtdDyDfz96Y="}
+01258{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2738,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688843899,"flow_src_last_pkt_time":1605291688889651,"flow_dst_last_pkt_time":1605291688963103,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688963103,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01258{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2748,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688843948,"flow_src_last_pkt_time":1605291688889830,"flow_dst_last_pkt_time":1605291688963145,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688963145,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+02150{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2796,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291689005944,"flow_dst_last_pkt_time":1605291689006046,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1039,"flow_dst_tot_l4_payload_len":8982,"midstream":0,"thread_ts_usec":1605291689006046,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":11350.6,"max":68993,"stddev":22767.9,"var":518376128.0,"ent":2.8,"data": [63745,63780,224,68524,719,1,1,1,68993,14,7,6,49,23,8336,2581,2495,40185,1017,0,0,27807,170,1594,1,1430,17,147,0,1,0]},"pktlen": {"min":72,"avg":385.7,"max":1280,"stddev":459.2,"var":210886.5,"ent":4.1,"data": [80,80,72,589,72,1280,1280,1280,1280,72,72,72,72,469,72,136,164,407,72,652,72,72,72,103,103,503,72,72,1280,1280,328,111]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,0,0,1,1,0,0,1,1,1,1],"entropies": [4.810268402,5.216053009,5.081305027,4.495285511,5.070961475,7.775168419,7.813756466,7.830919743,7.820947170,5.175122738,5.202900410,5.175122738,5.164638042,7.419659138,5.202900410,6.144525528,6.597908497,7.465239525,5.081446171,7.628419399,5.025890350,5.081446171,5.136860371,5.834997177,5.649486065,7.575581074,5.202900410,5.202900410,7.817056179,7.851086140,7.198029995,5.871317387]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
+02157{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2818,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291688843899,"flow_src_last_pkt_time":1605291689013039,"flow_dst_last_pkt_time":1605291689013078,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1086,"flow_dst_tot_l4_payload_len":9699,"midstream":0,"thread_ts_usec":1605291689013078,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":10913.5,"max":73480,"stddev":20451.9,"var":418282080.0,"ent":3.0,"data": [45331,45373,379,65680,8193,73480,42,0,21,5,12589,926,174,173,41157,1595,28896,105,3348,1,0,3744,1,0,1,6991,22,3,3,85,1]},"pktlen": {"min":72,"avg":409.5,"max":1280,"stddev":484.5,"var":234727.2,"ent":4.1,"data": [80,80,72,589,72,1280,72,1280,341,72,72,136,164,373,153,72,652,72,103,72,72,72,466,1280,1280,1280,72,72,72,72,1280,1280]},"bins": {"c_to_s": [11,0,3,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,0,0,0,0,1,1,0,0,1,1,1,1,1,1,1,0,0,0,0,1,1],"entropies": [4.855388641,5.270608902,5.232646942,4.480056286,5.091208458,7.815004349,5.193278790,7.850385666,7.281913757,5.248834610,5.137723923,6.052643776,6.521836281,7.361442566,6.438180447,5.052281380,7.594014645,5.288202286,5.794967651,5.135614395,5.191169739,5.137001514,7.486030579,7.839892864,7.804619789,7.849721909,5.260424614,5.260424614,5.288202286,5.277717590,7.826467514,7.832191467]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02163{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2840,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291688831210,"flow_src_last_pkt_time":1605291689029453,"flow_dst_last_pkt_time":1605291689029440,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1007,"flow_dst_tot_l4_payload_len":10130,"midstream":0,"thread_ts_usec":1605291689029453,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":12789.5,"max":67787,"stddev":22343.4,"var":499229344.0,"ent":3.2,"data": [63335,63360,1131,67787,769,1,1,67414,6,6,11732,1751,188,41623,368,28482,452,4153,0,1923,5466,17937,17942,106,77,226,1,0,0,229,7]},"pktlen": {"min":72,"avg":420.5,"max":1280,"stddev":488.8,"var":238946.4,"ent":4.1,"data": [80,80,72,589,72,1280,1280,751,72,72,72,136,164,375,72,652,72,103,72,72,103,72,456,72,1280,72,1280,1280,1280,1280,72,72]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,0,0],"entropies": [4.855387688,5.286172390,5.166606426,4.403482437,5.097352028,7.810871601,7.864149094,7.683444977,5.164638042,5.232646465,5.288201809,6.259301662,6.552115440,7.385071278,5.107836723,7.668366432,5.149313450,5.867877483,5.069574356,5.080059052,5.803856373,5.204868793,7.481070042,5.260424137,7.860325813,5.260424137,7.834439754,7.818997860,7.817288876,7.835785389,5.232646465,5.260424137]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
+00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2923,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291689408040,"flow_src_last_pkt_time":1605291689408040,"flow_dst_last_pkt_time":1605291689408040,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291689408040,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2923,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1605291689408040,"flow_dst_last_pkt_time":1605291689408040,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291689408040,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPoYYAAAAAoAL9IMRnAAACBAWgBAIICql08xMAAAAAAQMDBw=="}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2924,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1605291689408040,"flow_dst_last_pkt_time":1605291689433785,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291689433785,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdQHZ86cETj6GHoBJXgAFCAAACBAV4AQMDAwQCCArC10XLqXTzEw=="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2925,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_src_last_pkt_time":1605291689433808,"flow_dst_last_pkt_time":1605291689433785,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291689433808,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPoYd2fOnCgBAB+4U5AAABAQgKqXTzLcLXRcs="}
+01227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2926,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_src_last_pkt_time":1605291689434011,"flow_dst_last_pkt_time":1605291689433785,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291689434011,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPoYd2fOnCgBgB++8gAAABAQgKqXTzLcLXRcsWAwECAAEAAfwDA6RBXFL39VgIijsWwJFOltTc3vBqkkKxNvmogVMM7+5TILt5Vv+iuY3iWQRNNnRaBO\/M2VarJ+AOmhROa9hHR21oACDKyhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAFwAVAAASZ2F0ZXdheS5yZWRkaXQuY29tABcAAP8BAAEAAAoACgAImpoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmamgABAAAdACALvUrkozxMntRnju+5MswRTyImrHAw8nJkdOYI+WcPaQAtAAIBAQArAAsKamoDBAMDAwIDAQAbAAMCAAJaWgABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2926,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291689408040,"flow_src_last_pkt_time":1605291689434011,"flow_dst_last_pkt_time":1605291689433785,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291689434011,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"gateway.reddit.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2928,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1605291689434011,"flow_dst_last_pkt_time":1605291689577974,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291689577974,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdQHZ86cITj6OMgBALMHnhAAABAQgKwtdF6al08y0="}
+01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2929,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291689408040,"flow_src_last_pkt_time":1605291689434011,"flow_dst_last_pkt_time":1605291689577976,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291689577976,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"gateway.reddit.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01563{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2933,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291689408040,"flow_src_last_pkt_time":1605291689578012,"flow_dst_last_pkt_time":1605291689578047,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291689578047,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"gateway.reddit.com","tls": {"version":"TLSv1.2","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}}}
+01959{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2960,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291689408040,"flow_src_last_pkt_time":1605291689629927,"flow_dst_last_pkt_time":1605291689672104,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1710,"flow_dst_tot_l4_payload_len":4392,"midstream":0,"thread_ts_usec":1605291689672104,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":15675.8,"max":144189,"stddev":36484.9,"var":1331146624.0,"ent":2.7,"data": [25745,25768,203,144189,2,0,143997,4,71,1,41,7,2508,597,1253,49737,1,0,1,45397,18,103,1,65,704,437,888,38392,2516,1067,2238]},"pktlen": {"min":72,"avg":263.2,"max":1120,"stddev":320.8,"var":102914.8,"ent":4.2,"data": [80,80,72,589,72,1120,1120,72,72,1120,587,72,72,165,171,471,72,72,330,138,72,72,72,439,72,110,566,142,72,72,72,114]},"bins": {"c_to_s": [9,1,2,1,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,1,1,0,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,0,0,1,1,1,1],"entropies": [4.857011795,5.259831905,5.179864883,4.529115200,5.055853844,6.908260822,7.364731312,5.245904922,5.218127251,7.327914715,7.541935444,5.162571907,5.218127251,6.139030457,6.351455688,7.439690113,5.166965008,5.139187336,7.125073433,6.245332241,5.235420227,5.273682594,5.139187336,7.450459003,5.273682594,5.556783676,7.574505329,6.164192200,5.085018635,5.139187336,5.139187336,5.963419437]}}
+01566{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2960,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291689408040,"flow_src_last_pkt_time":1605291689629927,"flow_dst_last_pkt_time":1605291689672104,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1710,"flow_dst_tot_l4_payload_len":4392,"midstream":0,"thread_ts_usec":1605291689672104,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"gateway.reddit.com","tls": {"version":"TLSv1.2","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2985,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690373466,"flow_src_last_pkt_time":1605291690373466,"flow_dst_last_pkt_time":1605291690373466,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690373466,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2985,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690373466,"flow_dst_last_pkt_time":1605291690373466,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690373466,"pkt":"qtsDr8lk5EKm5WPyht1gB68TACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6Su2UAAAAAoAL9IFr7AAACBAWgBAIIClRf7UgAAAAAAQMDBw=="}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2986,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690384370,"flow_dst_last_pkt_time":1605291690384370,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690384370,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2986,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690384370,"flow_dst_last_pkt_time":1605291690384370,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690384370,"pkt":"qtsDr8lk5EKm5WPyht1gCvtsACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC58gBu5uynDEAAAAAoAL9IAqWAAACBAWgBAIICgxmJysAAAAAAQMDBw=="}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2987,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690373466,"flow_dst_last_pkt_time":1605291690396189,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690396189,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHPls7Xl4+krtmoBJXgDq4AAACBAV4AQMDAwQCCArC10mNVF\/tSA=="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2988,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690396234,"flow_dst_last_pkt_time":1605291690396189,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690396234,"pkt":"qtsDr8lk5EKm5WPyht1gB68TACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6Su2ZbO15fgBAB+76yAAABAQgKVF\/tX8LXSY0="}
+01232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2989,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690396643,"flow_dst_last_pkt_time":1605291690396189,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690396643,"pkt":"qtsDr8lk5EKm5WPyht1gB68TAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6Su2ZbO15fgBgB+zbbAAABAQgKVF\/tX8LXSY0WAwECAAEAAfwDA64SJmrzxm107yvjOKaI1Pu1cjYSBc\/95exz0rjqcLhjILOfYHr0cqvSKZIJSl3WjM8QRUOiyuVNGA\/I6TMdHCRqACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMqKgAAAAAAGAAWAAATYWRzZXJ2aWNlLmdvb2dsZS5mcgAXAAD\/AQABAAAKAAoACLq6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApuroAAQAAHQAg3\/\/2kWIRuw+qhxFZZt2KiDOELUjK40mC0jcHETc2SkcALQACAQEAKwALCrq6AwQDAwMCAwEAGwADAgAC2toAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2989,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690373466,"flow_src_last_pkt_time":1605291690396643,"flow_dst_last_pkt_time":1605291690396189,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690396643,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adservice.google.fr","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2991,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690384370,"flow_dst_last_pkt_time":1605291690402898,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690402898,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvnyP\/5OOmbspwyoBJXgGsCAAACBAV4AQMDAwQCCArC10mUDGYnKw=="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2992,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690402927,"flow_dst_last_pkt_time":1605291690402898,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690402927,"pkt":"qtsDr8lk5EKm5WPyht1gCvtsACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC58gBu5uynDL\/+TjqgBAB++8BAAABAQgKDGYnPcLXSZQ="}
+01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2993,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690403285,"flow_dst_last_pkt_time":1605291690402898,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690403285,"pkt":"qtsDr8lk5EKm5WPyht1gCvtsAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC58gBu5uynDL\/+TjqgBgB+\/ThAAABAQgKDGYnPsLXSZQWAwECAAEAAfwDA4n27fFOQ6rPQPzYRqsTa+ksdP+rX8jQfVLwbnF3RpAXIBwq2w1JrwHlb\/2ndJG1eusXeLh3OPImRURXIKxQ06mYACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAGQAXAAAUYWRzZXJ2aWNlLmdvb2dsZS5jb20AFwAA\/wEAAQAACgAKAAhqagAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKWpqAAEAAB0AIA4zyVNHsOh16GCQNKxzMVItdEoHGWpyv6xL6OCprXNaAC0AAgEBACsACwrKygMEAwMDAgMBABsAAwIAAkpKAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2993,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690403285,"flow_dst_last_pkt_time":1605291690402898,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690403285,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adservice.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2994,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690405354,"flow_src_last_pkt_time":1605291690405354,"flow_dst_last_pkt_time":1605291690405354,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690405354,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2994,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690405354,"flow_dst_last_pkt_time":1605291690405354,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690405354,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO15YAAAAAoAL9IOjCAAACBAWgBAIICgKUPwEAAAAAAQMDBw=="}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2995,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690421002,"flow_dst_last_pkt_time":1605291690421002,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690421002,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2995,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690421002,"flow_dst_last_pkt_time":1605291690421002,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690421002,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTDYMAAAAAoAL9IIEIAAACBAWgBAIICl8E6ogAAAAAAQMDBw=="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2996,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690396643,"flow_dst_last_pkt_time":1605291690433317,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690433317,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHPls7Xl8+kr1rgBALMLNSAAABAQgKwtdJs1Rf7V8="}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2997,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690403285,"flow_dst_last_pkt_time":1605291690440083,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690440083,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvnyP\/5OOqbsp43gBALMOOjAAABAQgKwtdJtwxmJz4="}
+00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2998,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690405354,"flow_dst_last_pkt_time":1605291690440084,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690440084,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAADRffKUqAcsBIEmLB5kd7IUo3\/YpAbu2Nv\/zx++bDteXoBJXgLoLAAACBAV4AQMDAwQCCArC10m3ApQ\/AQ=="}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2999,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690440123,"flow_dst_last_pkt_time":1605291690440084,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690440123,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO15f\/88fwgBAB+z36AAABAQgKApQ\/JMLXSbc="}
+01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3000,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690440589,"flow_dst_last_pkt_time":1605291690440084,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690440589,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO15f\/88fwgBgB+yZ+AAABAQgKApQ\/JMLXSbcWAwECAAEAAfwDAzHDxH8OuokaXnmRWM2CrbjAfCHYM2BC4ANSO6awxT1HIBoNB1TgmMo5CTve1OPkdOp8A4hHU4yRFabWOk7A1qHlACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAHwAdAAAaYWF4LWV1LmFtYXpvbi1hZHN5c3RlbS5jb20AFwAA\/wEAAQAACgAKAAjKygAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKcrKAAEAAB0AIEwwmHcuEXQApsPC5EO8tn5U4uHYbi4IBrp\/HgLH72EYAC0AAgEBACsACwrq6gMEAwMDAgMBABsAAwIAAgoKAAEAABUAwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3000,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690405354,"flow_src_last_pkt_time":1605291690440589,"flow_dst_last_pkt_time":1605291690440084,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690440589,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"aax-eu.amazon-adsystem.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01260{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3001,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690373466,"flow_src_last_pkt_time":1605291690396643,"flow_dst_last_pkt_time":1605291690448852,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690448852,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adservice.google.fr","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3003,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690421002,"flow_dst_last_pkt_time":1605291690449108,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690449108,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvo6PvOtUOc0w2EoBJXgGkiAAACBAV4AQMDAwQCCArC10m3XwTqiA=="}
+01261{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3004,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690403285,"flow_dst_last_pkt_time":1605291690449109,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690449109,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adservice.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3010,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690449141,"flow_dst_last_pkt_time":1605291690449108,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690449141,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTDYT7zrVEgBAB++0WAAABAQgKXwTqpcLXSbc="}
+01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3017,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690449108,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690449801,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTDYT7zrVEgBgB+08XAAABAQgKXwTqpcLXSbcWAwECAAEAAfwDAxCE81jPge8Q+eqa2\/VX8jLyZJaHeUn1XbD4+8ZfZCrNIP1iGayHUC21LtXXhZv4JDAqZ2p5lGfiZ6mCAOAtx5YLACBKShMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAARQBDAABAOGE3NTVhM2ZlZjBiMTg5ZDhhYjViMGQxMDc1OGY2OGEuc2FmZWZyYW1lLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACOrqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwAp6uoAAQAAHQAg8Yk1cLvPAYaln8LnFtEe1h9mnh8DzZmOv04zXf8MiXgALQACAQEAKwALCmpqAwQDAwMCAwEAGwADAgACGhoAAQAAFQCcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01272{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3017,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690449108,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690449801,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3025,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690440589,"flow_dst_last_pkt_time":1605291690482348,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690482348,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAADRffKUqAcsBIEmLB5kd7IUo3\/YpAbu2Nv\/zx\/CbDtmcgBALMDKbAAABAQgKwtdJ3AKUPyQ="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3026,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690482349,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690482349,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvo6PvOtUSc0w+JgBALMOG0AAABAQgKwtdJ318E6qU="}
+01317{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3039,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690483975,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690483975,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01306{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3065,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690405354,"flow_src_last_pkt_time":1605291690440589,"flow_dst_last_pkt_time":1605291690501383,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":1605291690501383,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"aax-eu.amazon-adsystem.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01610{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3071,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1605291690405354,"flow_src_last_pkt_time":1605291690502241,"flow_dst_last_pkt_time":1605291690502750,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5440,"midstream":0,"thread_ts_usec":1605291690502750,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"aax-eu.amazon-adsystem.com","tls": {"version":"TLSv1.2","server_names":"aax-eu.amazon-adsystem.com,aax.amazon-adsystem.com,aax-cpm.amazon-adsystem.com,aax-dtb-web.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=aax-eu.amazon-adsystem.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"5D:18:8E:CB:B7:91:5C:79:26:B5:08:49:FF:2C:24:D8:06:54:91:8B"}}}
+02154{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3079,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690495032,"flow_dst_last_pkt_time":1605291690511816,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1020,"flow_dst_tot_l4_payload_len":5622,"midstream":0,"thread_ts_usec":1605291690511816,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":7680.9,"max":45875,"stddev":12464.9,"var":155373568.0,"ent":3.4,"data": [18528,18557,358,37185,9026,1,2,1,45875,10,14,14,8672,419,266,33620,1,89,1151,1,25433,25,482,7313,1,1,6808,24,7,3698,20526]},"pktlen": {"min":72,"avg":280.1,"max":1280,"stddev":371.7,"var":138197.8,"ent":4.1,"data": [80,80,72,589,72,1280,1280,1280,273,72,72,72,72,136,164,349,72,72,72,652,103,72,72,103,775,516,111,72,72,72,111,72]},"bins": {"c_to_s": [12,1,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0,0,0,0,1],"entropies": [4.830388546,5.286173820,5.175123215,4.582562923,5.135614395,7.820514202,7.848834991,7.840905190,7.029392242,5.204868793,5.232646465,5.232646465,5.232646465,6.256432056,6.550828457,7.277585983,5.097352028,5.107836723,5.107836723,7.629249096,5.686814308,5.260424137,5.260424137,5.854413509,7.698106289,7.556940079,5.871694088,5.222162247,5.166606903,5.166606903,5.962721825,5.004921436]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02176{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3098,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690527565,"flow_dst_last_pkt_time":1605291690527527,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1054,"flow_dst_tot_l4_payload_len":6986,"midstream":0,"thread_ts_usec":1605291690527565,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":6873.8,"max":34221,"stddev":11275.4,"var":127133528.0,"ent":3.4,"data": [28106,28139,660,33241,1626,34221,71,30,636,643,4625,213,224,27018,3512,25468,241,4283,1409,5453,77,6348,1,0,6424,34,8,196,1,158,22]},"pktlen": {"min":72,"avg":323.8,"max":1280,"stddev":408.2,"var":166632.7,"ent":4.1,"data": [80,80,72,589,72,1280,72,1280,72,534,72,136,164,422,72,652,72,103,72,103,72,72,482,1280,1280,72,72,72,704,111,72,72]},"bins": {"c_to_s": [13,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,0,1,1,0,1,1,1,1,0,0,0,1,1,0,0],"entropies": [4.750831604,5.256616592,5.147345066,5.037306786,5.025890827,7.794999599,5.175122738,7.849133015,5.175122738,7.594861984,5.147345066,6.103534698,6.601645947,7.415776730,5.023922443,7.687021732,5.175123215,5.854413509,4.959850788,5.758662224,5.147345066,5.053668499,7.493776798,7.824415684,7.830970287,5.175122738,5.175122738,5.147345066,7.700448990,5.878117561,5.175122738,5.175122738]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3184,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690926655,"flow_src_last_pkt_time":1605291690926655,"flow_dst_last_pkt_time":1605291690926655,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690926655,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3184,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690926655,"flow_dst_last_pkt_time":1605291690926655,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690926655,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX0dQAAAAAoAL9IKwyAAACBAWgBAIIChrDFp8AAAAAAQMDBw=="}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3185,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690926734,"flow_src_last_pkt_time":1605291690926734,"flow_dst_last_pkt_time":1605291690926734,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690926734,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3185,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690926734,"flow_dst_last_pkt_time":1605291690926734,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690926734,"pkt":"qtsDr8lk5EKm5WPyht1gDtx5ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttgBu8JSReQAAAAAoAL9IG1mAAACBAWgBAIIChrDFp8AAAAAAQMDBw=="}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3186,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690926769,"flow_src_last_pkt_time":1605291690926769,"flow_dst_last_pkt_time":1605291690926769,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690926769,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3186,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690926769,"flow_dst_last_pkt_time":1605291690926769,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690926769,"pkt":"qtsDr8lk5EKm5WPyht1gDhnPACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttoBu0y3s24AAAAAoAL9IHV1AAACBAWgBAIIChrDFp8AAAAAAQMDBw=="}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3187,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690926802,"flow_src_last_pkt_time":1605291690926802,"flow_dst_last_pkt_time":1605291690926802,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690926802,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3187,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690926802,"flow_dst_last_pkt_time":1605291690926802,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690926802,"pkt":"qtsDr8lk5EKm5WPyht1gAc2lACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttwBu9DGzOkAAAAAoAL9INfoAAACBAWgBAIIChrDFp8AAAAAAQMDBw=="}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3188,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690926830,"flow_src_last_pkt_time":1605291690926830,"flow_dst_last_pkt_time":1605291690926830,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690926830,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3188,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690926830,"flow_dst_last_pkt_time":1605291690926830,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690926830,"pkt":"qtsDr8lk5EKm5WPyht1gClWEACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABtt4BuzO7JFQAAAAAoAL9IB2IAAACBAWgBAIIChrDFp8AAAAAAQMDBw=="}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3189,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690926867,"flow_src_last_pkt_time":1605291690926867,"flow_dst_last_pkt_time":1605291690926867,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690926867,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3189,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690926867,"flow_dst_last_pkt_time":1605291690926867,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690926867,"pkt":"qtsDr8lk5EKm5WPyht1gBhSQACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAKlRYBu2QKygYAAAAAoAL9IOOcAAACBAWgBAIICqpUDK0AAAAAAQMDBw=="}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3190,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690926912,"flow_src_last_pkt_time":1605291690926912,"flow_dst_last_pkt_time":1605291690926912,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690926912,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3190,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690926912,"flow_dst_last_pkt_time":1605291690926912,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690926912,"pkt":"qtsDr8lk5EKm5WPyht1gBnVWACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGQBuyvivtsAAAAAoAL9IO7kAAACBAWgBAIICriVOzQAAAAAAQMDBw=="}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3191,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690926944,"flow_src_last_pkt_time":1605291690926944,"flow_dst_last_pkt_time":1605291690926944,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690926944,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3191,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690926944,"flow_dst_last_pkt_time":1605291690926944,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690926944,"pkt":"qtsDr8lk5EKm5WPyht1gDhWZACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGYBu2Ns154AAAAAoAL9IJ6VAAACBAWgBAIICriVOzQAAAAAAQMDBw=="}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3192,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690926978,"flow_src_last_pkt_time":1605291690926978,"flow_dst_last_pkt_time":1605291690926978,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690926978,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3192,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690926978,"flow_dst_last_pkt_time":1605291690926978,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690926978,"pkt":"qtsDr8lk5EKm5WPyht1gB5miACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGgBu54QLUEAAAAAoAL9IA5NAAACBAWgBAIICriVOzQAAAAAAQMDBw=="}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3193,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690926998,"flow_src_last_pkt_time":1605291690926998,"flow_dst_last_pkt_time":1605291690926998,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690926998,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3193,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690926998,"flow_dst_last_pkt_time":1605291690926998,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690926998,"pkt":"qtsDr8lk5EKm5WPyht1gCQMiACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGoBuxhoCyUAAAAAoAL9ILYPAAACBAWgBAIICriVOzQAAAAAAQMDBw=="}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3198,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926655,"flow_dst_last_pkt_time":1605291690952219,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690952219,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu21pGefV\/3l9HVoBJXgDRiAAACBAV4AQMDAwQCCArC10u2GsMWnw=="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3199,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690952238,"flow_dst_last_pkt_time":1605291690952219,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690952238,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX0dWRnn1ggBAB+7hZAAABAQgKGsMWucLXS7Y="}
+01227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3203,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690953297,"flow_dst_last_pkt_time":1605291690952219,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690953297,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX0dWRnn1ggBgB+1vDAAABAQgKGsMWusLXS7YWAwECAAEAAfwDA96WEVYjbITPXvxDhOji6nCQdC0KhgTdN6+o+9OqeXt9IDI6n9jVTXE+7b4jG8xDV1LuLRTUARgCyh8fXh42V1VjACD6+hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMqKgAAAAAAFwAVAAASY2RuLmFtcHByb2plY3Qub3JnABcAAP8BAAEAAAoACgAISkoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClKSgABAAAdACC0+5SyJ2jt8tT3w+Is8x7czlNEdFH4IL1ppCYO49RWZwAtAAIBAQArAAsKamoDBAMDAwIDAQAbAAMCAAKKigABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3203,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926655,"flow_src_last_pkt_time":1605291690953297,"flow_dst_last_pkt_time":1605291690952219,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690953297,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3205,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926734,"flow_dst_last_pkt_time":1605291690954541,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690954541,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22KVwltPCUkXloBJXgMhIAAACBAV4AQMDAwQCCArC10u9GsMWnw=="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3206,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690954562,"flow_dst_last_pkt_time":1605291690954541,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690954562,"pkt":"qtsDr8lk5EKm5WPyht1gDtx5ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttgBu8JSReWlcJbUgBAB+0w+AAABAQgKGsMWu8LXS70="}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3207,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926769,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690954643,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22it1t9ZMt7NvoBJXgClQAAACBAV4AQMDAwQCCArC10u9GsMWnw=="}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3208,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926802,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690954643,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23LTmo6vQxszqoBJXgBZ9AAACBAV4AQMDAwQCCArC10u9GsMWnw=="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3209,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690954649,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690954649,"pkt":"qtsDr8lk5EKm5WPyht1gDhnPACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttoBu0y3s28rdbfXgBAB+61FAAABAQgKGsMWu8LXS70="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3210,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690954655,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690954655,"pkt":"qtsDr8lk5EKm5WPyht1gAc2lACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttwBu9DGzOq05qOsgBAB+5pyAAABAQgKGsMWu8LXS70="}
+01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3211,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690954747,"flow_dst_last_pkt_time":1605291690954541,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690954747,"pkt":"qtsDr8lk5EKm5WPyht1gDtx5AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttgBu8JSReWlcJbUgBgB+8dGAAABAQgKGsMWu8LXS70WAwECAAEAAfwDA3+7YXN8uULghjn9Yx4k2QYB36376hmbrRggZ0eXr\/9+IP2iD+DA1k36xX9GOoNszd6eNYaj3dekN9x\/XE8bE1dIACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAFwAVAAASY2RuLmFtcHByb2plY3Qub3JnABcAAP8BAAEAAAoACgAIOjoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACk6OgABAAAdACBER8lo38zcpkmaCPLiXoa6+JDbprOR\/VESBxZzwiOrBgAtAAIBAQArAAsKamoDBAMDAwIDAQAbAAMCAAJaWgABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3211,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926734,"flow_src_last_pkt_time":1605291690954747,"flow_dst_last_pkt_time":1605291690954541,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690954747,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3212,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690954937,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690954937,"pkt":"qtsDr8lk5EKm5WPyht1gDhnPAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttoBu0y3s28rdbfXgBgB+yg+AAABAQgKGsMWu8LXS70WAwECAAEAAfwDAwV9PSLZiieFTsrwb5ePEiAq+zIrQhR0EBkPYuTZcw2xIK9+Ya8AvxlseoGAhp8z2wcy4GRd\/2tgmLnTQoGAr7lmACD6+hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAFwAVAAASY2RuLmFtcHByb2plY3Qub3JnABcAAP8BAAEAAAoACgAIqqoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmqqgABAAAdACCDMYORaya1YaUyb39J38cNu+oTtZdlNYXEhdiyzjyDBAAtAAIBAQArAAsKysoDBAMDAwIDAQAbAAMCAALKygABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3212,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926769,"flow_src_last_pkt_time":1605291690954937,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690954937,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3213,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690955129,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690955129,"pkt":"qtsDr8lk5EKm5WPyht1gAc2lAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttwBu9DGzOq05qOsgBgB+8QTAAABAQgKGsMWvMLXS70WAwECAAEAAfwDA9NQXnr9EPQV5HU7sHg21zD\/k9mVMQCLGTscCRIJvvLdIGZv95UrdgGMWa\/TkNOulH2VrZ4BEKc4CasnxiGwlqMaACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZO6ugAAAAAAFwAVAAASY2RuLmFtcHByb2plY3Qub3JnABcAAP8BAAEAAAoACgAIamoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClqagABAAAdACBaC+dtrwuc9yhJo5wqXEwHFEsHVbwYnP6Z3gN8xzV+DwAtAAIBAQArAAsKKioDBAMDAwIDAQAbAAMCAAJqagABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3213,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926802,"flow_src_last_pkt_time":1605291690955129,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690955129,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3214,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926830,"flow_dst_last_pkt_time":1605291690955375,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690955375,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23lfa6eczuyRVoBJXgHLsAAACBAV4AQMDAwQCCArC10u9GsMWnw=="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3215,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690955404,"flow_dst_last_pkt_time":1605291690955375,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690955404,"pkt":"qtsDr8lk5EKm5WPyht1gClWEACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABtt4BuzO7JFVX2unogBAB+\/bgAAABAQgKGsMWvMLXS70="}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3216,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926867,"flow_dst_last_pkt_time":1605291690955522,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690955522,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgRAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuVFgHH2llkCsoHoBJXgJ6iAAACBAV4AQMDAwQCCArC10u9qlQMrQ=="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3217,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690955530,"flow_dst_last_pkt_time":1605291690955522,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690955530,"pkt":"qtsDr8lk5EKm5WPyht1gBhSQACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAKlRYBu2QKygcBx9pagBAB+yKXAAABAQgKqlQMysLXS70="}
+01226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3218,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690955637,"flow_dst_last_pkt_time":1605291690955375,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690955637,"pkt":"qtsDr8lk5EKm5WPyht1gClWEAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABtt4BuzO7JFVX2unogBgB+4TBAAABAQgKGsMWvMLXS70WAwECAAEAAfwDAyJmBycAvyCH8SnNB2CBC3yfxoIM+Ymce0POg8ZwpXtBIH9PfR9yCxA5tGPPT4cExrc3Qkmd4YTExNykGp6bEZH3ACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAFwAVAAASY2RuLmFtcHByb2plY3Qub3JnABcAAP8BAAEAAAoACgAIqqoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmqqgABAAAdACA6eb9HkRnUV512a5EvGRTLrw7IdAlKbphWjXQpKHePSAAtAAIBAQArAAsK2toDBAMDAwIDAQAbAAMCAAKqqgABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3218,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926830,"flow_src_last_pkt_time":1605291690955637,"flow_dst_last_pkt_time":1605291690955375,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690955637,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3219,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690955751,"flow_dst_last_pkt_time":1605291690955522,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690955751,"pkt":"qtsDr8lk5EKm5WPyht1gBhSQAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAKlRYBu2QKygcBx9pagBgB+7ghAAABAQgKqlQMysLXS70WAwECAAEAAfwDA0MhDCfgcZQW\/qt2QzKimm0T\/Isca8JmVqeJQDbrvBrqINQ4uQD4cMulecpeDh4RGq5zfSr3G28+STtUMIilUyfGACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNaWgAAAAAAGQAXAAAUZm9udHMuZ29vZ2xlYXBpcy5jb20AFwAA\/wEAAQAACgAKAAiqqgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKaqqAAEAAB0AIKLIRrB\/9d\/081INPFyx1jcz47jhpMuBOz2amAM9LokCAC0AAgEBACsACwqKigMEAwMDAgMBABsAAwIAAsrKAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3219,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926867,"flow_src_last_pkt_time":1605291690955751,"flow_dst_last_pkt_time":1605291690955522,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690955751,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.googleapis.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3220,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926912,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690956447,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZEy\/C8or4r7coBJXgC2BAAACBAV4AQMDAwQCCArC10u+uJU7NA=="}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3221,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926944,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690956447,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZgWfUkJjbNefoBJXgN3ZAAACBAV4AQMDAwQCCArC10u+uJU7NA=="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3222,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690956458,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690956458,"pkt":"qtsDr8lk5EKm5WPyht1gBnVWACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGQBuyvivtxMvwvLgBAB+7F0AAABAQgKuJU7UsLXS74="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3223,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690956464,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690956464,"pkt":"qtsDr8lk5EKm5WPyht1gDhWZACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGYBu2Ns158Fn1JDgBAB+2HNAAABAQgKuJU7UsLXS74="}
+01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3224,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690956563,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690956563,"pkt":"qtsDr8lk5EKm5WPyht1gBnVWAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGQBuyvivtxMvwvLgBgB+weLAAABAQgKuJU7UsLXS74WAwECAAEAAfwDA\/KqVcb+jqsuy+pc9KilYVgZAEzQ86cjwq67GKq7nQtaIOrgXduV1ht3HJ4NSaQ01nhk1SGFsiLuJ4S0a7eBU0YJACCKihMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMqKgAAAAAAHgAcAAAZdHBjLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACAoKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApCgoAAQAAHQAgQy2WiyCHDU6V4a0QbWLV7\/15JREGysw3jo2qrGJjK34ALQACAQEAKwALCqqqAwQDAwMCAwEAGwADAgACCgoAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3224,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926912,"flow_src_last_pkt_time":1605291690956563,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690956563,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3225,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690956668,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690956668,"pkt":"qtsDr8lk5EKm5WPyht1gDhWZAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGYBu2Ns158Fn1JDgBgB+7CTAAABAQgKuJU7UsLXS74WAwECAAEAAfwDA4K6LYgb9peQAaC+yGKSfQ44ncZ84XdNSq8PqNFo+UyoIJHCilmb8BVAxV8SeOqltgKl5o0ytImnEj4UpvBg7WThACC6uhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAHgAcAAAZdHBjLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACLq6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApuroAAQAAHQAgMcGXgSTPtAvtHwaBrppAs1ogUhPlYdie8\/zN2rMve0cALQACAQEAKwALCkpKAwQDAwMCAwEAGwADAgACiooAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3225,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926944,"flow_src_last_pkt_time":1605291690956668,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690956668,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3226,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926998,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690957467,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQan0Owi4YaAsmoBJXgA33AAACBAV4AQMDAwQCCArC10u\/uJU7NA=="}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3227,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926978,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690957467,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQaPhCx3meEC1CoBJXgOW1AAACBAV4AQMDAwQCCArC10u+uJU7NA=="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3228,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690957477,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690957477,"pkt":"qtsDr8lk5EKm5WPyht1gCQMiACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGoBuxhoCyZ9DsIvgBAB+5HpAAABAQgKuJU7U8LXS78="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3229,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690957484,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690957484,"pkt":"qtsDr8lk5EKm5WPyht1gB5miACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGgBu54QLUL4Qsd6gBAB+2moAAABAQgKuJU7U8LXS74="}
+01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3230,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690957577,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690957577,"pkt":"qtsDr8lk5EKm5WPyht1gCQMiAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGoBuxhoCyZ9DsIvgBgB+\/1RAAABAQgKuJU7U8LXS78WAwECAAEAAfwDA65NQ9z+8vgCXkINXWcIT6WxgXSerIkD30OtzZ9Uf8RRIDWtk7CyEcZiHB5uWIXfY5Croj84Q3kSS9jhYTHY4t\/XACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAHgAcAAAZdHBjLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACGpqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApamoAAQAAHQAgAZPl\/EpHfkyE8GocRMfQRm6hqCG5SYQknfR1D0l4PTwALQACAQEAKwALCsrKAwQDAwMCAwEAGwADAgACKioAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3230,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926998,"flow_src_last_pkt_time":1605291690957577,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690957577,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3231,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690957682,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690957682,"pkt":"qtsDr8lk5EKm5WPyht1gB5miAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGgBu54QLUL4Qsd6gBgB+673AAABAQgKuJU7U8LXS74WAwECAAEAAfwDA+YyRlzceVtjHpKgho8tByOApAEJPG4M0zvRjAEsHgJBIF8\/qPM2GhQmlTMTYTjE9hyVNZH92oU6Aa5vM+YWAZkYACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMKCgAAAAAAHgAcAAAZdHBjLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACKqqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApqqoAAQAAHQAgklNVX2zbnVcJGiMo7ZekGZnIRwL3wUnQ0+pmG+dpG2cALQACAQEAKwALCsrKAwQDAwMCAwEAGwADAgACmpoAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3231,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926978,"flow_src_last_pkt_time":1605291690957682,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690957682,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3234,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690953297,"flow_dst_last_pkt_time":1605291690983708,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690983708,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu21pGefWD3l9PagBALMKz6AAABAQgKwtdL2hrDFro="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3247,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690954747,"flow_dst_last_pkt_time":1605291690987243,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690987243,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22KVwltTCUkfqgBALMEDkAAABAQgKwtdL3RrDFrs="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3248,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690954937,"flow_dst_last_pkt_time":1605291690989609,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690989609,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22it1t9dMt7V0gBALMKHqAAABAQgKwtdL3hrDFrs="}
+01259{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3249,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926655,"flow_src_last_pkt_time":1605291690953297,"flow_dst_last_pkt_time":1605291690990862,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690990862,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3260,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690955129,"flow_dst_last_pkt_time":1605291690991527,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690991527,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23LTmo6zQxs7vgBALMI8TAAABAQgKwtdL4RrDFrw="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3261,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690955637,"flow_dst_last_pkt_time":1605291690992341,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690992341,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23lfa6egzuyZagBALMOuCAAABAQgKwtdL4RrDFrw="}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3262,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690992851,"flow_src_last_pkt_time":1605291690992851,"flow_dst_last_pkt_time":1605291690992851,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690992851,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3262,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690992851,"flow_dst_last_pkt_time":1605291690992851,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690992851,"pkt":"qtsDr8lk5EKm5WPyht1gDPazACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGwBu4uuzGcAAAAAoAL9IIFCAAACBAWgBAIICriVO3YAAAAAAQMDBw=="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3263,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690955751,"flow_dst_last_pkt_time":1605291690993446,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690993446,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgRAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuVFgHH2lpkCswMgBALMBc4AAABAQgKwtdL4qpUDMo="}
+01259{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3264,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926734,"flow_src_last_pkt_time":1605291690954747,"flow_dst_last_pkt_time":1605291690994995,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690994995,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01259{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3278,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926769,"flow_src_last_pkt_time":1605291690954937,"flow_dst_last_pkt_time":1605291690996121,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690996121,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3291,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690956563,"flow_dst_last_pkt_time":1605291690996246,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690996246,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZEy\/C8sr4sDhgBALMKYUAAABAQgKwtdL5LiVO1I="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3293,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690956668,"flow_dst_last_pkt_time":1605291690996826,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690996826,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZgWfUkNjbNmkgBALMFZsAAABAQgKwtdL5biVO1I="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3295,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690957682,"flow_dst_last_pkt_time":1605291690998160,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690998160,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQaPhCx3qeEC9HgBALMF5GAAABAQgKwtdL5riVO1M="}
+01259{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3296,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926802,"flow_src_last_pkt_time":1605291690955129,"flow_dst_last_pkt_time":1605291690998161,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690998161,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3297,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690957577,"flow_dst_last_pkt_time":1605291690998162,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690998162,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQan0Owi8YaA0rgBALMIaIAAABAQgKwtdL5riVO1M="}
+01259{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3311,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926830,"flow_src_last_pkt_time":1605291690955637,"flow_dst_last_pkt_time":1605291690999060,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690999060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01269{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3322,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926867,"flow_src_last_pkt_time":1605291690955751,"flow_dst_last_pkt_time":1605291690999503,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690999503,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.googleapis.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3332,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926912,"flow_src_last_pkt_time":1605291690956563,"flow_dst_last_pkt_time":1605291691002443,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291691002443,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3339,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926944,"flow_src_last_pkt_time":1605291690956668,"flow_dst_last_pkt_time":1605291691003085,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291691003085,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3341,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926998,"flow_src_last_pkt_time":1605291690957577,"flow_dst_last_pkt_time":1605291691003087,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291691003087,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3351,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926978,"flow_src_last_pkt_time":1605291690957682,"flow_dst_last_pkt_time":1605291691004686,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291691004686,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3380,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690992851,"flow_dst_last_pkt_time":1605291691029572,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291691029572,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQbO1037mLrsxooBJXgErvAAACBAV4AQMDAwQCCArC10wIuJU7dg=="}
+00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3381,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_src_last_pkt_time":1605291691029601,"flow_dst_last_pkt_time":1605291691029572,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"thread_ts_usec":1605291691029601,"pkt":"qtsDr8lk5EKm5WPyht1gBfK\/ABQGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGwBu4uuzGgAAAAAUAQAANo6AAA="}
+02162{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3406,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605291690926655,"flow_src_last_pkt_time":1605291691043702,"flow_dst_last_pkt_time":1605291691043566,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1291,"flow_dst_tot_l4_payload_len":11382,"midstream":0,"thread_ts_usec":1605291691043702,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7547.0,"max":42183,"stddev":12243.2,"var":149896752.0,"ent":3.3,"data": [25564,25583,1059,31489,7154,1,37586,36,127,1,1,0,1,87,28,7124,13598,568,199,42183,2,20688,340,10112,7,263,1,3,2,10101,50]},"pktlen": {"min":72,"avg":468.5,"max":1280,"stddev":513.4,"var":263601.8,"ent":4.2,"data": [80,80,72,589,72,1280,1280,72,72,1280,1280,1280,1280,220,72,72,136,164,342,389,72,652,72,103,72,72,72,1062,1280,1280,72,72]},"bins": {"c_to_s": [10,0,2,0,0,0,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,1,1,1,0,0,0,0,0,0,1,1,0,0,1,1,1,1,1,1,0,0],"entropies": [4.825832367,5.281616688,5.136860847,4.553145885,5.043183804,7.811286926,7.839466095,5.164638519,5.164638519,7.864381790,7.859279633,7.843964577,7.841698170,6.810353279,5.109083176,5.136860847,6.135817528,6.436379910,7.296087742,7.276475906,5.025890350,7.637989998,5.136860847,5.737908840,5.098739147,5.043183804,5.070961475,7.799327850,7.850948334,7.827920914,5.136860847,5.136860847]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02175{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3490,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291690926912,"flow_src_last_pkt_time":1605291691067608,"flow_dst_last_pkt_time":1605291691069122,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":6622,"midstream":0,"thread_ts_usec":1605291691069122,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9126.0,"max":45897,"stddev":14144.4,"var":200064000.0,"ent":3.4,"data": [29535,29546,105,39799,6197,1,1,45897,20,10,16645,7440,877,217,45409,188,20393,461,14689,1873,1,1,16098,2949,2,0,2950,29,8,1564,1]},"pktlen": {"min":72,"avg":320.9,"max":1280,"stddev":398.4,"var":158685.9,"ent":4.1,"data": [80,80,72,589,72,1280,1280,311,72,72,72,136,164,391,375,72,652,72,103,72,103,72,72,72,551,398,207,72,72,72,1280,1280]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,1,0,0,1,0,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,1,1,1,1,0,1,1,1,0,0,0,1,1],"entropies": [4.860268116,5.316052437,5.175122738,4.626070023,5.053668499,7.798489094,7.858765125,7.213901043,5.175122738,5.175122738,5.136860371,6.074123383,6.494878292,7.385508060,7.250154495,4.998777390,7.691906452,5.175122738,5.820339203,5.053668022,5.765991211,5.015406132,5.015406132,5.147345066,7.610651970,7.403194427,6.718353748,5.175122738,5.175122738,5.114727020,7.829133987,7.837005138]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
+02173{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3534,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291690926867,"flow_src_last_pkt_time":1605291691075065,"flow_dst_last_pkt_time":1605291691075150,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":987,"flow_dst_tot_l4_payload_len":5335,"midstream":0,"thread_ts_usec":1605291691075150,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9563.9,"max":43801,"stddev":13475.5,"var":181588928.0,"ent":3.6,"data": [28655,28663,221,37924,6057,43801,75,33,588,595,16415,9761,878,43789,3898,20653,579,14876,1700,0,16044,10542,2,1,1,10492,40,13,10,172,3]},"pktlen": {"min":72,"avg":270.1,"max":1280,"stddev":336.6,"var":113301.5,"ent":4.2,"data": [80,80,72,589,72,1280,72,1280,72,572,72,136,164,355,72,652,72,103,72,103,72,72,531,897,272,357,72,72,72,72,111,72]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,0,0,0,0,1,0,1,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,0,1,1,1,0,1,1,1,1,0,0,0,0,1,1],"entropies": [4.786516666,5.247180939,5.070820332,4.566688538,5.043183804,7.807061672,5.053527355,7.847422123,5.025749683,7.577804089,5.043042660,6.031175137,6.392292976,7.341467381,4.977143764,7.597589493,5.081305027,5.788832188,5.004921436,5.547259808,5.015406132,5.081305027,7.471312523,7.741707325,7.060866833,7.323482037,5.109082699,5.109082699,5.064012051,5.053527355,5.763209343,5.043183804]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3842,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291696948991,"flow_src_last_pkt_time":1605291696948991,"flow_dst_last_pkt_time":1605291696948991,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291696948991,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3842,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1605291696948991,"flow_dst_last_pkt_time":1605291696948991,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291696948991,"pkt":"qtsDr8lk5EKm5WPyht1gDNdJACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA006zst54Bu3jHKBQAAAAAoAL9IL45AAACBAWgBAIIClIhuaMAAAAAAQMDBw=="}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3843,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_src_last_pkt_time":1605291696948991,"flow_dst_last_pkt_time":1605291696965238,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291696965238,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAADTTrOwqAcsBIEmLB5kd7IUo3\/YpAbu3nh9OKxV4xygVoBJXgPOCAAACBAV4AQMDAwQCCArC12M3UiG5ow=="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3844,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_src_last_pkt_time":1605291696965302,"flow_dst_last_pkt_time":1605291696965238,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291696965302,"pkt":"qtsDr8lk5EKm5WPyht1gDNdJACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA006zst54Bu3jHKBUfTisWgBAB+3eDAAABAQgKUiG5tMLXYzc="}
+01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3845,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":4,"flow_src_last_pkt_time":1605291696965939,"flow_dst_last_pkt_time":1605291696965238,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291696965939,"pkt":"qtsDr8lk5EKm5WPyht1gDNdJAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA006zst54Bu3jHKBUfTisWgBgB+wO1AAABAQgKUiG5tMLXYzcWAwECAAEAAfwDAwHqoerYjfOaFlsdXktRRD3igdgx3qxQ0CcSKew4vtFlIIbnh\/g\/aalJEnrSSRBrTzEV6+fgBkXEzuoX27iz\/grEACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOKigAAAAAAGAAWAAATZDkuZmxhc2h0YWxraW5nLmNvbQAXAAD\/AQABAAAKAAoACMrKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApysoAAQAAHQAgPbO2qWewDD8TkBGwdmJPtUCWKvxNvYBt\/Ur80maJ31sALQACAQEAKwALCgoKAwQDAwMCAwEAGwADAgACWloAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3845,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291696948991,"flow_src_last_pkt_time":1605291696965939,"flow_dst_last_pkt_time":1605291696965238,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291696965939,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"d9.flashtalking.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3846,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":5,"flow_src_last_pkt_time":1605291696965939,"flow_dst_last_pkt_time":1605291697012854,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291697012854,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAADTTrOwqAcsBIEmLB5kd7IUo3\/YpAbu3nh9OKxZ4xyoagBALMGwaAAABAQgKwtdjZlIhubQ="}
+01252{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3849,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291696948991,"flow_src_last_pkt_time":1605291696965939,"flow_dst_last_pkt_time":1605291697033621,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291697033621,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"d9.flashtalking.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01665{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3855,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1605291696948991,"flow_src_last_pkt_time":1605291697033689,"flow_dst_last_pkt_time":1605291697034463,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5484,"midstream":0,"thread_ts_usec":1605291697034463,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"d9.flashtalking.com","tls": {"version":"TLSv1.2","server_names":"tag.device9.com,www.tag.device9.com,fp.zenaps.com,the.sciencebehindecommerce.com,d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=tag.device9.com","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"8B:5C:A4:62:70:92:3A:09:C3:72:49:B2:A2:22:32:16:22:87:9D:F3"}}}
+00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":19,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688896703,"flow_dst_last_pkt_time":1605291688963146,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1029,"flow_dst_tot_l4_payload_len":9937,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690495032,"flow_dst_last_pkt_time":1605291690520906,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1020,"flow_dst_tot_l4_payload_len":5622,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":346,"flow_dst_packets_processed":436,"flow_first_seen":1605291687514756,"flow_src_last_pkt_time":1605291688963112,"flow_dst_last_pkt_time":1605291688963101,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6288,"flow_src_tot_l4_payload_len":2635,"flow_dst_tot_l4_payload_len":593653,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
+01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":53,"flow_first_seen":1605291690926912,"flow_src_last_pkt_time":1605291691251514,"flow_dst_last_pkt_time":1605291691284111,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2470,"flow_src_tot_l4_payload_len":1613,"flow_dst_tot_l4_payload_len":35472,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
+00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1605291690926944,"flow_src_last_pkt_time":1605291691053408,"flow_dst_last_pkt_time":1605291691053353,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":3236,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1605291690926978,"flow_src_last_pkt_time":1605291691064462,"flow_dst_last_pkt_time":1605291691064427,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":3234,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1605291690926998,"flow_src_last_pkt_time":1605291691062791,"flow_dst_last_pkt_time":1605291691062731,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":3235,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00939{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1605291690992851,"flow_src_last_pkt_time":1605291691029601,"flow_dst_last_pkt_time":1605291691029572,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1605291690992851,"flow_src_last_pkt_time":1605291691029601,"flow_dst_last_pkt_time":1605291691029572,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1605291687934638,"flow_src_last_pkt_time":1605291688340797,"flow_dst_last_pkt_time":1605291688340782,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":534,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":2175,"flow_dst_tot_l4_payload_len":4448,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":404,"flow_dst_packets_processed":443,"flow_first_seen":1605291684452132,"flow_src_last_pkt_time":1605291698703492,"flow_dst_last_pkt_time":1605291698703481,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":6245,"flow_src_tot_l4_payload_len":148669,"flow_dst_tot_l4_payload_len":333351,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
+01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":71,"flow_first_seen":1605291688843899,"flow_src_last_pkt_time":1605291691196841,"flow_dst_last_pkt_time":1605291691232930,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":1372,"flow_dst_tot_l4_payload_len":67858,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1605291684481568,"flow_src_last_pkt_time":1605291684654534,"flow_dst_last_pkt_time":1605291684654507,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":3917,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1605291688843948,"flow_src_last_pkt_time":1605291689005940,"flow_dst_last_pkt_time":1605291689005898,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1605291686035717,"flow_src_last_pkt_time":1605291686148850,"flow_dst_last_pkt_time":1605291686148836,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3664,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1605291686035769,"flow_src_last_pkt_time":1605291686109497,"flow_dst_last_pkt_time":1605291686106051,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":998,"flow_dst_tot_l4_payload_len":3664,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1605291686035788,"flow_src_last_pkt_time":1605291686148842,"flow_dst_last_pkt_time":1605291686148836,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3664,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1605291686035808,"flow_src_last_pkt_time":1605291686148854,"flow_dst_last_pkt_time":1605291686148837,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3664,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1605291686035833,"flow_src_last_pkt_time":1605291686149793,"flow_dst_last_pkt_time":1605291686149788,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3664,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1605291686035852,"flow_src_last_pkt_time":1605291686156766,"flow_dst_last_pkt_time":1605291686156758,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3664,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1605291686060608,"flow_src_last_pkt_time":1605291686196906,"flow_dst_last_pkt_time":1605291686196891,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":3963,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1605291686060634,"flow_src_last_pkt_time":1605291686196376,"flow_dst_last_pkt_time":1605291686196374,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":3963,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":57,"flow_dst_packets_processed":76,"flow_first_seen":1605291686060652,"flow_src_last_pkt_time":1605291697854613,"flow_dst_last_pkt_time":1605291697854587,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":10480,"flow_src_tot_l4_payload_len":2437,"flow_dst_tot_l4_payload_len":96578,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
+00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1605291686060669,"flow_src_last_pkt_time":1605291686196363,"flow_dst_last_pkt_time":1605291686196301,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3674,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":6,"flow_first_seen":1605291686064532,"flow_src_last_pkt_time":1605291686146527,"flow_dst_last_pkt_time":1605291686142640,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1525,"flow_dst_tot_l4_payload_len":3648,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1605291686064563,"flow_src_last_pkt_time":1605291686203978,"flow_dst_last_pkt_time":1605291686203957,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":3937,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1605291686064586,"flow_src_last_pkt_time":1605291686203774,"flow_dst_last_pkt_time":1605291686203769,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3648,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1605291686064604,"flow_src_last_pkt_time":1605291686203778,"flow_dst_last_pkt_time":1605291686203769,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3648,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1605291686084924,"flow_src_last_pkt_time":1605291686232927,"flow_dst_last_pkt_time":1605291686232866,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":3963,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":18,"flow_first_seen":1605291686084954,"flow_src_last_pkt_time":1605291686248308,"flow_dst_last_pkt_time":1605291686283135,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1145,"flow_dst_tot_l4_payload_len":8775,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
+01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690530149,"flow_dst_last_pkt_time":1605291690571265,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1093,"flow_dst_tot_l4_payload_len":6986,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
+00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":56,"flow_dst_packets_processed":56,"flow_first_seen":1605291686301196,"flow_src_last_pkt_time":1605291696305230,"flow_dst_last_pkt_time":1605291696305202,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1755,"flow_dst_tot_l4_payload_len":39171,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
+00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":22,"flow_first_seen":1605291689408040,"flow_src_last_pkt_time":1605291689979594,"flow_dst_last_pkt_time":1605291689979542,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1710,"flow_dst_tot_l4_payload_len":6627,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
+00818{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1605291688344280,"flow_src_last_pkt_time":1605291688470730,"flow_dst_last_pkt_time":1605291688502649,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":951,"flow_dst_tot_l4_payload_len":6261,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":56,"flow_dst_packets_processed":62,"flow_first_seen":1605291686996891,"flow_src_last_pkt_time":1605291688354639,"flow_dst_last_pkt_time":1605291688354627,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":579,"flow_dst_max_l4_payload_len":5552,"flow_src_tot_l4_payload_len":1679,"flow_dst_tot_l4_payload_len":92457,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":22,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291692129663,"flow_dst_last_pkt_time":1605291692129653,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":768,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":3044,"flow_dst_tot_l4_payload_len":5392,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
+00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1605291690405354,"flow_src_last_pkt_time":1605291690626396,"flow_dst_last_pkt_time":1605291690626372,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":676,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":1989,"flow_dst_tot_l4_payload_len":7324,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1605291688611238,"flow_src_last_pkt_time":1605291688858846,"flow_dst_last_pkt_time":1605291688835279,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":523,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1624,"flow_dst_tot_l4_payload_len":5971,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
+01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":36,"flow_first_seen":1605291687642048,"flow_src_last_pkt_time":1605291687821101,"flow_dst_last_pkt_time":1605291687853616,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":1006,"flow_dst_tot_l4_payload_len":35001,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":37,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291698436193,"flow_dst_last_pkt_time":1605291698440198,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1474,"flow_dst_tot_l4_payload_len":17331,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
+01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":66,"flow_dst_packets_processed":80,"flow_first_seen":1605291687485783,"flow_src_last_pkt_time":1605291690953734,"flow_dst_last_pkt_time":1605291690985375,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1047,"flow_dst_max_l4_payload_len":5552,"flow_src_tot_l4_payload_len":2823,"flow_dst_tot_l4_payload_len":118668,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
+01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":22,"flow_first_seen":1605291688324076,"flow_src_last_pkt_time":1605291688544035,"flow_dst_last_pkt_time":1605291688572828,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1441,"flow_dst_tot_l4_payload_len":4595,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
+00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1605291696948991,"flow_src_last_pkt_time":1605291697249997,"flow_dst_last_pkt_time":1605291697249971,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":577,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1220,"flow_dst_tot_l4_payload_len":6397,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1605291688336354,"flow_src_last_pkt_time":1605291688453280,"flow_dst_last_pkt_time":1605291688453229,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":3457,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":60,"flow_dst_packets_processed":114,"flow_first_seen":1605291688831210,"flow_src_last_pkt_time":1605291698454977,"flow_dst_last_pkt_time":1605291698470943,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3624,"flow_src_tot_l4_payload_len":1346,"flow_dst_tot_l4_payload_len":122429,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
+01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":28,"flow_first_seen":1605291684451133,"flow_src_last_pkt_time":1605291698565327,"flow_dst_last_pkt_time":1605291698602574,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":824,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":2920,"flow_dst_tot_l4_payload_len":5412,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1605291684451247,"flow_src_last_pkt_time":1605291684592898,"flow_dst_last_pkt_time":1605291684592779,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":3497,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1605291687761761,"flow_src_last_pkt_time":1605291687902854,"flow_dst_last_pkt_time":1605291687902833,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1053,"flow_dst_tot_l4_payload_len":3947,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":22,"flow_first_seen":1605291687933355,"flow_src_last_pkt_time":1605291688585627,"flow_dst_last_pkt_time":1605291688585505,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1673,"flow_dst_tot_l4_payload_len":13072,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1605291690926867,"flow_src_last_pkt_time":1605291691088193,"flow_dst_last_pkt_time":1605291691119107,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1026,"flow_dst_tot_l4_payload_len":5335,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":41,"flow_first_seen":1605291686985710,"flow_src_last_pkt_time":1605291690314896,"flow_dst_last_pkt_time":1605291690314835,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2776,"flow_src_tot_l4_payload_len":1370,"flow_dst_tot_l4_payload_len":39870,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":15,"flow_first_seen":1605291688712501,"flow_src_last_pkt_time":1605291688883590,"flow_dst_last_pkt_time":1605291688927912,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1007,"flow_dst_tot_l4_payload_len":3998,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
+00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1605291687931808,"flow_src_last_pkt_time":1605291688031097,"flow_dst_last_pkt_time":1605291688025071,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1078,"flow_dst_tot_l4_payload_len":3824,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":15,"flow_first_seen":1605291687896532,"flow_src_last_pkt_time":1605291688158853,"flow_dst_last_pkt_time":1605291688326694,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1060,"flow_dst_tot_l4_payload_len":5643,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":37,"flow_dst_packets_processed":67,"flow_first_seen":1605291690926655,"flow_src_last_pkt_time":1605291691154393,"flow_dst_last_pkt_time":1605291691154374,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":10872,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":109795,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1605291690926734,"flow_src_last_pkt_time":1605291691043840,"flow_dst_last_pkt_time":1605291691043780,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":7975,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1605291690926769,"flow_src_last_pkt_time":1605291691043854,"flow_dst_last_pkt_time":1605291691043782,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":7974,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1605291690926802,"flow_src_last_pkt_time":1605291691043975,"flow_dst_last_pkt_time":1605291691043952,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":7975,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1605291690926830,"flow_src_last_pkt_time":1605291691044050,"flow_dst_last_pkt_time":1605291691043957,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":7976,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":63,"flow_dst_packets_processed":101,"flow_first_seen":1605291686985114,"flow_src_last_pkt_time":1605291698488081,"flow_dst_last_pkt_time":1605291698522640,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1168,"flow_dst_max_l4_payload_len":2333,"flow_src_tot_l4_payload_len":3956,"flow_dst_tot_l4_payload_len":41414,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":15,"flow_first_seen":1605291690373466,"flow_src_last_pkt_time":1605291690495529,"flow_dst_last_pkt_time":1605291690520905,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1020,"flow_dst_tot_l4_payload_len":4664,"midstream":0,"thread_ts_usec":1605291698703492,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4174,"source":"reddit.pcap","alias":"nDPId-test","packets-captured":4174,"packets-processed":4174,"total-skipped-flows":0,"total-l4-payload-len":2193709,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":59,"total-detection-updates":93,"total-updates":0,"current-active-flows":0,"total-active-flows":60,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":599,"global_ts_usec":1605291698703492}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
-~~ packets captured/processed: 11682/11682
+~~ packets captured/processed: 4174/4174
 ~~ skipped flows.............: 0
-~~ total layer4 data length..: 10573423 bytes
+~~ total layer4 data length..: 2193709 bytes
 ~~ total detected protocols..: 59
 ~~ total active/idle flows...: 60/60
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 7574111 bytes
-~~ total memory freed........: 7574111 bytes
-~~ total allocations/frees...: 135264/135264
+~~ total memory allocated....: 7361756 bytes
+~~ total memory freed........: 7361756 bytes
+~~ total allocations/frees...: 127766/127766
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 2185 chars
diff --git a/test/results/riotgames.pcap.out b/test/results/riotgames.pcap.out
index 7c11bd6e7..8991f62d2 100644
--- a/test/results/riotgames.pcap.out
+++ b/test/results/riotgames.pcap.out
@@ -68,9 +68,9 @@
 ~~ total active/idle flows...: 9/9
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6427422 bytes
-~~ total memory freed........: 6427422 bytes
-~~ total allocations/frees...: 122568/122568
+~~ total memory allocated....: 6432391 bytes
+~~ total memory freed........: 6432391 bytes
+~~ total allocations/frees...: 122578/122578
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 956 chars
diff --git a/test/results/rsh-syslog-false-positive.pcap.out b/test/results/rsh-syslog-false-positive.pcap.out
index 4f03c254b..77d9d7a4e 100644
--- a/test/results/rsh-syslog-false-positive.pcap.out
+++ b/test/results/rsh-syslog-false-positive.pcap.out
@@ -21,9 +21,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411978 bytes
-~~ total memory freed........: 6411978 bytes
-~~ total allocations/frees...: 122444/122444
+~~ total memory allocated....: 6416883 bytes
+~~ total memory freed........: 6416883 bytes
+~~ total allocations/frees...: 122454/122454
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 359 chars
 ~~ json string max len.......: 1624 chars
diff --git a/test/results/rsh.pcap.out b/test/results/rsh.pcap.out
index 96edbb5e0..69a2bf6d0 100644
--- a/test/results/rsh.pcap.out
+++ b/test/results/rsh.pcap.out
@@ -25,9 +25,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6418424 bytes
-~~ total memory freed........: 6418424 bytes
-~~ total allocations/frees...: 122475/122475
+~~ total memory allocated....: 6423337 bytes
+~~ total memory freed........: 6423337 bytes
+~~ total allocations/frees...: 122485/122485
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 488 chars
 ~~ json string max len.......: 1111 chars
diff --git a/test/results/rsync.pcap.out b/test/results/rsync.pcap.out
index cd4a8e0ad..feaea0648 100644
--- a/test/results/rsync.pcap.out
+++ b/test/results/rsync.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414664 bytes
-~~ total memory freed........: 6414664 bytes
-~~ total allocations/frees...: 122467/122467
+~~ total memory allocated....: 6419569 bytes
+~~ total memory freed........: 6419569 bytes
+~~ total allocations/frees...: 122477/122477
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 950 chars
diff --git a/test/results/rtmp.pcap.out b/test/results/rtmp.pcap.out
index 6129611a4..991e12d76 100644
--- a/test/results/rtmp.pcap.out
+++ b/test/results/rtmp.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414548 bytes
-~~ total memory freed........: 6414548 bytes
-~~ total allocations/frees...: 122463/122463
+~~ total memory allocated....: 6419453 bytes
+~~ total memory freed........: 6419453 bytes
+~~ total allocations/frees...: 122473/122473
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 2486 chars
diff --git a/test/results/rtsp.pcap.out b/test/results/rtsp.pcap.out
index d60977fd8..ae6b03401 100644
--- a/test/results/rtsp.pcap.out
+++ b/test/results/rtsp.pcap.out
@@ -71,9 +71,9 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6454022 bytes
-~~ total memory freed........: 6454022 bytes
-~~ total allocations/frees...: 123100/123100
+~~ total memory allocated....: 6458975 bytes
+~~ total memory freed........: 6458975 bytes
+~~ total allocations/frees...: 123110/123110
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 2203 chars
diff --git a/test/results/rtsp_setup_http.pcapng.out b/test/results/rtsp_setup_http.pcapng.out
index 854e536a1..a97efd2ae 100644
--- a/test/results/rtsp_setup_http.pcapng.out
+++ b/test/results/rtsp_setup_http.pcapng.out
@@ -13,9 +13,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6413875 bytes
-~~ total memory freed........: 6413875 bytes
-~~ total allocations/frees...: 122439/122439
+~~ total memory allocated....: 6418780 bytes
+~~ total memory freed........: 6418780 bytes
+~~ total allocations/frees...: 122449/122449
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 502 chars
 ~~ json string max len.......: 1082 chars
diff --git a/test/results/rx.pcap.out b/test/results/rx.pcap.out
index c9e125a77..561d3d9db 100644
--- a/test/results/rx.pcap.out
+++ b/test/results/rx.pcap.out
@@ -46,9 +46,9 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6422774 bytes
-~~ total memory freed........: 6422774 bytes
-~~ total allocations/frees...: 122612/122612
+~~ total memory allocated....: 6427711 bytes
+~~ total memory freed........: 6427711 bytes
+~~ total allocations/frees...: 122622/122622
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 487 chars
 ~~ json string max len.......: 2143 chars
diff --git a/test/results/s7comm.pcap.out b/test/results/s7comm.pcap.out
index 589831e7b..dfe61cbe3 100644
--- a/test/results/s7comm.pcap.out
+++ b/test/results/s7comm.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6413341 bytes
-~~ total memory freed........: 6413341 bytes
-~~ total allocations/frees...: 122491/122491
+~~ total memory allocated....: 6418246 bytes
+~~ total memory freed........: 6418246 bytes
+~~ total allocations/frees...: 122501/122501
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 2117 chars
diff --git a/test/results/safari.pcap.out b/test/results/safari.pcap.out
index 05f03af5b..4167cee30 100644
--- a/test/results/safari.pcap.out
+++ b/test/results/safari.pcap.out
@@ -81,9 +81,9 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6662423 bytes
-~~ total memory freed........: 6662423 bytes
-~~ total allocations/frees...: 128558/128558
+~~ total memory allocated....: 6667376 bytes
+~~ total memory freed........: 6667376 bytes
+~~ total allocations/frees...: 128568/128568
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 2281 chars
diff --git a/test/results/salesforce.pcap.out b/test/results/salesforce.pcap.out
index 97cbfecd7..5ac455549 100644
--- a/test/results/salesforce.pcap.out
+++ b/test/results/salesforce.pcap.out
@@ -19,9 +19,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6422663 bytes
-~~ total memory freed........: 6422663 bytes
-~~ total allocations/frees...: 122461/122461
+~~ total memory allocated....: 6427568 bytes
+~~ total memory freed........: 6427568 bytes
+~~ total allocations/frees...: 122471/122471
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 495 chars
 ~~ json string max len.......: 1547 chars
diff --git a/test/results/sccp_hw_conf_register.pcapng.out b/test/results/sccp_hw_conf_register.pcapng.out
index b64939c82..ca6be1ffd 100644
--- a/test/results/sccp_hw_conf_register.pcapng.out
+++ b/test/results/sccp_hw_conf_register.pcapng.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412239 bytes
-~~ total memory freed........: 6412239 bytes
-~~ total allocations/frees...: 122453/122453
+~~ total memory allocated....: 6417144 bytes
+~~ total memory freed........: 6417144 bytes
+~~ total allocations/frees...: 122463/122463
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 507 chars
 ~~ json string max len.......: 976 chars
diff --git a/test/results/sctp.cap.out b/test/results/sctp.cap.out
index 4dac4b64c..9a8d9239a 100644
--- a/test/results/sctp.cap.out
+++ b/test/results/sctp.cap.out
@@ -19,9 +19,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6413662 bytes
-~~ total memory freed........: 6413662 bytes
-~~ total allocations/frees...: 122451/122451
+~~ total memory allocated....: 6418575 bytes
+~~ total memory freed........: 6418575 bytes
+~~ total allocations/frees...: 122461/122461
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 488 chars
 ~~ json string max len.......: 909 chars
diff --git a/test/results/selfsigned.pcap.out b/test/results/selfsigned.pcap.out
index 67b7f2143..9f6735a87 100644
--- a/test/results/selfsigned.pcap.out
+++ b/test/results/selfsigned.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6416574 bytes
-~~ total memory freed........: 6416574 bytes
-~~ total allocations/frees...: 122463/122463
+~~ total memory allocated....: 6421479 bytes
+~~ total memory freed........: 6421479 bytes
+~~ total allocations/frees...: 122473/122473
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 495 chars
 ~~ json string max len.......: 1665 chars
diff --git a/test/results/sflow.pcap.out b/test/results/sflow.pcap.out
index 898b3066a..8d063a576 100644
--- a/test/results/sflow.pcap.out
+++ b/test/results/sflow.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412007 bytes
-~~ total memory freed........: 6412007 bytes
-~~ total allocations/frees...: 122445/122445
+~~ total memory allocated....: 6416912 bytes
+~~ total memory freed........: 6416912 bytes
+~~ total allocations/frees...: 122455/122455
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 952 chars
diff --git a/test/results/signal.pcap.out b/test/results/signal.pcap.out
index 389025863..1209f5f1f 100644
--- a/test/results/signal.pcap.out
+++ b/test/results/signal.pcap.out
@@ -179,9 +179,9 @@
 ~~ total active/idle flows...: 19/19
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6693633 bytes
-~~ total memory freed........: 6693633 bytes
-~~ total allocations/frees...: 123401/123401
+~~ total memory allocated....: 6698682 bytes
+~~ total memory freed........: 6698682 bytes
+~~ total allocations/frees...: 123411/123411
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 2161 chars
diff --git a/test/results/simple-dnscrypt.pcap.out b/test/results/simple-dnscrypt.pcap.out
index da72a3a0b..7012fc2b7 100644
--- a/test/results/simple-dnscrypt.pcap.out
+++ b/test/results/simple-dnscrypt.pcap.out
@@ -53,9 +53,9 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6509809 bytes
-~~ total memory freed........: 6509809 bytes
-~~ total allocations/frees...: 122628/122628
+~~ total memory allocated....: 6514738 bytes
+~~ total memory freed........: 6514738 bytes
+~~ total allocations/frees...: 122638/122638
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 500 chars
 ~~ json string max len.......: 1980 chars
diff --git a/test/results/sip.pcap.out b/test/results/sip.pcap.out
index 832de2094..eaf4e56e6 100644
--- a/test/results/sip.pcap.out
+++ b/test/results/sip.pcap.out
@@ -65,9 +65,9 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6420394 bytes
-~~ total memory freed........: 6420394 bytes
-~~ total allocations/frees...: 122581/122581
+~~ total memory allocated....: 6425323 bytes
+~~ total memory freed........: 6425323 bytes
+~~ total allocations/frees...: 122591/122591
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 488 chars
 ~~ json string max len.......: 2275 chars
diff --git a/test/results/sip_hello.pcapng.out b/test/results/sip_hello.pcapng.out
index 3ccd23a7e..bb4c328b5 100644
--- a/test/results/sip_hello.pcapng.out
+++ b/test/results/sip_hello.pcapng.out
@@ -26,9 +26,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412616 bytes
-~~ total memory freed........: 6412616 bytes
-~~ total allocations/frees...: 122466/122466
+~~ total memory allocated....: 6417521 bytes
+~~ total memory freed........: 6417521 bytes
+~~ total allocations/frees...: 122476/122476
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 496 chars
 ~~ json string max len.......: 961 chars
diff --git a/test/results/sites.pcapng.out b/test/results/sites.pcapng.out
index 6fdfd7ce6..24a31c765 100644
--- a/test/results/sites.pcapng.out
+++ b/test/results/sites.pcapng.out
@@ -410,9 +410,9 @@
 ~~ total active/idle flows...: 47/47
 ~~ total timeout flows.......: 4
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6998597 bytes
-~~ total memory freed........: 6998597 bytes
-~~ total allocations/frees...: 123998/123998
+~~ total memory allocated....: 7003880 bytes
+~~ total memory freed........: 7003880 bytes
+~~ total allocations/frees...: 124009/124009
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 2600 chars
diff --git a/test/results/skinny.pcap.out b/test/results/skinny.pcap.out
index 7900e78da..f35319181 100644
--- a/test/results/skinny.pcap.out
+++ b/test/results/skinny.pcap.out
@@ -82,9 +82,9 @@
 ~~ total active/idle flows...: 9/9
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6512189 bytes
-~~ total memory freed........: 6512189 bytes
-~~ total allocations/frees...: 125491/125491
+~~ total memory allocated....: 6517158 bytes
+~~ total memory freed........: 6517158 bytes
+~~ total allocations/frees...: 125501/125501
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 2178 chars
diff --git a/test/results/skype-conference-call.pcap.out b/test/results/skype-conference-call.pcap.out
index f3f0f4f89..c6f843b1c 100644
--- a/test/results/skype-conference-call.pcap.out
+++ b/test/results/skype-conference-call.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6417546 bytes
-~~ total memory freed........: 6417546 bytes
-~~ total allocations/frees...: 122636/122636
+~~ total memory allocated....: 6422451 bytes
+~~ total memory freed........: 6422451 bytes
+~~ total allocations/frees...: 122646/122646
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 506 chars
 ~~ json string max len.......: 2308 chars
diff --git a/test/results/skype.pcap.out b/test/results/skype.pcap.out
index 21ebbdd61..48c0c2ee4 100644
--- a/test/results/skype.pcap.out
+++ b/test/results/skype.pcap.out
@@ -2132,9 +2132,9 @@
 ~~ total active/idle flows...: 293/293
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 7244321 bytes
-~~ total memory freed........: 7244321 bytes
-~~ total allocations/frees...: 128830/128830
+~~ total memory allocated....: 7251562 bytes
+~~ total memory freed........: 7251562 bytes
+~~ total allocations/frees...: 128840/128840
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 482 chars
 ~~ json string max len.......: 2445 chars
diff --git a/test/results/skype_no_unknown.pcap.out b/test/results/skype_no_unknown.pcap.out
index 068bea5a3..b05e3e277 100644
--- a/test/results/skype_no_unknown.pcap.out
+++ b/test/results/skype_no_unknown.pcap.out
@@ -1590,9 +1590,9 @@
 ~~ total active/idle flows...: 267/267
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 7121747 bytes
-~~ total memory freed........: 7121747 bytes
-~~ total allocations/frees...: 127531/127531
+~~ total memory allocated....: 7128780 bytes
+~~ total memory freed........: 7128780 bytes
+~~ total allocations/frees...: 127541/127541
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 300 chars
 ~~ json string max len.......: 2454 chars
diff --git a/test/results/skype_udp.pcap.out b/test/results/skype_udp.pcap.out
index 51a505ddb..9271a8cc8 100644
--- a/test/results/skype_udp.pcap.out
+++ b/test/results/skype_udp.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411891 bytes
-~~ total memory freed........: 6411891 bytes
-~~ total allocations/frees...: 122441/122441
+~~ total memory allocated....: 6416796 bytes
+~~ total memory freed........: 6416796 bytes
+~~ total allocations/frees...: 122451/122451
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 494 chars
 ~~ json string max len.......: 959 chars
diff --git a/test/results/smb_deletefile.pcap.out b/test/results/smb_deletefile.pcap.out
index 7a752a4db..1fb0c81e6 100644
--- a/test/results/smb_deletefile.pcap.out
+++ b/test/results/smb_deletefile.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414675 bytes
-~~ total memory freed........: 6414675 bytes
-~~ total allocations/frees...: 122537/122537
+~~ total memory allocated....: 6419580 bytes
+~~ total memory freed........: 6419580 bytes
+~~ total allocations/frees...: 122547/122547
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 498 chars
 ~~ json string max len.......: 2169 chars
diff --git a/test/results/smb_frags.pcap.out b/test/results/smb_frags.pcap.out
index 3d491219c..5b1ab7355 100644
--- a/test/results/smb_frags.pcap.out
+++ b/test/results/smb_frags.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414059 bytes
-~~ total memory freed........: 6414059 bytes
-~~ total allocations/frees...: 122447/122447
+~~ total memory allocated....: 6418964 bytes
+~~ total memory freed........: 6418964 bytes
+~~ total allocations/frees...: 122457/122457
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 494 chars
 ~~ json string max len.......: 2370 chars
diff --git a/test/results/smbv1.pcap.out b/test/results/smbv1.pcap.out
index c03f7fd44..bed33eb4e 100644
--- a/test/results/smbv1.pcap.out
+++ b/test/results/smbv1.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414030 bytes
-~~ total memory freed........: 6414030 bytes
-~~ total allocations/frees...: 122446/122446
+~~ total memory allocated....: 6418935 bytes
+~~ total memory freed........: 6418935 bytes
+~~ total allocations/frees...: 122456/122456
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 1305 chars
diff --git a/test/results/smpp_in_general.pcap.out b/test/results/smpp_in_general.pcap.out
index 44737b267..e89b17e26 100644
--- a/test/results/smpp_in_general.pcap.out
+++ b/test/results/smpp_in_general.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414287 bytes
-~~ total memory freed........: 6414287 bytes
-~~ total allocations/frees...: 122454/122454
+~~ total memory allocated....: 6419192 bytes
+~~ total memory freed........: 6419192 bytes
+~~ total allocations/frees...: 122464/122464
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 500 chars
 ~~ json string max len.......: 962 chars
diff --git a/test/results/smtp-starttls.pcap.out b/test/results/smtp-starttls.pcap.out
index 134e1b0ae..5b0631eae 100644
--- a/test/results/smtp-starttls.pcap.out
+++ b/test/results/smtp-starttls.pcap.out
@@ -34,9 +34,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6437909 bytes
-~~ total memory freed........: 6437909 bytes
-~~ total allocations/frees...: 122551/122551
+~~ total memory allocated....: 6442822 bytes
+~~ total memory freed........: 6442822 bytes
+~~ total allocations/frees...: 122561/122561
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 498 chars
 ~~ json string max len.......: 2419 chars
diff --git a/test/results/smtp.pcap.out b/test/results/smtp.pcap.out
index 55926791d..2e9e74dbd 100644
--- a/test/results/smtp.pcap.out
+++ b/test/results/smtp.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6416549 bytes
-~~ total memory freed........: 6416549 bytes
-~~ total allocations/frees...: 122532/122532
+~~ total memory allocated....: 6421454 bytes
+~~ total memory freed........: 6421454 bytes
+~~ total allocations/frees...: 122542/122542
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 2115 chars
diff --git a/test/results/smtps.pcapng.out b/test/results/smtps.pcapng.out
index a089e2aa2..3f1a14f79 100644
--- a/test/results/smtps.pcapng.out
+++ b/test/results/smtps.pcapng.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6415966 bytes
-~~ total memory freed........: 6415966 bytes
-~~ total allocations/frees...: 122443/122443
+~~ total memory allocated....: 6420871 bytes
+~~ total memory freed........: 6420871 bytes
+~~ total allocations/frees...: 122453/122453
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 1190 chars
diff --git a/test/results/snapchat.pcap.out b/test/results/snapchat.pcap.out
index dc4eb9dee..de291af7f 100644
--- a/test/results/snapchat.pcap.out
+++ b/test/results/snapchat.pcap.out
@@ -36,9 +36,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6429302 bytes
-~~ total memory freed........: 6429302 bytes
-~~ total allocations/frees...: 122525/122525
+~~ total memory allocated....: 6434223 bytes
+~~ total memory freed........: 6434223 bytes
+~~ total allocations/frees...: 122535/122535
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 493 chars
 ~~ json string max len.......: 1349 chars
diff --git a/test/results/snapchat_call.pcapng.out b/test/results/snapchat_call.pcapng.out
index 99c55d901..5799c44a6 100644
--- a/test/results/snapchat_call.pcapng.out
+++ b/test/results/snapchat_call.pcapng.out
@@ -19,9 +19,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6413196 bytes
-~~ total memory freed........: 6413196 bytes
-~~ total allocations/frees...: 122486/122486
+~~ total memory allocated....: 6418101 bytes
+~~ total memory freed........: 6418101 bytes
+~~ total allocations/frees...: 122496/122496
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 500 chars
 ~~ json string max len.......: 2324 chars
diff --git a/test/results/snmp.pcap.out b/test/results/snmp.pcap.out
index a33fc0cee..f26c23e36 100644
--- a/test/results/snmp.pcap.out
+++ b/test/results/snmp.pcap.out
@@ -143,9 +143,9 @@
 ~~ total active/idle flows...: 17/17
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6442549 bytes
-~~ total memory freed........: 6442549 bytes
-~~ total allocations/frees...: 122682/122682
+~~ total memory allocated....: 6447582 bytes
+~~ total memory freed........: 6447582 bytes
+~~ total allocations/frees...: 122692/122692
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 1949 chars
diff --git a/test/results/soap.pcap.out b/test/results/soap.pcap.out
index 0af63419c..29df1e94a 100644
--- a/test/results/soap.pcap.out
+++ b/test/results/soap.pcap.out
@@ -30,9 +30,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6420164 bytes
-~~ total memory freed........: 6420164 bytes
-~~ total allocations/frees...: 122486/122486
+~~ total memory allocated....: 6425085 bytes
+~~ total memory freed........: 6425085 bytes
+~~ total allocations/frees...: 122496/122496
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 2431 chars
diff --git a/test/results/socks-http-example.pcap.out b/test/results/socks-http-example.pcap.out
index cc6f24028..486f301e2 100644
--- a/test/results/socks-http-example.pcap.out
+++ b/test/results/socks-http-example.pcap.out
@@ -33,9 +33,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6422824 bytes
-~~ total memory freed........: 6422824 bytes
-~~ total allocations/frees...: 122507/122507
+~~ total memory allocated....: 6427745 bytes
+~~ total memory freed........: 6427745 bytes
+~~ total allocations/frees...: 122517/122517
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 503 chars
 ~~ json string max len.......: 967 chars
diff --git a/test/results/softether.pcap.out b/test/results/softether.pcap.out
index a219230b8..9c9b533ac 100644
--- a/test/results/softether.pcap.out
+++ b/test/results/softether.pcap.out
@@ -114,9 +114,9 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6426127 bytes
-~~ total memory freed........: 6426127 bytes
-~~ total allocations/frees...: 122674/122674
+~~ total memory allocated....: 6431072 bytes
+~~ total memory freed........: 6431072 bytes
+~~ total allocations/frees...: 122684/122684
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 479 chars
 ~~ json string max len.......: 2287 chars
diff --git a/test/results/someip-tp.pcap.out b/test/results/someip-tp.pcap.out
index 443142f7b..43dc914c0 100644
--- a/test/results/someip-tp.pcap.out
+++ b/test/results/someip-tp.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412007 bytes
-~~ total memory freed........: 6412007 bytes
-~~ total allocations/frees...: 122445/122445
+~~ total memory allocated....: 6416912 bytes
+~~ total memory freed........: 6416912 bytes
+~~ total allocations/frees...: 122455/122455
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 494 chars
 ~~ json string max len.......: 2398 chars
diff --git a/test/results/someip-udp-method-call.pcapng.out b/test/results/someip-udp-method-call.pcapng.out
index 4444ce039..076e2958e 100644
--- a/test/results/someip-udp-method-call.pcapng.out
+++ b/test/results/someip-udp-method-call.pcapng.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6413605 bytes
-~~ total memory freed........: 6413605 bytes
-~~ total allocations/frees...: 122449/122449
+~~ total memory allocated....: 6418518 bytes
+~~ total memory freed........: 6418518 bytes
+~~ total allocations/frees...: 122459/122459
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 509 chars
 ~~ json string max len.......: 1098 chars
diff --git a/test/results/someip_sd_sample.pcap.out b/test/results/someip_sd_sample.pcap.out
index c9c19475c..c491dd903 100644
--- a/test/results/someip_sd_sample.pcap.out
+++ b/test/results/someip_sd_sample.pcap.out
@@ -21,9 +21,9 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6409946 bytes
-~~ total memory freed........: 6409946 bytes
-~~ total allocations/frees...: 122425/122425
+~~ total memory allocated....: 6414843 bytes
+~~ total memory freed........: 6414843 bytes
+~~ total allocations/frees...: 122435/122435
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 312 chars
 ~~ json string max len.......: 567 chars
diff --git a/test/results/sql_injection.pcap.out b/test/results/sql_injection.pcap.out
index d6669a2f5..22b0058bc 100644
--- a/test/results/sql_injection.pcap.out
+++ b/test/results/sql_injection.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412354 bytes
-~~ total memory freed........: 6412354 bytes
-~~ total allocations/frees...: 122448/122448
+~~ total memory allocated....: 6417282 bytes
+~~ total memory freed........: 6417282 bytes
+~~ total allocations/frees...: 122459/122459
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 498 chars
 ~~ json string max len.......: 2470 chars
diff --git a/test/results/ssdp-m-search-ua.pcap.out b/test/results/ssdp-m-search-ua.pcap.out
index 60bddc0fd..8ae743b39 100644
--- a/test/results/ssdp-m-search-ua.pcap.out
+++ b/test/results/ssdp-m-search-ua.pcap.out
@@ -16,9 +16,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411870 bytes
-~~ total memory freed........: 6411870 bytes
-~~ total allocations/frees...: 122440/122440
+~~ total memory allocated....: 6416775 bytes
+~~ total memory freed........: 6416775 bytes
+~~ total allocations/frees...: 122450/122450
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 501 chars
 ~~ json string max len.......: 963 chars
diff --git a/test/results/ssdp-m-search.pcap.out b/test/results/ssdp-m-search.pcap.out
index 9a615e3e8..b9e26d3d9 100644
--- a/test/results/ssdp-m-search.pcap.out
+++ b/test/results/ssdp-m-search.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412269 bytes
-~~ total memory freed........: 6412269 bytes
-~~ total allocations/frees...: 122454/122454
+~~ total memory allocated....: 6417174 bytes
+~~ total memory freed........: 6417174 bytes
+~~ total allocations/frees...: 122464/122464
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 498 chars
 ~~ json string max len.......: 962 chars
diff --git a/test/results/ssh.pcap.out b/test/results/ssh.pcap.out
index 02c9a6a95..be00a3d03 100644
--- a/test/results/ssh.pcap.out
+++ b/test/results/ssh.pcap.out
@@ -22,9 +22,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6421232 bytes
-~~ total memory freed........: 6421232 bytes
-~~ total allocations/frees...: 122698/122698
+~~ total memory allocated....: 6426137 bytes
+~~ total memory freed........: 6426137 bytes
+~~ total allocations/frees...: 122708/122708
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 488 chars
 ~~ json string max len.......: 2409 chars
diff --git a/test/results/ssl-cert-name-mismatch.pcap.out b/test/results/ssl-cert-name-mismatch.pcap.out
index 21a8a8ed0..8bcd1f72d 100644
--- a/test/results/ssl-cert-name-mismatch.pcap.out
+++ b/test/results/ssl-cert-name-mismatch.pcap.out
@@ -19,9 +19,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6422620 bytes
-~~ total memory freed........: 6422620 bytes
-~~ total allocations/frees...: 122467/122467
+~~ total memory allocated....: 6427525 bytes
+~~ total memory freed........: 6427525 bytes
+~~ total allocations/frees...: 122477/122477
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 507 chars
 ~~ json string max len.......: 1487 chars
diff --git a/test/results/starcraft_battle.pcap.out b/test/results/starcraft_battle.pcap.out
index 32a7b1574..80734c09d 100644
--- a/test/results/starcraft_battle.pcap.out
+++ b/test/results/starcraft_battle.pcap.out
@@ -10,7 +10,7 @@
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1437389953742059,"flow_dst_last_pkt_time":1437389953741760,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1437389953742059,"pkt":"hCYVPnXEIImEa8W6CABFAABIX18AAIARVpPAqAFkwKgB\/uXCADUANO2f6I8BAAABAAAAAAAAAzEwMAExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="}
 01064{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1437389953741760,"flow_src_last_pkt_time":1437389953742059,"flow_dst_last_pkt_time":1437389953741760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1437389953742059,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"100.1.168.192.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1437389953742059,"flow_dst_last_pkt_time":1437389953743440,"flow_idle_time":200000000,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1437389953743440,"pkt":"IImEa8W6hCYVPnXECABFAABcAABAAEARtd7AqAH+wKgBZAA15cIASF7P6I+BgAABAAEAAAAAAzEwMAExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAHADAAMAAEAAAAAAAgGbmItd2luAA=="}
-01194{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1437389953741760,"flow_src_last_pkt_time":1437389953742059,"flow_dst_last_pkt_time":1437389953743440,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1437389953743440,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"100.1.168.192.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}}
+01067{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1437389953741760,"flow_src_last_pkt_time":1437389953742059,"flow_dst_last_pkt_time":1437389953743440,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1437389953743440,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"100.1.168.192.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1437389953774618,"flow_dst_last_pkt_time":1437389953643311,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1437389953774618,"pkt":"IImEa8W6hCYVPnXECABFAAAoZttAAPMGom3AHvxbwKgBZAG7DI12Mx+JhBzagFAQAB8ujQAAAAAAAAAA"}
 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1437389953742059,"flow_dst_last_pkt_time":1437389953805110,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1437389953805110,"pkt":"IImEa8W6hCYVPnXECABFAACMAABAAEARta7AqAH+wKgBZAA15cIAeFi6LmyBgwABAAAAAQAAAjkxAzI1MgIzMAMxOTIHaW4tYWRkcgRhcnBhAAAMAAHADwAGAAEAAAA7ADgDbnMxA3AxNgZkeW5lY3QDbmV0AANvcHMGZ2l0aHViA2NvbQAAAAASAAAOEAAAAlgACTqAAAAAPA=="}
 00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389954123062,"flow_src_last_pkt_time":1437389954123062,"flow_dst_last_pkt_time":1437389954123062,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389954123062,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -93,6 +93,7 @@
 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1437389967639692,"flow_dst_last_pkt_time":1437389967630455,"flow_idle_time":3285032704,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1437389967639692,"pkt":"hCYVPnXEIImEa8W6CABFAAB9U2lAAIAG+k3AqAFkDIHeNg24AFDXJA2O+iTFx1AYAQD\/UgAAR0VUIC91cGRhdGUvTGF1bmNoZXIudHh0IEhUVFAvMS4xDQpIb3N0OiB1cy5zY2FuLndvcmxkb2Z3YXJjcmFmdC5jb20NCkFjY2VwdDogKi8qDQoNCg=="}
 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1437389967432431,"flow_src_last_pkt_time":1437389967639692,"flow_dst_last_pkt_time":1437389967630455,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":85,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1437389967639692,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.WorldOfWarcraft","proto_id":"7.76","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game","hostname":"us.scan.worldofwarcraft.com","http": {"url":"us.scan.worldofwarcraft.com\/update\/Launcher.txt","code":0,"content_type":"","user_agent":""}}}
 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1437389967639692,"flow_dst_last_pkt_time":1437389967833673,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1437389967833673,"pkt":"IImEa8W6hCYVPnXECABFAAAoibdAAC0GF1UMgd42wKgBZABQDbj6JMXH1yQN41AQAC5P5gAAAAAAAAAA"}
+01228{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":239,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1437389967432431,"flow_src_last_pkt_time":1437389967639692,"flow_dst_last_pkt_time":1437389967834099,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":273,"flow_src_tot_l4_payload_len":85,"flow_dst_tot_l4_payload_len":273,"midstream":0,"thread_ts_usec":1437389967834099,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.WorldOfWarcraft","proto_id":"7.76","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game","hostname":"us.scan.worldofwarcraft.com","http": {"url":"us.scan.worldofwarcraft.com\/update\/Launcher.txt","code":200,"content_type":"text\/plain","user_agent":""}}}
 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389968486982,"flow_src_last_pkt_time":1437389968486982,"flow_dst_last_pkt_time":1437389968486982,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389968486982,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1437389968486982,"flow_dst_last_pkt_time":1437389968486982,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1437389968486982,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaD9AAIAGnzjAqAFkAuQuaA2kAbvjTIWjXKb5cVARAQDtEwAA"}
 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389968487209,"flow_src_last_pkt_time":1437389968487209,"flow_dst_last_pkt_time":1437389968487209,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389968487209,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3489,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -359,7 +360,7 @@
 00952{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1437389985320648,"flow_src_last_pkt_time":1437389985635256,"flow_dst_last_pkt_time":1437389985635209,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":499,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":499,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00954{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1437389985434803,"flow_src_last_pkt_time":1437389985610939,"flow_dst_last_pkt_time":1437389985610905,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":209,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":209,"flow_dst_tot_l4_payload_len":3046,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3525,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00954{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1437389985446792,"flow_src_last_pkt_time":1437389985631224,"flow_dst_last_pkt_time":1437389985631183,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":2851,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00859{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1437389955670603,"flow_src_last_pkt_time":1437389984585571,"flow_dst_last_pkt_time":1437389984611162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":41,"flow_src_tot_l4_payload_len":117,"flow_dst_tot_l4_payload_len":106,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"173.194.40.22","dst_ip":"192.168.1.100","src_port":443,"dst_port":53568,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Unrated"}}
+00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1437389955670603,"flow_src_last_pkt_time":1437389984585571,"flow_dst_last_pkt_time":1437389984611162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":41,"flow_src_tot_l4_payload_len":117,"flow_dst_tot_l4_payload_len":106,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"173.194.40.22","dst_ip":"192.168.1.100","src_port":443,"dst_port":53568,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}}
 00771{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1437389955670603,"flow_src_last_pkt_time":1437389984585571,"flow_dst_last_pkt_time":1437389984611162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":41,"flow_src_tot_l4_payload_len":117,"flow_dst_tot_l4_payload_len":106,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"173.194.40.22","dst_ip":"192.168.1.100","src_port":443,"dst_port":53568,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00921{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1437389982769377,"flow_src_last_pkt_time":1437389982769377,"flow_dst_last_pkt_time":1437389982823721,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":2,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":2,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"5.42.180.154","src_port":53146,"dst_port":1119,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00765{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1437389982769377,"flow_src_last_pkt_time":1437389982769377,"flow_dst_last_pkt_time":1437389982823721,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":2,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":2,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"5.42.180.154","src_port":53146,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -371,12 +372,12 @@
 00763{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389954123062,"flow_src_last_pkt_time":1437389954123062,"flow_dst_last_pkt_time":1437389954123062,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00909{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389955642290,"flow_src_last_pkt_time":1437389955642290,"flow_dst_last_pkt_time":1437389955642290,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00763{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389955642290,"flow_src_last_pkt_time":1437389955642290,"flow_dst_last_pkt_time":1437389955642290,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1437389953741760,"flow_src_last_pkt_time":1437389953742059,"flow_dst_last_pkt_time":1437389953805110,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":112,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00955{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1437389953741760,"flow_src_last_pkt_time":1437389953742059,"flow_dst_last_pkt_time":1437389953805110,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":112,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00955{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1437389954543028,"flow_src_last_pkt_time":1437389954543322,"flow_dst_last_pkt_time":1437389954714572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":117,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00953{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1437389955747893,"flow_src_last_pkt_time":1437389955747893,"flow_dst_last_pkt_time":1437389955800556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":82,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":82,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00955{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1437389956550428,"flow_src_last_pkt_time":1437389956550723,"flow_dst_last_pkt_time":1437389956605099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":115,"flow_src_tot_l4_payload_len":89,"flow_dst_tot_l4_payload_len":198,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00963{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1437389967432431,"flow_src_last_pkt_time":1437389968027107,"flow_dst_last_pkt_time":1437389968027078,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":273,"flow_src_tot_l4_payload_len":85,"flow_dst_tot_l4_payload_len":273,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.WorldOfWarcraft","proto_id":"7.76","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00579{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","packets-captured":800,"packets-processed":797,"total-skipped-flows":0,"total-l4-payload-len":316668,"total-not-detected-flows":2,"total-guessed-flows":11,"total-detected-flows":39,"total-detection-updates":12,"total-updates":0,"current-active-flows":0,"total-active-flows":52,"total-idle-flows":52,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":379,"global_ts_usec":1437389985996137}
+01093{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1437389967432431,"flow_src_last_pkt_time":1437389968027107,"flow_dst_last_pkt_time":1437389968027078,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":273,"flow_src_tot_l4_payload_len":85,"flow_dst_tot_l4_payload_len":273,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.WorldOfWarcraft","proto_id":"7.76","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
+00579{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","packets-captured":800,"packets-processed":797,"total-skipped-flows":0,"total-l4-payload-len":316668,"total-not-detected-flows":1,"total-guessed-flows":12,"total-detected-flows":39,"total-detection-updates":13,"total-updates":0,"current-active-flows":0,"total-active-flows":52,"total-idle-flows":52,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":380,"global_ts_usec":1437389985996137}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 800/797
 ~~ skipped flows.............: 0
@@ -385,9 +386,9 @@
 ~~ total active/idle flows...: 52/52
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6555542 bytes
-~~ total memory freed........: 6555542 bytes
-~~ total allocations/frees...: 123885/123885
+~~ total memory allocated....: 6561024 bytes
+~~ total memory freed........: 6561024 bytes
+~~ total allocations/frees...: 123914/123914
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 302 chars
 ~~ json string max len.......: 2387 chars
diff --git a/test/results/steam.pcap.out b/test/results/steam.pcap.out
index 442e23b4c..a1b8de2b2 100644
--- a/test/results/steam.pcap.out
+++ b/test/results/steam.pcap.out
@@ -272,9 +272,9 @@
 ~~ total active/idle flows...: 55/55
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6511962 bytes
-~~ total memory freed........: 6511962 bytes
-~~ total allocations/frees...: 123134/123134
+~~ total memory allocated....: 6517299 bytes
+~~ total memory freed........: 6517299 bytes
+~~ total allocations/frees...: 123144/123144
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 949 chars
diff --git a/test/results/steam_datagram_relay_ping.pcapng.out b/test/results/steam_datagram_relay_ping.pcapng.out
index b5121168b..2a32f3873 100644
--- a/test/results/steam_datagram_relay_ping.pcapng.out
+++ b/test/results/steam_datagram_relay_ping.pcapng.out
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411804 bytes
-~~ total memory freed........: 6411804 bytes
-~~ total allocations/frees...: 122438/122438
+~~ total memory allocated....: 6416709 bytes
+~~ total memory freed........: 6416709 bytes
+~~ total allocations/frees...: 122448/122448
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 512 chars
 ~~ json string max len.......: 2237 chars
diff --git a/test/results/stun.pcap.out b/test/results/stun.pcap.out
index b1743a7a2..d0a62d477 100644
--- a/test/results/stun.pcap.out
+++ b/test/results/stun.pcap.out
@@ -50,9 +50,9 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6424124 bytes
-~~ total memory freed........: 6424124 bytes
-~~ total allocations/frees...: 122640/122640
+~~ total memory allocated....: 6429053 bytes
+~~ total memory freed........: 6429053 bytes
+~~ total allocations/frees...: 122650/122650
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 2334 chars
diff --git a/test/results/stun_signal.pcapng.out b/test/results/stun_signal.pcapng.out
index efe5789e6..4259c595c 100644
--- a/test/results/stun_signal.pcapng.out
+++ b/test/results/stun_signal.pcapng.out
@@ -209,9 +209,9 @@
 ~~ total active/idle flows...: 23/23
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6464818 bytes
-~~ total memory freed........: 6464818 bytes
-~~ total allocations/frees...: 123144/123144
+~~ total memory allocated....: 6469899 bytes
+~~ total memory freed........: 6469899 bytes
+~~ total allocations/frees...: 123154/123154
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 498 chars
 ~~ json string max len.......: 2326 chars
diff --git a/test/results/syncthing.pcap.out b/test/results/syncthing.pcap.out
index 071c1afc2..b8003c0fa 100644
--- a/test/results/syncthing.pcap.out
+++ b/test/results/syncthing.pcap.out
@@ -46,9 +46,9 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6418020 bytes
-~~ total memory freed........: 6418020 bytes
-~~ total allocations/frees...: 122499/122499
+~~ total memory allocated....: 6422949 bytes
+~~ total memory freed........: 6422949 bytes
+~~ total allocations/frees...: 122509/122509
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 494 chars
 ~~ json string max len.......: 1139 chars
diff --git a/test/results/synscan.pcap.out b/test/results/synscan.pcap.out
index a59aa6f99..0c4c67cbb 100644
--- a/test/results/synscan.pcap.out
+++ b/test/results/synscan.pcap.out
@@ -4687,7 +4687,7 @@
 00758{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1534,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060796851,"flow_src_last_pkt_time":1278275060796851,"flow_dst_last_pkt_time":1278275060796851,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00844{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1083,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060175905,"flow_src_last_pkt_time":1278275060175905,"flow_dst_last_pkt_time":1278275060175905,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5902,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00757{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1083,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060175905,"flow_src_last_pkt_time":1278275060175905,"flow_dst_last_pkt_time":1278275060175905,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5902,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00843{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275059736765,"flow_src_last_pkt_time":1278275059736765,"flow_dst_last_pkt_time":1278275059736765,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
+00922{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275059736765,"flow_src_last_pkt_time":1278275059736765,"flow_dst_last_pkt_time":1278275059736765,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9999,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00756{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275059736765,"flow_src_last_pkt_time":1278275059736765,"flow_dst_last_pkt_time":1278275059736765,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00843{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275058030684,"flow_src_last_pkt_time":1278275058030684,"flow_dst_last_pkt_time":1278275058030684,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5903,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00756{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275058030684,"flow_src_last_pkt_time":1278275058030684,"flow_dst_last_pkt_time":1278275058030684,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5903,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -4695,7 +4695,7 @@
 00758{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1791,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275061108700,"flow_src_last_pkt_time":1278275061108700,"flow_dst_last_pkt_time":1278275061108700,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":55056,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00845{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1619,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060899899,"flow_src_last_pkt_time":1278275060899899,"flow_dst_last_pkt_time":1278275060899899,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55055,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00758{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1619,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060899899,"flow_src_last_pkt_time":1278275060899899,"flow_dst_last_pkt_time":1278275060899899,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00843{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":859,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275059845884,"flow_src_last_pkt_time":1278275059845884,"flow_dst_last_pkt_time":1278275059845884,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
+00922{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":859,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275059845884,"flow_src_last_pkt_time":1278275059845884,"flow_dst_last_pkt_time":1278275059845884,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9999,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00756{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":859,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275059845884,"flow_src_last_pkt_time":1278275059845884,"flow_dst_last_pkt_time":1278275059845884,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00914{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275059346242,"flow_src_last_pkt_time":1278275059346242,"flow_dst_last_pkt_time":1278275059346242,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10000,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoVPN","proto_id":"161","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00757{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275059346242,"flow_src_last_pkt_time":1278275059346242,"flow_dst_last_pkt_time":1278275059346242,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -7993,7 +7993,7 @@
 00756{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275058595442,"flow_src_last_pkt_time":1278275058595442,"flow_dst_last_pkt_time":1278275058595442,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00921{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060335364,"flow_src_last_pkt_time":1278275060335364,"flow_dst_last_pkt_time":1278275060335364,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
 00757{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060335364,"flow_src_last_pkt_time":1278275060335364,"flow_dst_last_pkt_time":1278275060335364,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00575{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","packets-captured":2011,"packets-processed":2011,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":1874,"total-guessed-flows":120,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1994,"total-idle-flows":1994,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7996,"global_ts_usec":1278275079360213}
+00575{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","packets-captured":2011,"packets-processed":2011,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":1872,"total-guessed-flows":122,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1994,"total-idle-flows":1994,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7996,"global_ts_usec":1278275079360213}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2011/2011
 ~~ skipped flows.............: 0
@@ -8002,9 +8002,9 @@
 ~~ total active/idle flows...: 1994/1994
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 10057485 bytes
-~~ total memory freed........: 10057485 bytes
-~~ total allocations/frees...: 146372/146372
+~~ total memory allocated....: 10078334 bytes
+~~ total memory freed........: 10078334 bytes
+~~ total allocations/frees...: 146382/146382
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 1085 chars
diff --git a/test/results/syslog.pcap.out b/test/results/syslog.pcap.out
index b35dc9062..71493ccdc 100644
--- a/test/results/syslog.pcap.out
+++ b/test/results/syslog.pcap.out
@@ -154,9 +154,9 @@
 ~~ total active/idle flows...: 19/19
 ~~ total timeout flows.......: 2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6448942 bytes
-~~ total memory freed........: 6448942 bytes
-~~ total allocations/frees...: 122730/122730
+~~ total memory allocated....: 6453991 bytes
+~~ total memory freed........: 6453991 bytes
+~~ total allocations/frees...: 122740/122740
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 277 chars
 ~~ json string max len.......: 2181 chars
diff --git a/test/results/targusdataspeed_false_positives.pcap.out b/test/results/targusdataspeed_false_positives.pcap.out
index 62c823f5b..83bc29e34 100644
--- a/test/results/targusdataspeed_false_positives.pcap.out
+++ b/test/results/targusdataspeed_false_positives.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6413718 bytes
-~~ total memory freed........: 6413718 bytes
-~~ total allocations/frees...: 122453/122453
+~~ total memory allocated....: 6418631 bytes
+~~ total memory freed........: 6418631 bytes
+~~ total allocations/frees...: 122463/122463
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 516 chars
 ~~ json string max len.......: 1062 chars
diff --git a/test/results/teams.pcap.out b/test/results/teams.pcap.out
index 90aae8a22..67a9e4409 100644
--- a/test/results/teams.pcap.out
+++ b/test/results/teams.pcap.out
@@ -68,629 +68,627 @@
 01120{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677255452,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677266382,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041677266382,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAowUpAAHYGiuE0ccKEwKgBBgG77Hiki1UUf05MrFAQBAE\/YQAAAAAAAAAA"}
 01465{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677269406,"flow_dst_last_pkt_time":1587041677269476,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041677269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}}}
-02281{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":216,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677328754,"flow_dst_last_pkt_time":1587041677327352,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":15383,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041677328754,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":18406.6,"max":49836,"stddev":21194.3,"var":449200096.0,"ent":3.9,"data": [45263,45409,339,49216,21,48838,224,177,1271,46526,45316,1920,4,2,47729,45783,4,2,3,37748,37711,4,8018,8058,5,734,37027,7756,4339,49836,1321]},"pktlen": {"min":52,"avg":680.6,"max":1492,"stddev":673.1,"var":453031.8,"ent":4.2,"data": [64,60,52,258,1492,1375,64,1492,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,825,52,52,52,497,52,83]},"bins": {"c_to_s": [7,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0],"s_to_c": [7,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,1,1,1,1,0,0],"entropies": [4.340968132,5.220872402,4.976373672,5.983667850,7.275708199,7.688739777,5.052015305,7.275113583,4.976373672,6.006431580,5.733948708,5.053297043,7.842315674,7.876612663,7.858495712,5.246409416,7.872724533,7.868679523,7.873967648,7.874578953,5.207947731,7.865746021,7.852710724,5.169486046,7.855942726,7.767035484,5.116507530,5.169486046,5.207947731,7.497245789,4.961856842,5.338891983]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
-01937{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":219,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677297348,"flow_dst_last_pkt_time":1587041677349666,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":3034,"flow_dst_tot_l4_payload_len":8925,"midstream":0,"thread_ts_usec":1587041677349666,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":5148.5,"max":50397,"stddev":9740.5,"var":94877928.0,"ent":3.3,"data": [11421,11522,225,11256,2751,92,13830,124,124,124,3,141,4803,15532,11803,1342,15,233,10,306,235,4,56,10886,31,10351,1699,244,14,50397,30]},"pktlen": {"min":40,"avg":416.0,"max":1492,"stddev":569.7,"var":324516.5,"ent":3.8,"data": [64,52,40,254,46,1492,1492,40,1492,40,1492,257,40,198,46,133,366,109,40,40,78,1480,1047,124,46,78,40,46,46,46,1492,1055]},"bins": {"c_to_s": [8,1,2,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [7,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,0,0,0,0,1,1,0,1,1,1,1,1],"entropies": [4.396777153,4.893245220,4.571928501,5.470339298,4.549461365,7.348021507,7.445699215,4.680641174,7.531925678,4.571928501,7.607865810,7.056878567,4.680641174,6.474961758,4.505983353,6.083388805,7.209881783,5.879484177,4.680641174,4.630641460,5.102818012,7.881052494,7.824805737,6.119441986,4.457919598,5.412868977,4.630641460,4.565872192,4.565871716,4.522393703,7.843515396,7.832207680]}}
-01469{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":219,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677297348,"flow_dst_last_pkt_time":1587041677349666,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":3034,"flow_dst_tot_l4_payload_len":8925,"midstream":0,"thread_ts_usec":1587041677349666,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}}}
-00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1587041677380886,"flow_dst_last_pkt_time":1587041673094451,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041677380886,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGPCzAqAEGlZqnW+SlAbsZTPC8DAoX91AUECaMmwAA"}
-00287{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041677408485,"packet_id":607,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041677408485}
-00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":607,"source":"teams.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041677401264,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1587041677422728,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041677422728,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES5AAEARZ+PAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGADtdrMEAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
-00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041677611261,"packet_id":617,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041677611261}
-00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":617,"source":"teams.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041677424406,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
-00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678029919,"flow_dst_last_pkt_time":1587041678029919,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041678029919,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1587041678029919,"flow_dst_last_pkt_time":1587041678029919,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041678029919,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex5Abv0H+uOAAAAALAC\/\/9XkAAAAgQFtAEDAwUBAQgKMISdwwAAAAAEAgAA"}
-00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1587041678029919,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041678074133,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8KlZAAGwGoSQ0ck0hwKgBBgG77Hk7ZXhQ9B\/rj6ASIAAz8QAAAgQFoAEDAwgEAggKYRL\/2zCEncM="}
-00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1587041678074233,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041678074233,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex5Abv0H+uPO2V4UYAQEAlydQAAAQEICjCEne9hEv\/b"}
-00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":3285032704,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041678074525,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex5Abv0H+uPO2V4UYAYEAlkRgAAAQEICjCEne9hEv\/bFgMBAMkBAADFAwOeU\/FfLHrtrdCBVUwx+w+ija6LF0MoHL44Af8vhwR8KyDASAAAvuo5mSGLHTbLJlo\/aqiaHVmeYbbWtXIqS6QEPwAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
-01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041678074525,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-02444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678120796,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041678120796,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUKldAAGwGm4s0ck0hwKgBBgG77Hk7ZXhR9B\/sXYAQBAVKXAAAAQEICmETAAQwhJ3vFgMDEGYCAABRAwNemFWOOTYxM1NwQpKmeq910c4Y3+sTj8LkGeyXAZo3KyA\/IwAA6KEdJo41XGChq4nIXjJi3Ldaf94\/c7z6UnyyFcAwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"}
-01753{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":625,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678120910,"flow_dst_last_pkt_time":1587041678120987,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041678120987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
-00285{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041678611338,"packet_id":644,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041678611338}
-00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":644,"source":"teams.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041678303901,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
-00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679059584,"flow_src_last_pkt_time":1587041679059584,"flow_dst_last_pkt_time":1587041679059584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679059584,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1587041679059584,"flow_dst_last_pkt_time":1587041679059584,"flow_idle_time":200000000,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1587041679059584,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFmxQAAP8RnTvAqAEGwKgBAfouADUAMTs\/p0sBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="}
-01043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679059584,"flow_src_last_pkt_time":1587041679059584,"flow_dst_last_pkt_time":1587041679059584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679059584,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"b._dns-sd._udp.ntop.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280602,"flow_src_last_pkt_time":1587041679280602,"flow_dst_last_pkt_time":1587041679280602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679280602,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1587041679280602,"flow_dst_last_pkt_time":1587041679280602,"flow_idle_time":200000000,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"thread_ts_usec":1587041679280602,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAIBKZoAAEARjaTAqAEG\/\/\/\/\/0RcRFwB7XmveyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxMzMzNTg3NDkxMjE4NDQ1MzM1NDE0MzUyMjUyODU2OTU0NjIxMiwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzI3NTAzNzA1NjAsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCA0MDU2NDYyNTkyLCA3MDUzNjI3MTg0LCAxNTIyMTc3NTg3LCAxNDIxMTE0Mzk5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="}
-00912{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280602,"flow_src_last_pkt_time":1587041679280602,"flow_dst_last_pkt_time":1587041679280602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679280602,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280885,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679280885,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-01130{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"thread_ts_usec":1587041679280885,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAIBMegAAEARwq7AqAEGwKgB\/0RcRFwB7bcHeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxMzMzNTg3NDkxMjE4NDQ1MzM1NDE0MzUyMjUyODU2OTU0NjIxMiwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzI3NTAzNzA1NjAsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCA0MDU2NDYyNTkyLCA3MDUzNjI3MTg0LCAxNTIyMTc3NTg3LCAxNDIxMTE0Mzk5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="}
-00910{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280885,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679280885,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00288{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041679406816,"packet_id":648,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041679406816}
-00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":648,"source":"teams.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041679280885,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00285{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041679611289,"packet_id":649,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041679611289}
-00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":649,"source":"teams.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041679280885,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
-00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1587041680062816,"flow_dst_last_pkt_time":1587041679059584,"flow_idle_time":200000000,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1587041680062816,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFhq8AAP8RsaDAqAEGwKgBAfouADUAMTs\/p0sBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="}
-00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1587041680062816,"flow_dst_last_pkt_time":1587041680074798,"flow_idle_time":200000000,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_usec":1587041680074798,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB61LQAAEARImfAqAEBwKgBBgA1+i4AZgAAp0uBgwABAAAAAQAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAHAGwAGAAEAAAA7ACkFZG5zZG\/AGwpwb3N0bWFzdGVywBt4ZvNkAACowAAAHCAAJOoAAAACWA=="}
-01053{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":651,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041679059584,"flow_src_last_pkt_time":1587041680062816,"flow_dst_last_pkt_time":1587041680074798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":94,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":94,"midstream":0,"thread_ts_usec":1587041680074798,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"b._dns-sd._udp.ntop.org","dns": {"num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041680216814,"flow_src_last_pkt_time":1587041680216814,"flow_dst_last_pkt_time":1587041680216814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":355,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":355,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":355,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041680216814,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00965{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1587041680216814,"flow_dst_last_pkt_time":1587041680216814,"flow_idle_time":200000000,"pkt_caplen":397,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":397,"pkt_l4_len":363,"thread_ts_usec":1587041680216814,"pkt":"\/\/\/\/\/\/\/\/AICPmq69CABFAAF\/44MAAEARlesAAAAA\/\/\/\/\/wBEAEMBa5dnAQEGABWCmMYYtQAAAAAAAAAAAAAAAAAAAAAAAACAj5quvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBPRP\/j5quvQABAAEfyzfOuCfrPQjbUAB0AQE5AgXcPC1kaGNwY2QtNi4xMC4xOkxpbnV4LTQuOS41Ny12Nys6YXJtdjdsOkJDTTI4MzUMDHBpMy5udG9wLm9yZ5EBATcPAXkhAwYMDxocKjM2Ojt3\/w=="}
-00958{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041680216814,"flow_src_last_pkt_time":1587041680216814,"flow_dst_last_pkt_time":1587041680216814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":355,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":355,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":355,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041680216814,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dhcp": {"fingerprint":"","class_ident":""}}}
-00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":665,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041680294054,"flow_src_last_pkt_time":1587041680294054,"flow_dst_last_pkt_time":1587041680294054,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041680294054,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1587041680294054,"flow_dst_last_pkt_time":1587041680294054,"flow_idle_time":3285032704,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_usec":1587041680294054,"pkt":"KDc3AG3IEBMx8Tl2CABFAABYCTNAAHEGSuNdPpadwKgBBgG77GBJd2ZkkI5L3oAY\/\/uUpgAAAQEICsJ1bW4wg\/kbFwMDAB8AAAAAAAAABVYf48xkHJTZ\/YMO7dmv4tC6Gofi60hR"}
-00892{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041680294054,"flow_src_last_pkt_time":1587041680294054,"flow_dst_last_pkt_time":1587041680294054,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041680294054,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1587041680294054,"flow_dst_last_pkt_time":1587041680294170,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041680294170,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGhUbAqAEGXT6WnexgAbuQjkveAAAAAFAEAAAvzgAA"}
-01982{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":667,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1587041680294649,"flow_dst_last_pkt_time":1587041680294170,"flow_idle_time":3285032704,"pkt_caplen":1156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1156,"pkt_l4_len":1122,"thread_ts_usec":1587041680294649,"pkt":"KDc3AG3IEBMx8Tl2CABFAAR2CTRAAHEGRsRdPpadwKgBBgG77GBJd2aIkI5L3oAY\/\/v9PwAAAQEICsJ1bW4wg\/kbFwMDBD0AAAAAAAAABm9iu+t9XgqZR4s0F3BUPHh3OFodjBrwIjhJ5jzUDrtlDVli1SVxk270m+gEbse5EGdXD2tQPqX+uNfx4B7otIIyfqifH2S\/KFxGyKDkumEYrUX2hsTy4AvsIXg77ggsd77nUCYIUkr9Dcu1K8XBBisxPpHT+zWCDZADIu9GEbXV2\/9sowiGe8yrlpVrokOfQ1DpsHmZowwlG7Bi36UFm+L5Z6cwifqjKB8bGHxJp5qTVRJD\/elikR43sBRzkZfcKqYDSp7JYzhK3QKUfc6m5GUQ5dfnLhv5nlfAs74UtmJ5EyjXuAHe9YxanSSvzzG4JMTWGAY5tTjjtYwpZihFAGx52HToq2O+CpcbwPHV1TLQUDbT2yGJc7gM1GLG5aFGzYu4CebCnnBl2NsUqq80dM5DZBgWZFtSy9z2NYnNFnXM\/L50k82dbGP\/hbFfCNFMS6BvXhwvqUQidPN2cRmVwTsWXaFgKlMTAFoatWZ\/LRmGoWBdnNparAnK8NJzgtzGWejWpNSxsXZQ1NSy\/4QwWmZ1aiyH3lAZfsyIjqYBH478mZLwQeLwCsFzK39ybhvc8awbkRiAIoeLHCDrqRPBNhP62oMKfuuybYfQO5cgeLBcoVWj4YmTHvVqXUaiIJM0ecCweYrE28c1bMOuRYrnD6X5H1vOaut8zUARe+SwmWED1FAd9+LaLocuQm5mzrdNkB6aXE4s0lhsnmXfrvdjFstoXCwJT0nh7ITIpoT2HCapxHTDXopSW+f6iqr0aTti5yh8nUUMgZZ++9jn1o3T3lmRclm9+mgQdUUmHkA3dQCgvlVHN9ZAWzkNyqS56Hs+VXyhIUgDoTONh43ut\/yBnqLWJ6HXKcI6qe1ntdtXyoQyjYZpSOnm2uYp+6WFP8eztjtGexEu6hDqMx2fyQv\/mVl0auJxOvVANURsh9C6cu1LRWqw8SukcmJhO9ptW5iUNYclFK0BRMa7HDoqgqFCccb2WkU4sxDCVFF52CIMR33VkffteHiI9\/NgTNgZERM3tobFzsdXrDpRRXLWDage6O7fLzs8m9hERZCv46Exgndu8ho3VvbFCaZyMsnBpC0\/L6igC1xzLSs2ksZSkx5L9Q7VhMaHlPusEBUMQJ5uA6CkdGrw0a3GiTrkSUGJIGKC7WyL+yh36GZcaflqIrfqPpArwHS0O6hsLRU\/2t+Pwt19umaYcC7QuLOwfSwEr1PxrFtzW1mzlNCKarl0LmPBlPWyV5JfN4y4C1aRVZ7yV7\/4iclnIrddqAkiXdgSc+ai4OnXQhk4fgmfh+Ar5gfpmM8U2v\/X345bEZszWOszb+cdvmzW47cwiYheg59HkuZ4TWUwEFRrPkd047noDz+bhfvXLMYNCStN2XWEGpRFtvI8rpdiTmvHc7+aKDQSaaH8jzVNbso1cSOHqJjXtpeD+vrVfOMXgQ=="}
-00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1587041680294649,"flow_dst_last_pkt_time":1587041680294680,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041680294680,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGhUbAqAEGXT6WnexgAbuQjkveAAAAAFAEAAAvzgAA"}
-00285{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041680611341,"packet_id":669,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041680611341}
-00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":669,"source":"teams.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041680294680,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
-00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681218709,"flow_src_last_pkt_time":1587041681218709,"flow_dst_last_pkt_time":1587041681218709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681218709,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681218709,"flow_dst_last_pkt_time":1587041681218709,"flow_idle_time":200000000,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1587041681218709,"pkt":"EBMx8Tl2KDc3AG3ICABFAABLUFkAAP8R5\/DAqAEGwKgBAd06ADUANyl9Kf0BAAABAAAAAAAAB2NhcHRpdmUFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AAABAAE="}
-01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681218709,"flow_src_last_pkt_time":1587041681218709,"flow_dst_last_pkt_time":1587041681218709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681218709,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","proto_id":"5.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"captive.apple.com.edgekey.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681218709,"flow_dst_last_pkt_time":1587041681248693,"flow_idle_time":200000000,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1587041681248693,"pkt":"KDc3AG3IEBMx8Tl2CABFAACAqEJAADkRFdPAqAEBwKgBBgA13ToAbAAAKf2BgAABAAIAAAAAB2NhcHRpdmUFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AAABAAHADAAFAAEAAADSABkFZTcyNzkFZHNjZTkKYWthbWFpZWRnZcAmwDsAAQABAAAAFAAEFzKeWA=="}
-01067{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":851,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681218709,"flow_src_last_pkt_time":1587041681218709,"flow_dst_last_pkt_time":1587041681248693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041681248693,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","proto_id":"5.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"captive.apple.com.edgekey.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.50.158.88"}}}
-00288{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041681407197,"packet_id":853,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041681407197}
-00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":853,"source":"teams.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041681401604,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00285{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":15,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041681611328,"packet_id":864,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041681611328}
-00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":864,"source":"teams.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041681458450,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
-00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714331,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1587041681714331,"pkt":"EBMx8Tl2KDc3AG3ICABFAABCnaYAAP8RmqzAqAEGwKgBAcdZADUALvSsiC0BAAABAAAAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAE="}
-01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714331,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":866,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714835,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1587041681714835,"pkt":"EBMx8Tl2KDc3AG3ICABFAABRU9EAAP8R5HLAqAEGwKgBAfaCADUAPVgfcugBAAABAAAAAAAAB2V1LXByb2QHYXN5bmNndwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="}
-01056{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":866,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714835,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-prod.asyncgw.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681744695,"flow_idle_time":200000000,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_usec":1587041681744695,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC9OkBAADkRg5jAqAEBwKgBBgA19oIAqQAAcuiBgAABAAMAAAAAB2V1LXByb2QHYXN5bmNndwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAvAACoVYXNtLWFwaS1wcm9kLWV1LXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAQQAFAAEAAAEsABoOd2V1MS1hcGktdGVhbXMIY2xvdWRhcHDAZsB3AAEAAQAAAAoABDRyS0Y="}
-01073{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":873,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681744695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1587041681744695,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-prod.asyncgw.teams.microsoft.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.75.70"}}}
-00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":874,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681745719,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681745719,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681745719,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041681745719,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VHAqAEGNHJLRux6AbuCUaOxAAAAALAC\/\/8ErAAAAgQFtAEDAwUBAQgKMISsLQAAAAAEAgAA"}
-00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":875,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1587041681754842,"pkt":"KDc3AG3IEBMx8Tl2CABFAACo\/M1AADkRwR\/AqAEBwKgBBgA1x1kAlAAAiC2BgAABAAMAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAHADAAFAAEAAAb4ACQPYXNtLWFwaS1wcm9kLWV1DnRyYWZmaWNtYW5hZ2VyA25ldADAMgAFAAEAAAEsABoOd2V1MS1hcGktc2t5cGUIY2xvdWRhcHDAUcBiAAEAAQAAAAUABDRyS0U="}
-01070{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":875,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041681754842,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.75.69"}}}
-00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":876,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681755860,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681755860,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681755860,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041681755860,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VLAqAEGNHJLRex7AbtPkLhOAAAAALAC\/\/8ixgAAAgQFtAEDAwUBAQgKMISsNwAAAAAEAgAA"}
-00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041681772449,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8MUxAAG0Gmwk0cktGwKgBBgG77HoxlVjpglGjsqASIACccwAAAgQFoAEDAwgEAggKVud31zCErC0="}
-00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1587041681772560,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041681772560,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux6AbuCUaOyMZVY6oAQEAnbCgAAAQEICjCErEZW53fX"}
-00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":879,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":3285032704,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"thread_ts_usec":1587041681772814,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEWAABAAEAG+HvAqAEGNHJLRux6AbuCUaOyMZVY6oAYEAmUUgAAAQEICjCErEZW53fXFgMBAN0BAADZAwO+LJEVwOHGYhKiVcLvt6A9rXWEi+VY68GJ4Pnee\/+sYQAAHLq6zKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACU6uoAAP8BAAEAAAAAKAAmAAAjZXUtcHJvZC5hc3luY2d3LnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjq6gAdABcAGAAbAAMCAAL6+gABAA=="}
-01129{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":879,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681772814,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
-00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":880,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041681786454,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PqJAAGwGjrQ0cktFwKgBBgG77HsaOOK2T5C4T6ASIABGlgAAAgQFoAEDAwgEAggKVN17aDCErDc="}
-00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":881,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1587041681786551,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041681786551,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex7AbtPkLhPGjjit4AQEAmFKgAAAQEICjCErFNU3Xto"}
-00794{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":882,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":3285032704,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1587041681786764,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEHAABAAEAG+IvAqAEGNHJLRex7AbtPkLhPGjjit4AYEAnBuAAAAQEICjCErFNU3XtoFgMBAM4BAADKAwNa\/jUh9W55wUB0tnlMq1eAEhrPfTr7oU\/DtVhV\/8e2AwAAHNrazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACFGhoAAP8BAAEAAAAAGQAXAAAUZXUtYXBpLmFzbS5za3lwZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAgqKgAdABcAGAAbAAMCAAJ6egABAA=="}
-01117{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":882,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681786764,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
-02447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":891,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681802258,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041681802258,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUMU5AAG0GlW80cktGwKgBBgG77HoxlV6KglGklIAQBAXbeQAAAQEIClbnd\/MwhKxGsYFQCvPTWcgwCwYDVR0PBAQDAgSwMCgGA1UdEQQhMB+CHSouYXN5bmNndy50ZWFtcy5taWNyb3NvZnQuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQA2X\/om4H+4\/cR81+swhscxS+n0lRF6\/9QaS3UJkZbRbKTCin3OgcYqSG9pYg6G1+1K1UtTBpsolwlA3Wj42xE7Uv4QpgEXC5f0oaTcFK1me59SUtzp5qGDrwX6WjG8Ktb6uYB5gEczE7C4PC+CFPM3paTb5H5cy9SB3sXBctpW9JL3Q4jgLf0RmKI+tU\/yzqXGVuQXEGhEGBnx2gx7c5jv9zuJnDG+h+fy0tJ8oKxrnU3\/YDtE5a8Gc9riCos64k1IwawJ2ex5sg6EIN6aZMm7jlbnY0GaYkT3Xzq9y\/pq48vIUbUNujVUDc5\/R\/SCSk\/dzf6G7\/xO1H5cZnPEC40ThKUvhXFO2qUKIhsUCjzJG5EdSNtcUv8eCyVsfCMB7dRsifQSwSDmGmM4n\/G81i0O9M4b2XZ+YaSEgJZmQx7Uh5AdoOqwYq2SqBhAihGJdwH2XMq283yNTDRqqo\/WVv2tQAJnjORm59j1r8dDWyuUfRzmyA\/balmQRC8\/yMgQswTFwP1y97tt4lyNjydBDOIBJv2TudKgtjqTbU59+fWu1pBkJP0+oPi5U7f32J4ZwXrKLU9tbuRaGYpYaW\/H8\/s8ycG4tlrTfTYH+M+FW9Y1DTTSC08bOYNW3zgFB64XvsPWTwevXfQWad0gfn6zMKIffJ0Woh7B4kndlMdWD8PoFQAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4"}
-01143{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":891,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681802258,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041681802258,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
-02454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681819208,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041681819208,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPqVAAGwGiRk0cktFwKgBBgG77HsaOO33T5C5IoAQBAWJqAAAAQEIClTde4YwhKxTjSsxwxRzId3jeGOcUYa1okhJwHkIFUMAK5m4S+DHVwdsxLmmVC0BU\/Kj8qTM2cFU84jN5EwT04ozIVitGL++OYFwOWk3+FukY+8JB9+HGmLHmgjF0R1eYnYB3WnmOLtEsC1NOsYugOBgclvyzOaOXDohHl2wOSu96hPLlsu2anSMjrwOEJ8bpUBBj5FcdqcO8ao6h7cMd99xai8oYUItkA9yBatn4MF7y5xAmsQKCESMfD26qQ4esdkivR9fQWpzVPZm4qD5pjne0nfzaQS\/t7s8xJP\/cgQctTadaH\/f+jlPsvaPuRz\/re0OFQjjhnzySEl3lxb2\/QD2T6Zeb+c5wFFlPeuxlzDs6p5z\/B4soN+Lz3NftQ4GQhcmlezYqSfQ0GWUXOI\/yigppSD0yN1dtP\/m3QIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBADCaxp1q\/e+TCAy+gnf5dqBtnnswI3uoKVr0aj7HCwyW37hLUuQNnDjteGO1c8AcHzvgp\/9\/SVGVMrjQm6nlz5YDgYDVSmEY\/sRqxt9\/QUYinIBm6w9CoOTzpCGjmNB6dPaM6MPSK6orzhFZGUTnXAcJQuvX\/RVNuW9sRDUmh7qjO2iwgecgyX8TAvPMq58clVDLrmSAu4cKXc6ma7J94z024ilRtyX80AnjsK3EYi4+foUmsvav920xc8YZmKlykwLOygs9POzZcOiA9RareGqHTcaBN6gKdoEGqO8XYHxwEBM8ONczTOQ3ZQj7kbPoFnZhKmX1WJSzRQHvwE8De7gWAAcrAQAHJzCCByMKAQCgggccMIIHGAYJKwYBBQUHMAEBBIIHCTCCBwUwgceiFgQUqShwURmVA+Jp3zLm2A+QCVyZqYAYDzIwMjAwNDE1MTkzMzA5WjCBmzCBmDBMMAkGBSsOAwIaBQAEFE8LW9m32q+ftvNjciJ21uGVriYpBBRYiJ\/W3JxIIrcUPv+EiOjmhf\/6fQITewAE4Lxi6ctlZLvhngAAAATgvIAAGA8yMDIwMDQxNTE5MzMwOVqgERgPMjAyMDA0MTkxOTMzMDlaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTMzMDlaMA0GCSqGSIb3DQEBCwUAA4IBAQBJ3b+j9b9amWJnAoiCkmf2UNIwgNLUYY7i2oIxOcCe4FwtfKqAknYBXLXDmybtzIEQGc9zVWPgZbClw+Dn6abFkbXSG0mhM4QP5D5MQbVxhe7SgYoYVGwkJbmRpd4grc+7uBTiXMgAxBCB5kUsxvRwqLqgwU4Ain2W6hQNvDRMAvojfSg3lYkOFvlf7bcTwOK90BIJGU11EABEc5brrKndHE9hje0klAXbzMZTL8AqrbgnzOZi1rf+0+Wq4RUDesXv6I1AJt7EoKj704jMo9fFhVZPD8osr0ZocAW0OSf5m2CQ\/UMENY99jq5D1K0ZM\/O3ik40uY\/GyUUQa5PIKgTroIIFIzCC"}
-01131{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":902,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681819208,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041681819208,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
-00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":932,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682076700,"flow_dst_last_pkt_time":1587041682076700,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682076700,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682076700,"flow_dst_last_pkt_time":1587041682076700,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041682076700,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VHAqAEGNHJLRux8AbuMg\/cHAAAAALAC\/\/+l4gAAAgQFtAEDAwUBAQgKMIStbAAAAAAEAgAA"}
-00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":933,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682077081,"flow_dst_last_pkt_time":1587041682077081,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682077081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":933,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682077081,"flow_dst_last_pkt_time":1587041682077081,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041682077081,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VLAqAEGNHJLRex9AbuFeblcAAAAALAC\/\/\/qlgAAAgQFtAEDAwUBAQgKMIStbQAAAAAEAgAA"}
-00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":934,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682076700,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682106830,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8XUVAAGwGcBA0cktGwKgBBgG77HwdJJF2jIP3CKASIACM5QAAAgQFoAEDAwgEAggKVscEoDCErWw="}
-00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":935,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682106937,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682106937,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux8AbuMg\/cIHSSRd4AQEAnLdwAAAQEICjCErYpWxwSg"}
-00816{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":936,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":3285032704,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_usec":1587041682107386,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEaAABAAEAG+HfAqAEGNHJLRux8AbuMg\/cIHSSRd4AYEAmCtgAAAQEICjCErYpWxwSgFgMBAOEBAADdAwM8bxQ0whreuqvYvEztjLrW4PBGRpjuL7egzSBD9aU3vgAAHKqqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACYCgoAAP8BAAEAAAAAKAAmAAAjZXUtcHJvZC5hc3luY2d3LnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAISkoAHQAXABgAGwADAgAC2toAAQA="}
-01129{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":936,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682107386,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
-00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":937,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682077081,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682108320,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8CPlAAG0Gw100cktFwKgBBgG77H37toO1hXm5XaASIACQKwAAAgQFoAEDAwgEAggKVQ929DCErW0="}
-00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":938,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682108400,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682108400,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex9AbuFebld+7aDtoAQEAnOvQAAAQEICjCErYtVD3b0"}
-00795{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":939,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":3285032704,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_usec":1587041682108566,"pkt":"EBMx8Tl2KDc3AG3ICABFAAELAABAAEAG+IfAqAEGNHJLRex9AbuFebld+7aDtoAYEAl5vQAAAQEICjCErYtVD3b0FgMBANIBAADOAwNRm85ZKo2j5rIUIlemfdLsNPrk0mWhHKlhPOh2TLU7CwAAHKqqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACJ6uoAAP8BAAEAAAAAGQAXAAAUZXUtYXBpLmFzbS5za3lwZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAI+voAHQAXABgAGwADAgACmpoAAQA="}
-01117{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":939,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682108566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
-00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":948,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682129643,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":948,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1587041682129643,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIVE8AAP8R4\/3AqAEGwKgBAcFqADUANJ5TmvIBAAABAAAAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="}
-01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682129643,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"config.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-02446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":955,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682139467,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682139467,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUXUdAAGwGanY0cktGwKgBBgG77HwdJJcXjIP37oAQBAXL3gAAAQEIClbHBMAwhK2KsYFQCvPTWcgwCwYDVR0PBAQDAgSwMCgGA1UdEQQhMB+CHSouYXN5bmNndy50ZWFtcy5taWNyb3NvZnQuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQA2X\/om4H+4\/cR81+swhscxS+n0lRF6\/9QaS3UJkZbRbKTCin3OgcYqSG9pYg6G1+1K1UtTBpsolwlA3Wj42xE7Uv4QpgEXC5f0oaTcFK1me59SUtzp5qGDrwX6WjG8Ktb6uYB5gEczE7C4PC+CFPM3paTb5H5cy9SB3sXBctpW9JL3Q4jgLf0RmKI+tU\/yzqXGVuQXEGhEGBnx2gx7c5jv9zuJnDG+h+fy0tJ8oKxrnU3\/YDtE5a8Gc9riCos64k1IwawJ2ex5sg6EIN6aZMm7jlbnY0GaYkT3Xzq9y\/pq48vIUbUNujVUDc5\/R\/SCSk\/dzf6G7\/xO1H5cZnPEC40ThKUvhXFO2qUKIhsUCjzJG5EdSNtcUv8eCyVsfCMB7dRsifQSwSDmGmM4n\/G81i0O9M4b2XZ+YaSEgJZmQx7Uh5AdoOqwYq2SqBhAihGJdwH2XMq283yNTDRqqo\/WVv2tQAJnjORm59j1r8dDWyuUfRzmyA\/balmQRC8\/yMgQswTFwP1y97tt4lyNjydBDOIBJv2TudKgtjqTbU59+fWu1pBkJP0+oPi5U7f32J4ZwXrKLU9tbuRaGYpYaW\/H8\/s8ycG4tlrTfTYH+M+FW9Y1DTTSC08bOYNW3zgFB64XvsPWTwevXfQWad0gfn6zMKIffJ0Woh7B4kndlMdWD8PoFQAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4"}
-01143{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":955,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682139467,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041682139467,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
-02439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":964,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682140048,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682140048,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUCPpAAG0GvcQ0cktFwKgBBgG77H37toO2hXm6NIAQBAUeeAAAAQEIClUPdxEwhK2LFgMDF00CAABVAwNemFWQkTKZfyBaLuzO97G0quTrEm7BgPWyftzaEzJa0iBuSwAAwHf6a8yXd\/slaOSfyDbI53lK7p5dSy9A7BIMcMAwAAANAAUAAAAXAAD\/AQABAAsADnAADm0ACK8wggirMIIGk6ADAgECAhN7AATgvGLpy2Vku+GeAAAABOC8MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMTAeFw0xOTA1MDcxMjUwMDNaFw0yMTA1MDcxMjUwMDNaMBoxGDAWBgNVBAMMDyouYXNtLnNreXBlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALSeVBZeaxVgbEF7BDFpA+N3ExF3ZQK1QrQQqA05Ko2A7Gpby+2Es8MXR3Kj2VRAX9P5YFzjF3SN5faeJJRz+j7An2iOLXkwQNkglDT6\/sjB3LbEb7T\/nzN+yIm+S8blVfyih6JM9Apu\/ik1krtvLJUniVwHJtK2\/rOjpX264mOpTx8SQf7TjiIlSs3HiDphOG0YLn3YYZ8njuADtWKju18sgzmH3TMQYaJ5rR8rrvEPgZCHNBk+XQJFexPiGtcDjF2WCQ1CKqCKZf8hKbpm8Y4TnLNUxuhK2E+6sFA1dP+E8Bm6m26cCfBNV3G7APHf8AN1YKGjnSNcO3xC9CoOmEMCAwEAAaOCBHYwggRyMIIB9wYKKwYBBAHWeQIEAgSCAecEggHjAeEAdwC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWqSYTh5AAAEAwBIMEYCIQCK9TKQMvnjt3bF9IskNoov410+TNUfrflXc+EV+7RCFQIhAOhI+FRSDv5ZevTOA7yjzgGxZ7+Vifwc2fzYuzpyLBBgAHYA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFqkmE4gAAABAMARzBFAiAiHsCLrUDabE9VESRZTt4BikyAq6rNE1j3618pfpVpCAIhALEshKOsZh7n88+DKEMN6Qrti43TvlJOQ0RAjLMbS84WAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFqkmE4gwAABAMASDBGAiEAhlim8PX4pyi\/mpblvrIKUelL3OW87784ne5SOBJO7rUCIQCJx97+HPxXSJjEZtGi1euZMJxoXD7mYyvmnAr9RyA7ngB1AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABapJhOJEAAAQDAEYwRAIgSWpW2jkU6iqzOFfqoMvHGTVxpA4qvulMcPxZZ3C6R34CIBq5beRJMDaP8rIHcokNsjMMe+YTY4GBs5JmQen9SUa+MCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAxLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQU3aROfyhw35kc1iGhSMjmHtjM\/20wCwYD"}
-01431{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":969,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682140200,"flow_dst_last_pkt_time":1587041682140797,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":5970,"midstream":0,"thread_ts_usec":1587041682140797,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","server_names":"*.asm.skype.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=*.asm.skype.com","advertised_alpns":"h2,http\/1.1","fingerprint":"B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48"}}}
-00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":975,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"thread_ts_usec":1587041682143053,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC+wIdAADkR\/U\/AqAEBwKgBBgA1wWoAqgAAmvKBgAABAAQAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAs5ACEGY29uZmlnBXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAOAAFAAEAAAALAB8MY29uZmlnLXRlYW1zBnMtMDAwNQhzLW1zZWRnZcBUwGUABQABAAAAOgACwHLAcgABAAEAAABoAAQ0ccKE"}
-01066{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":975,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":162,"midstream":0,"thread_ts_usec":1587041682143053,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"config.teams.microsoft.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.113.194.132"}}}
-00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":976,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682144166,"flow_dst_last_pkt_time":1587041682144166,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682144166,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":976,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682144166,"flow_dst_last_pkt_time":1587041682144166,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041682144166,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx+AbuHxTqTAAAAALAC\/\/\/vlgAAAgQFtAEDAwUBAQgKMIStqwAAAAAEAgAA"}
-00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":977,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682144166,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682156833,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0EIdAAHUGPJk0ccKEwKgBBgG77H5W9rKzh8U6lIAS\/\/\/8MgAAAgQFoAEDAwgBAQQC"}
-00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":978,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682156932,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682156932,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx+AbuHxTqUVvaytFAQIAAc8gAA"}
-00783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":3285032704,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_usec":1587041682157086,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEBAABAAEAGgVPAqAEGNHHChOx+AbuHxTqUVvaytFAYIACSqAAAFgMBANQBAADQAwMdYvXtwu11hWCpvITmw2DM6JIDDr9YgJ4rTdtCECjTrgAAHBoazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACLCgoAAP8BAAEAAAAAHwAdAAAaY29uZmlnLnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjKygAdABcAGAAbAAMCAAKKigABAA=="}
-01128{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":979,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682157086,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
-00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":988,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682169218,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041682169218,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoEIhAAHYGO6Q0ccKEwKgBBgG77H5W9rK0h8U7bVAQBAE4GAAAAAAAAAAA"}
-01517{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1001,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682172494,"flow_dst_last_pkt_time":1587041682172683,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":5949,"midstream":0,"thread_ts_usec":1587041682172683,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1071,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682355684,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1071,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1587041682355684,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPcIEAAP8Rx8TAqAEGwKgBAf9rADUAOydaEDoBAAABAAAAAAAADm5vcnRoZXVyb3BlY25zDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQAB"}
-01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1071,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682355684,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"northeuropecns.trafficmanager.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1102,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682369801,"flow_dst_last_pkt_time":1587041682369801,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682369801,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1102,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682369801,"flow_dst_last_pkt_time":1587041682369801,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041682369801,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex\/Abv2sXoGAAAAALAC\/\/+1wwAAAgQFtAEDAwUBAQgKMISugAAAAAAEAgAA"}
-00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1107,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682370931,"flow_idle_time":200000000,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1587041682370931,"pkt":"KDc3AG3IEBMx8Tl2CABFAACdUKtAADkRbU3AqAEBwKgBBgA1\/2sAiQAAEDqBgAABAAIAAAAADm5vcnRoZXVyb3BlY25zDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQABwAwABQABAAAA5AAyEW5vcnRoZXVyb3BlY25zLTMyC25vcnRoZXVyb3BlCGNsb3VkYXBwBWF6dXJlA2NvbQDAPwABAAEAAAAEAAQ0ckww"}
-01076{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1107,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682370931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1587041682370931,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"northeuropecns.trafficmanager.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.76.48"}}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1124,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682376166,"flow_dst_last_pkt_time":1587041682376166,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682376166,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1124,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682376166,"flow_dst_last_pkt_time":1587041682376166,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041682376166,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+GfAqAEGNHJMMOyAAbuusi7sAAAAALAC\/\/9JyAAAAgQFtAEDAwUBAQgKMISuhQAAAAAEAgAA"}
-00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1153,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682369801,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682420333,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8cKZAAGwGWtQ0ck0hwKgBBgG77H8VHmMl9rF6B6ASIAAZOgAAAgQFoAEDAwgEAggKYQa0RDCEroA="}
-00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1154,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682420448,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682420448,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex\/Abv2sXoHFR5jJoAQEAlXvgAAAQEICjCErqxhBrRE"}
-00787{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1155,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":3285032704,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041682420739,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex\/Abv2sXoHFR5jJoAYEAmOxwAAAQEICjCErqxhBrREFgMBAMkBAADFAwMlzpQNXKnJso0lmbQsWQ9QP0JUtMkYTF2ySEjqwct4CiA\/IwAA6KEdJo41XGChq4nIXjJi3Ldaf94\/c7z6UnyyFQAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
-01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1155,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682420739,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1156,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682376166,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682423316,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HMFAAGwGr7I0ckwwwKgBBgG77ICUvjjErrIu7YAS\/\/+TZQAAAgQFoAEDAwgBAQQC"}
-00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1157,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682423394,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682423394,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG+H\/AqAEGNHJMMOyAAbuusi7tlL44xVAQIAC0JAAA"}
-00809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1158,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":3285032704,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"thread_ts_usec":1587041682423900,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEUAABAAEAG95PAqAEGNHJMMOyAAbuusi7tlL44xVAYIABbPwAAFgMBAOcBAADjAwOLjruZZJmwp+AQ5ixl8mdC3oKgE\/9DUAxdN3dPhROtcwAAHCoqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACe+voAAP8BAAEAAAAAMgAwAAAtbm9ydGhldXJvcGUubm90aWZpY2F0aW9ucy50ZWFtcy5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIysoAHQAXABgAGwADAgACWloAAQA="}
-01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1158,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":236,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682423900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
-00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682440956,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041682440956,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES9AAEARZ+LAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAHT\/ICoAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
-02448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1160,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682467714,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682467714,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHMNAAGwGqhA0ckwwwKgBBgG77ICUvj5xrrIv2VAQCAS9XwAAx23sJOl22cozxfimMAsGA1UdDwQEAwIEsDBJBgNVHREEQjBAgiMqLm5vdGlmaWNhdGlvbnMudGVhbXMubWljcm9zb2Z0LmNvbYIZKi5ub3RpZmljYXRpb25zLnNreXBlLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAaMoTg\/CrkXvH3jnb1h9ibtDE5NT9WRyEmtWPdlMgqhbXA+eyQkb6BYaT\/ta0E\/bOL5hM07pSBrD5uauHzlX4vs6BmFI3X35rS4lnHgq3cUKdaq3M5dfcGtIoKERK4KHEXYdDhAF8RY9DfZJta8j9hj4NqjvMcG7hzkZJWkwVjeh7J49fLI2k+ojmtb1lfRr9wT7N317pl9QMlUj3HrapDo2fvCe\/9jktj3lbttPHLsuaLesAF3dE1wm5y4UOzoiawZGA4Fu5fMnwFxWfpzZRwMq0O\/xKMAg5RkinWwDyzGDnwCbl\/c52s299ZBhbtM6yURpSqq0aQFxtyQoGGDw\/qhMEVa25dds5d0iBdM6KFgBsOhenjJcJxMzPvvOPmkJltWXhqnxSJWsJkaqh7zSNoA5U1JZzOXFYRt3uw3OVIBSfQ21T75pEiBJReA5mMtRoJjyJYo4d7ViJlpWq6D+qmTq9MD3A+u3+2YaocGXunqdlchKzuckM3C3Mck\/119eusSb9+YO\/2kHgBIQsNEyRtMbVXs6aJDUwnxYYIGRAPR16yCXImFMfJYah5q6a0OgPBMYG1cJ5tHN0+DQkL0jj0N6DmBrUSDSDele8PSh59PdIzO8wgJ\/BtAAk1rmVDiVhBV4spP7GSKWzbAS3cC\/0tn2xGj\/VdVxgHiGox4WbcNAABbgwggW0MIIEnKADAgECAhAIuHpQG76c2i0WTT45Ub9VMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MTI4WhcNMjQwNTIwMTI1MTI4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCO8\/GEdXe8vsmk9RalUytQYJnc2H3ZJLXhckk3SP7ahpOjfR2aSxBNd3l+Zal8bjbiR9Q2SdDMJAInFOKucc3ZV3Q8EFYZkkqHYvnjkI1e3tFBGxqmH0CiLB6OVdcm2GhCq+wN3t1eYZWzrGyBzqjgra9fyqbkUWguJ\/1UKnGkzLt+kvH2U1EFMdAZgrDKY9DySgALzfRpS\/Ra"}
-01154{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1160,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682467714,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":236,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041682467714,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
-00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682484937,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682484937,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0cKdAAGwGWts0ck0hwKgBBgG77H8VHmMm9rF61YAQBAVitAAAAQEICmEGtIQwhK6s"}
-01755{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1185,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682557246,"flow_dst_last_pkt_time":1587041682557307,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041682557307,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
-00286{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041682611214,"packet_id":1189,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041682611214}
-00329{"packet_event_id":1,"packet_event_name":"packet","packet_id":1189,"source":"teams.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041682598222,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682668456,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682668456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682668456,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682668456,"flow_idle_time":200000000,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_usec":1587041682668456,"pkt":"EBMx8Tl2KDc3AG3ICABFAABW2rQAAP8RXYrAqAEGwKgBAeC6ADUAQqKILzcBAAABAAAAAAAACHByZXNlbmNlCHNlcnZpY2VzA3NmYg50cmFmZmljbWFuYWdlcgNuZXQAAAEAAQ=="}
-01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682668456,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682668456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682668456,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"presence.services.sfb.trafficmanager.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682697730,"flow_idle_time":200000000,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_usec":1587041682697730,"pkt":"KDc3AG3IEBMx8Tl2CABFAACny9dAADkR8hbAqAEBwKgBBgA14LoAkwAALzeBgAABAAIAAAAACHByZXNlbmNlCHNlcnZpY2VzA3NmYg50cmFmZmljbWFuYWdlcgNuZXQAAAEAAcAMAAUAAQAAASwANRRhLXVwcy1wcmVzZW5jZTQtcHJvZAtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AwEYAAQABAAAABgAENHJNOg=="}
-01083{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1201,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682668456,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682697730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":1587041682697730,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"presence.services.sfb.trafficmanager.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.58"}}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1202,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041682698689,"flow_dst_last_pkt_time":1587041682698689,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682698689,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1202,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682698689,"flow_dst_last_pkt_time":1587041682698689,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041682698689,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG913AqAEGNHJNOuyBAbtgCOGqAAAAALAC\/\/\/jdgAAAgQFtAEDAwUBAQgKMISvtwAAAAAEAgAA"}
-00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1208,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682740607,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682740607,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041682740607,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682740607,"flow_idle_time":3285032704,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1587041682740607,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEdws9AADEGDl2ifRODwKgBBgG767gSqyGfi6a7DoAYAWi65wAAAQEICpHNoqswhBBbFwMDAOQAAAAAAAAACKmKftpP18TObpudfRHF+x2Q26rJbEiP394UtjZJPj4wSIR\/hp3JlNrAGtpUw45IgQ+\/Td3gBgwIaydoMxwS3i93S6aIvQahVpj\/c5RwIn5XTgvMLlxphbaNgBQKVcUBzOyFCFmX25bboaZrE8yGPewBV8YF9rPw3wiL2qX6gOrVwGBD+SxN5WBWFI2hGO+JWJUmRSYMjHC+44xSTFiyxGwuYeySW1fNosn1ZrrnxmEfRHvkqjQUYvkmRW87MNYmA\/nzpUUAJUjx7fyAlsSNV0cWWtSO31yX1lU5orE="}
-00899{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1208,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682740607,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682740607,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041682740607,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Dropbox","proto_by_ip_id":121,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1209,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682740712,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682740712,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGwxXAqAEGon0Tg+u4AbuLprsOEqsiiIAQD\/hw3AAAAQEICjCEr+CRzaKr"}
-00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682698689,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682744342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA09YRAAGwG1eQ0ck06wKgBBgG77IG+FZNKYAjhq4AS\/\/+qaAAAAgQFoAEDAwgBAQQC"}
-00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1211,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682744445,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682744445,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG93XAqAEGNHJNOuyBAbtgCOGrvhWTS1AQIADLJwAA"}
-00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1212,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":3285032704,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_usec":1587041682744658,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEDAABAAEAG9prAqAEGNHJNOuyBAbtgCOGrvhWTS1AYIAAsUQAAFgMBANYBAADSAwPkbX85xJUsmCJfCQtb2nqS5r5NxitfmjfkWtCVFh+GIgAAHEpKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACNCgoAAP8BAAEAAAAAIQAfAAAccHJlc2VuY2UudGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACAoKAB0AFwAYABsAAwIAAkpKAAEA"}
-01123{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1212,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682744658,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
-01327{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1213,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745381,"flow_idle_time":3285032704,"pkt_caplen":665,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":665,"pkt_l4_len":631,"thread_ts_usec":1587041682745381,"pkt":"EBMx8Tl2KDc3AG3ICABFAAKLAABAAEAGwL7AqAEGon0Tg+u4AbuLprsOEqsiiIAYEAA0LgAAAQEICjCEr+ORzaKrFwMDAlK2BaXSajSAVWEKj3frXxijYpT3GD2Cuos6bxaeeEb0O6UJhzmzPZI\/SWy+fgBnTfneCwusduYkx4s3F4xCn2MY3DEvpr\/P48ATzKlJ++OHqI7OI3KpokJ1bF8YwJjJpFyWkPT0\/gdDA2C0thwexYlLgVCHe4dECfAKO3ai6a9AkpIGftSCmWnSsB7\/GodcDd1wDIWHn+mS6A9bTO\/2sRCfLQjmwaqnM\/0Kd1DorrQMm9TT6\/w11NzOyGJGqVRWfthWKCJ2r5CEFaogXR64MxPpr2FM6spcuDUY4C3Hc53Q7uc97BndljPBEgsGGu2WIs1hpBKyBrbp4cakeWFrgRHILDge\/JLjoB\/we0ie6rPfHdzAzbH+CVHboc7ECVvIV6N2Rd\/z5fI6cJ5y1i\/CGpe9JS\/DjF+npNlL3gVvBs3y7VpT4ziTRBRlbzG6hzfaYWVE\/I1GNwloup0kRP0\/\/fFg59buQBmTxdHJsfm4laPDQEGg2\/E9TD5wbcmagME1tYB8Z6HaDDAe1MbrBXtLSM8VMS0ZeI23LZfgw6dIscXGQh+EZCVohYQ2K\/dCOtZqYIGlXsZd11O+bX\/KPVaVnsGCQqimWVbYkJXTdkE5fdL4ibwUdj8vI7+8IXUv8oArxAdVEWB2+pth6d9Zti7C4SxMlmajA50jkJHElO8G4w6Wzb86qkyK4WbkuYLazUSRxEvrQrVtZjtDDcEAhbB3i\/CCiXoyK9403MAI7UV+NXn0+Iqmacnoi+GSVKkccDjbrlFQ3qxHSBpnh\/Zt22FSB4TV4eA="}
-02438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1214,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745498,"flow_idle_time":3285032704,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1587041682745498,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAGvYHAqAEGon0Tg+u4AbuLpr1lEqsiiIAQEADIXgAAAQEICjCEr+SRzaKrFwMDIBe2BaXSajSAVsA+S0rbnqiekP4iuZq32HuCU1Zk8b7DobfyXAMC40RMGMmv03seNmRLB1WBKOAndSNsjwejL\/4UdAY51oTzt\/idB5m9EO71\/T1MmFynzxV07rmvd3Y7KFXQR\/+x23FlX8GjLiPfQFhiUhRh28ymzOk2Fma1O328pbgtPmfOm2\/I1HthpOnXap2OPKovdSqIn\/dOEzmEXK5RH4Vhc7yfPS0tJ3lq\/j9Y4mE4jZEoUqARpTmnt\/EmaVbJrcge1AqzkW+CZ+w4JlO7k9TdFEi5TByHM4C1T005glLtZNkRmPpMGHQbjibw3NTyD4LLOA7ibrI0r9IDNmoeUUfh8DCZdpfo3pxnEzyt7oapZ3bsP3f2dkvlxSg+Dlv55qlRYMXtNU7tnt3+G6vIRUNWvNYWxEeaewlxO7D31DoGy39yf6\/Uf40kqlYmjJklCFuyytx+XwcWqT4ARI652Z\/KTokqiY0d8hvIMHweZqCdsZ3sZLcS92z0hCZYB+QTk3oNwXMxF3HPTJhWvhOq0wqkZDSVoE431Wjz26KTR\/D\/dA5pInq8bEC3yVuUKN1PLZW9Mz7MYJyzusjyBNsPLXM5O8OEeeK5MiWTYDXzmOLsLkb2vkB\/HV4y3Ev95rIiSF36Cpgqv6+0aR866vdj7FtuF34EidwFeCf1Bf+A5YjRmGj3oaiwxanjseDhhtnxhUTf19iNoEFSzhAIqnGHRAvLOkI5d3FBbQQt+YdQcTmf4uC9ThNnySNA0HXREePQs7huoiwdf2bLMzadvLcQRiRnWU7Hl35DzJo7SAfHQVc1y7a5SVG8H0C\/gvRNuAfv3HAV07QuKJAR49iIkFCcVRaJ\/jE5NYdjrNiiLdvzoxuEZ0dWMxMftRotvm8FM6ig5uEvIZbx9cs5I19iYZQ+xjuzmSG9hz4iz+WjzAoY1dmLOtgbT\/XB2FXmqmn+QhnOY3Ljx0J2ha7XjBQ8hWDhzClw138COO6BoFzaLcXOQXTKJXlqio99G1EHem2LSJs4Fip7GdtxGPNIMZ40wLG2DFzen08a5EPl23FFXPX0SR69Sbx3M0R+hQyRTGJvzQ2b0FETVcaGBWv\/AJUXgawU3fpNn7TAnn6usnhvfGudG7WV4wZ6vkSA+LX0MCVzjn7ur93PxY\/kpdqz3fuiKZIsdz1qUGtjG9iABsh28XZ9j4vR0VSK81wLD3NNpJ2yPv0bwOqpCaovF6tXQ1Ews6XsxqJi5G36BrzaJ5\/NXawhnu8ri1Vz28LUjmOZPpd6keVddX571\/oIU+Q3p3lccmI7+gjH3KqlUBiHCmpfZcYeOnCUEoJ6+9LH3uDsI4lVcAzp2csO0NXDwcfvMalB6gajtPszvwIJElID7GHKx1BsawLle+AuhD6lA8\/ePLwyuj37+iokrx6+vklOjmfe4s9diN429ybZIsLrxpS9gvhCcqJjHRib1BY+X07qe0e72A4QTMrUQvOqVAnCJ6MepkVyL+TYwE71AQhIyEcdhSMj5NByh+Ps2+o6B6TxNGxL+Hz7Gkx+JsBR2inYY8O+Lv0UT9kVL4KGsfhNjVDtOQlSBGenVIqSWzA0IMPQo8+3Of8Hq4M82zM4CAZ0HSDgvnwrTIr12aPKQZeXdT79Zkpu9xzzr2tssbkalNRSPafbicgt9KUTproDv5wkhK7YwHiqPcGR0QVqeIcuyQotM2kpYtKzEsnaTsMsANkeXwUSaYMnhtvVUO0AlG4\/nEwlNMBHzNthJE9IyucPPp6lNbtpzJXbzjnbqhKzr1pBPW1NzcsmUvTf4AThdCxRFDDYC8Q9bGPZ8M76S438LhtuVyUo\/lD6YFPci0DvupTGZalsukVJfD\/0b05qjSDFI9eEwsvlchodrzNqwexfGQO0oqhK"}
-02438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1215,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745501,"flow_idle_time":3285032704,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1587041682745501,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAGvYHAqAEGon0Tg+u4AbuLpsL5EqsiiIAQEABs5gAAAQEICjCEr+SRzaKrei53o4vFQHMBld1Fh\/SJ7lY\/Br6V6nMJYu3OAHgdn1qCcCSFYKKt9BOxyQf3yfDnlntHKN9zdEPSvXN\/0hi8YerzFHTzlE9CpJ2R08FI9jE11z3fnVvhf8e7OcEQqRZgxnPlEzNldSNYqEcmHkXvJhZMq8lx7wyR4LUbGNhgoKdPGH278UPChna6A3t6rVbTyY26njMEfo0Zm6rhpJo44iHLRIKvpaj2GQsfRT+cQeJIZ7CCI7T1q2PUyZhm1ySaJCt2LeO9BPdVU6xJnGhMV\/aWAPQcJ6kB0bxcZrLoRiXTU5Sjkns\/IiFNL\/xvNJTPnSiFRhwUoHK+lhufNQUo13wAlnryX9ux9knlEKyd0St6x6x3\/0AcGE5iocc88TMKvbPeEJdROrTHJPBGw3wEtTcJnsCO86HHTsshAVdGVqkIx3wKVLP63U4Kblp4jy32ZZqt5mrVmtgkvfyXyOjEWSHg9\/kbER4PSr77Twprpqx983VEq2Hcb9Z5Mm3nOhfwTP2T3g\/CCF8QgaWGZrUDu1iiRUPI6K2BHYirquzyMaFufY9V8GpIhq1n1xceUiQLPYGN3l5fQJCiBdXfFafOcSFxIjVpojrL2EOuqK2nuMjLQQp+4Aqc6WZPgm2ebUN\/iKkfC2yH2bLExo2MPi3VUFi92NENpciPyW+eXAFY69MJj5yxa5BiY59sQ5ELiBJlv7RkENWrGuHIllIcpW3ItUf5UzQsbStrqU99fkGX6jKCwXrvMoRcz4OdAQSCuL42ekbFYHiL0ne5NvHaRIqcek4\/JcqoZpMdpQey7y+2Dl6doTImRGjrtsYDDKgFGhDU4N8dTso9ThZ3fuQI5GnuKCyDE7AIeVXiQlYv5F01woYov2hCUZp7ZcJSt2ohbipTR8\/9XsRLAxqgXB5GsFcoOvfysdpEjckn3ixs\/e\/E+9YhRVwcgw9hwvaxpOHeSVNLQn1UC1jd6XPsedgr5CYCUUWjOwS77pYeBf15DMuXoTC2DTw4N0qK0I2k9jO2h06\/VwS+DdyYzdZyIEDJootRjKr6+oHebS0B7nXpok59GLbGxDjEh9wakV1SZs7RvQXUIMtwshnqDiJum9ddTnNB2+bpdzgJa3FjnjCyxjYAJBZhtEPLvmmDoY+ugXE9QtbOp299K6ArOZPB6JuK4rlVYneXIpSl0yfeQgFoaNPTPCWdaxvM+AfcOB7YkH0w1UJu2dyLSmHw42qCGfzhxeXIbZVNdJjctQ0Cqo5zXErR1874K9\/40112SIrZY04P1wdyAy51DHX6xP4DMvjfqz6wVaf6gJ\/DZxBp20paRElTtDQN\/dHqjokoah04MvpFxBCi0Oy+R7CfKweUnqAqr1HqpFAPT9qsa8YrIc8G0wUUzeAax4URzLWOt85EjAnPLK1DAQYPq0v9Q0KLOsGsn1kbSvDpNs37iMzwcZRFzWoLHwwnKhxoV5ph1YHpzct0GfB5TMtawMLt6xx8fpDVN\/qmtv7vr0PwcpkWAe12mwk6YMCBt5BjA8f7N0hNc28Z18gN\/CgGnUTUJNyHOY9\/otIhpyZk2nAcBRRfiJ1pLKbDvtAKXiFEDhY9R4CdMU31jbFPykJh6n2eH+U5nfePcR\/NQL8CGF86lRBvbS1BffGRulEfJVi517lk3dtmRmFX4czmj4U5S0fLX7dTEWdkjlqGvyPwcgdLRBZYccWZ3e0IwyZLzh4ZvqC6GXgR\/YxXU2EyExTuarC8OxvaikQEuWDLdXLrVfF\/5zh5AAnOxdXMDpgpl7zVyHlEg1yLy9mLgj1yQgKUqwCNhyVJZLyPBjuKvSewLkE6Yb4TMgTQzgnkGvHFjAbR3wnBeO3lqHZFEbIHcmklDS0L5Y7TchFMURbahXYDs4fVUOyQ800EYRGVfodFdgqI"}
-02443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1228,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682792228,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682792228,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXU9YZAAGwG0EI0ck06wKgBBgG77IG+FZj3YAjihlAQCAQbpwAAahz3MIwwCwYDVR0PBAQDAgSwMIHfBgNVHREEgdcwgdSCIyoubm9hbS5wcmVzZW5jZS50ZWFtcy5taWNyb3NvZnQuY29tgiMqLmVtZWEucHJlc2VuY2UudGVhbXMubWljcm9zb2Z0LmNvbYIjKi5hcGFjLnByZXNlbmNlLnRlYW1zLm1pY3Jvc29mdC5jb22CJSoubm9hbWRmLnByZXNlbmNlLnRlYW1zLm1pY3Jvc29mdC5jb22CHioucHJlc2VuY2UudGVhbXMubWljcm9zb2Z0LmNvbYIccHJlc2VuY2UudGVhbXMubWljcm9zb2Z0LmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAFfJmXOb1G3\/gkDpDClarQB6kon6qcwX4Kh295CbM2AS5Vgj29434HX0cY+Z9iv\/MTbIOmx9325DU4Jkds6+IU\/YaIPC6iJQpcE2e349x3dnDm3opekdQpM9PDa129MKr2YMPfEeN8v0qTyUuQZhGs4n0KhbSGQjx5\/B9gHGSpxe32oG49c+UQMe29vQ918eWYGlRxmosgaDo1O8G3hucKxVwq7wwZImn3rzlX2p3MvbHeLrrJ0NnlDsEaTwHS4Q6zzFHSGKHEGxwFQAn8mD1A4CEULHR5utg70c+5SvpcPBwDRulBAl1YVyuiG0lQXudeFRPjGil0p6dBb5dVHM6sDa+2bhTnT5Xrs6ALFkSOC2eT01f34o0LD\/iYJpYUBbRpunp7qdsCEujVxZR8n0k581k760zp6eOKdldSwGD2zCkU49qbfX71ampz0Sa7apdvaSE3KDX92BVUqVgQf0FXIZml2UETl7GkuJ7ywmJNZy\/VBh5fwF2G5tkeqqgUFl6Pz5ffSKavNMdYdiF0oJdwf95BiDLfhWMFAZ\/Az1Qj25O939c39zHdQmU2Gk65JAtVnlAhmcxyqDVZJv7WCLyYv8x3gCNb27V5dMzb8gu1mMtVqxF0t9OtLhe0ZVbT57TWBzaMHvBs\/e9XYiw9V9PDcm\/ctwDNyy0pJxMD8+96LUABbgwggW0MIIEnKADAgECAhAIuHpQG76c2i0WTT45Ub9VMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MTI4WhcNMjQwNTIwMTI1MTI4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCO8\/GEdXe8vsmk"}
-01137{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1228,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682792228,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041682792228,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
-01960{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1244,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682803345,"flow_dst_last_pkt_time":1587041682803309,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":20291,"flow_dst_tot_l4_payload_len":4254,"midstream":0,"thread_ts_usec":1587041682803345,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":27969.4,"max":152917,"stddev":40324.3,"var":1626047232.0,"ent":3.6,"data": [50532,50647,291,64604,72036,210,136507,124,96,1421,68048,86231,152917,2268,6,3,46387,44112,4,2,3,23630,23615,4,20861,20866,7,7,3,845,765]},"pktlen": {"min":52,"avg":819.7,"max":1492,"stddev":699.2,"var":488828.9,"ent":4.3,"data": [64,60,52,258,52,1492,1492,52,1375,52,145,52,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480]},"bins": {"c_to_s": [5,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0],"s_to_c": [7,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0],"entropies": [4.384982109,5.323234558,4.961856842,5.939832211,5.116507530,7.288343430,7.267649651,5.000318527,7.662917614,4.961856842,5.882802486,5.193430901,5.624773026,4.961856842,7.851280689,7.841383457,7.873037815,5.154969692,7.851320267,7.856824398,7.856104374,7.863511562,5.154969215,7.862011433,7.862949848,5.154969215,7.888728619,7.861488342,7.847744942,7.865393639,5.193430901,7.879679203]}}
-01760{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1244,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682803345,"flow_dst_last_pkt_time":1587041682803309,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":20291,"flow_dst_tot_l4_payload_len":4254,"midstream":0,"thread_ts_usec":1587041682803345,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
-00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682809173,"flow_dst_last_pkt_time":1587041682809173,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682809173,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682809173,"flow_dst_last_pkt_time":1587041682809173,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041682809173,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+gHAqAEGp2PXpOyCEVImrEWfAAAAALAC\/\/+rgAAAAgQFtAEDAwUBAQgKMISwIQAAAAAEAgAA"}
-00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682809173,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682862686,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7ILLfLe3JqxFoKAS\/ogNbwAAAgQFrAQCCAoTeRnVMISwIQEDAwc="}
-00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1299,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682862738,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682862738,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyCEVImrEWgy3y3uIAQECwqYQAAAQEICjCEsFATeRnV"}
-01203{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1300,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":3285032704,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1587041682863165,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG+AjAqAEGp2PXpOyCEVImrEWgy3y3uIAYECxutgAAAQEICjCEsFATeRnVFgMBAgABAAH8AwOllRwzFBLD2fGS0RdMQwmyeJX+rt9niSTc6LgefMaOGyDe8bvsDQaKZ\/SHTClTSUEpcKfm8tnRcB\/XxmDM4wjf0gByEwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAK0Aq8yuzK3MrACdAKnMqwCsAKoAnACoAD0APMA4wDYAtwCzAJUAkQA1AK8AjcA3wDUAtgCyAJQAkAAvAK4AjAD\/AQABQQAAABIAEAAADWRhdGkubnRvcC5vcmcACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgvrFq4xkMZjK7jeeGFDXjFBVctkvDk2bUa2GIO\/qlb3oAFQB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-01292{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1300,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682863165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1344,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682917091,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682917091,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wZNAADQGRHqnY9ekwKgBBhFS7ILLfLe4JqxHpYAQAfo2WAAAAQEIChN5GgswhLBQ"}
-01380{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1345,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682917561,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041682917561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-02147{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1439,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041683063920,"flow_dst_last_pkt_time":1587041683109441,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2687,"flow_dst_tot_l4_payload_len":6860,"midstream":0,"thread_ts_usec":1587041683109441,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":25031.7,"max":201410,"stddev":47065.5,"var":2215158784.0,"ent":3.2,"data": [45653,45756,213,47886,30,47672,17,83,202,104,167,9896,9950,3499,10390,395,51386,37078,221,190,155,7115,7018,1251,1197,79250,201410,7,34,167536,222]},"pktlen": {"min":40,"avg":340.2,"max":1492,"stddev":510.3,"var":260451.7,"ent":3.8,"data": [64,52,40,259,1492,1492,52,40,40,1492,1492,40,453,40,198,133,503,91,40,109,40,78,78,40,479,40,46,1480,150,206,46,82]},"bins": {"c_to_s": [11,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [3,3,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,0,1,1],"entropies": [4.396777153,4.984685898,4.571928501,5.447037697,7.103639126,7.377305508,4.748330116,4.680641174,4.521928787,7.565583706,7.619148254,4.680641174,7.502402782,4.680641174,6.615381718,6.130319118,7.576011658,5.374610424,4.630640984,5.982717991,4.530641556,5.189125538,5.402576923,4.680641174,7.496559143,4.680641174,4.505983353,7.866451740,6.633583069,6.711987019,4.522393703,5.435414791]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1443,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041683142905,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683142905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683142905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1443,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683142905,"flow_idle_time":200000000,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1587041683142905,"pkt":"EBMx8Tl2KDc3AG3ICABFAABOVgkAAP8R4j3AqAEGwKgBAeCgADUAOmwyTTEBAAABAAAAAAAACmNoYXRzdmNhZ2cEc3ZjcwV0ZWFtcwZvZmZpY2UDY29tAAABAAE="}
-01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041683142905,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683142905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683142905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"chatsvcagg.svcs.teams.office.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1452,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683184989,"flow_idle_time":200000000,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1587041683184989,"pkt":"KDc3AG3IEBMx8Tl2CABFAADQTcNAADkRcALAqAEBwKgBBgA14KAAvAAATTGBgAABAAMAAAAACmNoYXRzdmNhZ2cEc3ZjcwV0ZWFtcwZvZmZpY2UDY29tAAABAAHADAAFAAEAAAAMACoVdGVhbXMtY2hhdHN2Y2FnZy1wcm9kDnRyYWZmaWNtYW5hZ2VyA25ldADAPgAFAAEAAAEsADAWbXNnLXVrc28tMDEtY2hhdHN2Y2FnZwd1a3NvdXRoCGNsb3VkYXBwBWF6dXJlwCnAdAABAAEAAAAFAAQ0clg7"}
-01071{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1452,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041683142905,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683184989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":180,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":180,"midstream":0,"thread_ts_usec":1587041683184989,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"chatsvcagg.svcs.teams.office.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.88.59"}}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1453,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683186164,"flow_dst_last_pkt_time":1587041683186164,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683186164,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1453,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1587041683186164,"flow_dst_last_pkt_time":1587041683186164,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041683186164,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG7FzAqAEGNHJYO+yDAbslAEUuAAAAALAC\/\/+uKgAAAgQFtAEDAwUBAQgKMISxhQAAAAAEAgAA"}
-00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1587041683186164,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041683220355,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8HR9AAG0GokE0clg7wKgBBgG77INQlxoFJQBFL6ASIAAufwAAAgQFoAEDAwgEAggKAdQEQDCEsYU="}
-00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1455,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1587041683220462,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041683220462,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7GjAqAEGNHJYO+yDAbslAEUvUJcaBoAQEAltDgAAAQEICjCEsaYB1ARA"}
-00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":3285032704,"pkt_caplen":287,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":287,"pkt_l4_len":253,"thread_ts_usec":1587041683220741,"pkt":"EBMx8Tl2KDc3AG3ICABFAAERAABAAEAG64vAqAEGNHJYO+yDAbslAEUvUJcaBoAYEAkhLAAAAQEICjCEsaYB1ARAFgMBANgBAADUAwMl\/B1Vk9A1CXIA2wtxg6SSBUkcTlC\/1\/z0\/eteey4O7gAAHJqazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACP2toAAP8BAAEAAAAAIwAhAAAeY2hhdHN2Y2FnZy50ZWFtcy5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAICgoAHQAXABgAGwADAgACSkoAAQA="}
-01125{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1456,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683220741,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"chatsvcagg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
-02439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683257226,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041683257226,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHSFAAG0GnKc0clg7wKgBBgG77INQlx+mJQBGDIAQBAUMBAAAAQEICgHUBF0whLGmFMuT5WpzTDiCSYT3xi9v6V14KwZXMAsGA1UdDwQEAwIEsDApBgNVHREEIjAggh5jaGF0c3ZjYWdnLnRlYW1zLm1pY3Jvc29mdC5jb20wgawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDEuY3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDEuY3JsME0GA1UdIARGMEQwQgYJKwYBBAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NwczAfBgNVHSMEGDAWgBRYiJ\/W3JxIIrcUPv+EiOjmhf\/6fTAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIBADlaSLft\/Il2mfNfS96UN1u6SRdI6uOdxV\/SghC34ek6RV73kkGH\/KgGm5Qpn7ZmjaE7sCW67DpV9CSox9Z3dhmyY3WubiTFoRkhvmI2ia7VsKC3uTVFKGfcG3LipFC\/23JDrzT7qcdgDJzOLWf3MLJd1Kyh6NVC9EjRBrGrjji8xmok7R0RS8CcrVoIMxOsb4aFIvlKHgOLGwrUEg+jJK1WekigAR\/pyb5Ve0qqD3wvtdis9OWT8zz+JfQQtYBGzTf3Zo2YdFfy+cLVdoneW08GcCeeO0e+2qhhnfoQYTUFxVDlSKesMCCZ19oghBpnMirb2zEgWNe+6hV0VBHo0qa0oI+8VxV0m5jsWGKpN5r0RSQeZVBFjmNPja7EWAv9BG0nDBvzPaTNS9lsRoXc1ue7UQ2fGyQcImPgttcAOrqAGM9U+s0UrVqPi9GRGdpB+ymstXnktW0UVXqemudrGvUxOJRKDRvwctjZP2On9XpkEuwYzeJ7edeTKIXaTMPr5bSi6KtPMv8scypPxl6auLwwuyW3phPvh3sr9vdYmG1LA+UpioWKxGVlTy3H5MrR\/a3CRRhXX1OZmYh1RDRwmACanys8duLXWdgmjDNNxzIBOXG7wiGPQfS3+9iG0JTdXjbTpu3jNtZbvAVXCu9kow13tCXvpYdCShakHGed8k9wAAW4MIIFtDCCBJygAwIBAgIQCLh6UBu+nNotFk0+OVG\/VTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE2MDUyMDEyNTEyOFoXDTI0MDUyMDEyNTEyOFowgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSAxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjvPxhHV3vL7JpPUWpVMrUGCZ3Nh92SS14XJJN0j+2oaTo30dmksQTXd5fmWpfG424kfUNknQzCQCJxTirnHN2Vd0PBBWGZJKh2L545CNXt7RQRsaph9AoiwejlXXJthoQqvsDd7dXmGVs6xsgc6o4K2vX8qm5FFoLif9VCpxpMy7fpLx9lNRBTHQGYKwymPQ8koAC830aUv0WpZWOSbJnUsKYzQy"}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1492,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683333389,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683333389,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683333389,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041683333389,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyEAbsX4foHAAAAALAC\/\/8Q\/AAAAgQFtAEDAwUBAQgKMISyEgAAAAAEAgAA"}
-00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041683378966,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VAJAAGwGd3g0ck0hwKgBBgG77IQbiSB\/F+H6CKASIABpjQAAAgQFoAEDAwgEAggKYR77TDCEshI="}
-00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1494,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1587041683379074,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041683379074,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyEAbsX4foIG4kggIAQEAmoEAAAAQEICjCEsj9hHvtM"}
-00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1495,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":3285032704,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041683379360,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyEAbsX4foIG4kggIAYEAle8wAAAQEICjCEsj9hHvtMFgMBAMkBAADFAwNQ2mjoGM5bceT+50qedBeC2QzxBSnWB8x+XpaOKMz6dSCjQgAAk2B6jpiMP4aNnNPzeGx44\/6X3U2RH3y64O03zgAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
-01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1495,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683379360,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-02445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1500,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683430778,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041683430778,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVANAAGwGcd80ck0hwKgBBgG77IQbiSCAF+H61oAQBAWFnQAAAQEICmEe+38whLI\/FgMDEGYCAABRAwNemFWT1kX8u9ATY\/YCwH831ucgt0juCj9cD9NieB4F3SDMFgAAPSmx1EB8rJYwgB6DDk65Ho1qqYZPmBoFpBpgkMAwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"}
-01755{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1503,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683430891,"flow_dst_last_pkt_time":1587041683431072,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041683431072,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
-02149{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1516,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683511604,"flow_dst_last_pkt_time":1587041683511700,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2582,"flow_dst_tot_l4_payload_len":7792,"midstream":0,"thread_ts_usec":1587041683511700,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":20999.2,"max":115070,"stddev":31123.6,"var":968681216.0,"ent":3.5,"data": [34191,34298,279,36871,33,36580,20,190,171,120,2,98,1011,12039,309,36028,22727,226,163,129,10387,10298,599,557,77127,91684,7,49137,80440,115070,185]},"pktlen": {"min":52,"avg":377.2,"max":1492,"stddev":521.7,"var":272149.2,"ent":3.9,"data": [64,60,52,273,1492,1492,64,52,1492,52,1492,302,52,178,145,533,103,52,121,52,90,90,52,414,52,52,1480,247,52,227,52,1139]},"bins": {"c_to_s": [11,1,1,1,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [3,2,1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,1,1,0,1],"entropies": [4.278468132,5.100120544,4.678913116,5.492300034,7.395298958,7.335471153,4.813810349,4.784870625,7.534573555,4.736229897,7.601704121,7.355720520,4.823332310,6.256767273,6.195283890,7.525622368,5.556344509,4.861793995,6.029422760,4.861793995,5.382391453,5.548377514,4.823332310,7.376307011,4.861793995,5.063529015,7.847518921,6.993651390,4.986605644,6.825597286,4.731892109,7.799232483]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041684291077,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684291077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684291077,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684291077,"flow_idle_time":200000000,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1587041684291077,"pkt":"EBMx8Tl2KDc3AG3ICABFAABC19sAAP8RYHfAqAEGwKgBAegLADUALnZLN+4BAAABAAAAAAAACXN1YnN0cmF0ZQZvZmZpY2UDY29tAAABAAE="}
-01055{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041684291077,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684291077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684291077,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","proto_id":"5.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"substrate.office.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1686,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684304618,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1587041684304618,"pkt":"KDc3AG3IEBMx8Tl2CABFAADIzNlAADkR8PPAqAEBwKgBBgA16AsAtAAAN+6BgAABAAUAAAAACXN1YnN0cmF0ZQZvZmZpY2UDY29tAAABAAHADAAFAAEAAABCABQJc3Vic3RyYXRlB21zLWFjZGPAFsAyAAUAAQAAABYACAVhZmQta8AWwFIABQABAAAAGQAoEm91dGxvb2stb2ZmaWNlLWNvbQZrLTAwMDIIay1tc2VkZ2UDbmV0AMBmAAUAAQAAAKAAAsB5wHkAAQABAAAAoQAEDWsSCw=="}
-01072{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1686,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041684291077,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684304618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":172,"midstream":0,"thread_ts_usec":1587041684304618,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","proto_id":"5.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"substrate.office.com","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.18.11"}}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1687,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684306115,"flow_dst_last_pkt_time":1587041684306115,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684306115,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1587041684306115,"flow_dst_last_pkt_time":1587041684306115,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041684306115,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGWZTAqAEGDWsSC+yFAbvNnLiZAAAAALAC\/\/\/7GwAAAgQFtAEDAwUBAQgKMIS1wQAAAAAEAgAA"}
-00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1697,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1587041684306115,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041684317619,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0FJpAAHUGEAYNaxILwKgBBgG77IU13hw0zZy4moAS\/\/\/HZQAAAgQFoAEDAwgBAQQC"}
-00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1698,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1587041684317725,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041684317725,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGWazAqAEGDWsSC+yFAbvNnLiaNd4cNVAQIADoJAAA"}
-00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1699,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":3285032704,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1587041684317987,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGWNnAqAEGDWsSC+yFAbvNnLiaNd4cNVAYIAB7OAAAFgMBAM4BAADKAwNT9yhcRBpq6+zC6hAkiruFzkDB0iUODZ2vqxEjURraCwAAHGpqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACF2toAAP8BAAEAAAAAGQAXAAAUc3Vic3RyYXRlLm9mZmljZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAja2gAdABcAGAAbAAMCAAK6ugABAA=="}
-01129{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1699,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684317987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
-00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1701,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684329497,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041684329497,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoFJtAAHYGDxENaxILwKgBBgG77IU13hw1zZy5bVAQBAEDUQAAAAAAAAAA"}
-01976{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1722,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684362150,"flow_dst_last_pkt_time":1587041684362335,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":4396,"midstream":0,"thread_ts_usec":1587041684362335,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","tls": {"version":"TLSv1.2","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2"}}}
-01962{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1751,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041684314927,"flow_dst_last_pkt_time":1587041684501131,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1329,"flow_dst_tot_l4_payload_len":7087,"midstream":0,"thread_ts_usec":1587041684501131,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":146055.7,"max":2009785,"stddev":489503.9,"var":239614050304.0,"ent":1.7,"data": [12667,12766,154,12385,2459,251,14879,502,529,250,3,817,4854,17134,1376,20,13097,4,249,321,136,11841,14,11155,108,621,112917,113684,1998116,2009785,174632]},"pktlen": {"min":40,"avg":305.2,"max":1492,"stddev":468.1,"var":219152.8,"ent":3.8,"data": [64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345]},"bins": {"c_to_s": [9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1],"entropies": [4.396777153,4.984685421,4.571928501,5.492863178,4.462504387,7.269914627,7.475378990,4.630641460,7.477076530,4.571928501,7.667408466,6.767431736,4.680641174,6.542833328,4.505983353,7.221371651,5.957443714,4.630641460,4.630640984,6.221683502,5.214766979,7.578815937,4.414441109,5.396905422,4.571928501,4.457919598,4.522393703,7.482207775,4.680641174,7.242818356,4.478915691,7.266457558]}}
-01520{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1751,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041684314927,"flow_dst_last_pkt_time":1587041684501131,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1329,"flow_dst_tot_l4_payload_len":7087,"midstream":0,"thread_ts_usec":1587041684501131,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}}}
-01948{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1756,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684950374,"flow_dst_last_pkt_time":1587041684410372,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":3472,"flow_dst_tot_l4_payload_len":5797,"midstream":0,"thread_ts_usec":1587041684950374,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":24145.7,"max":539594,"stddev":94604.1,"var":8949939200.0,"ent":1.9,"data": [11504,11610,262,11878,32500,90,44163,247,1,223,3839,7741,325,72,14634,1492,13,4159,11,266,6513,474,6734,4309,9884,14215,10718,10725,539594,6,314]},"pktlen": {"min":40,"avg":331.5,"max":1492,"stddev":473.5,"var":224192.2,"ent":3.9,"data": [64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248]},"bins": {"c_to_s": [9,1,1,0,2,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [5,2,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,0,0,0,0],"entropies": [4.428027153,4.893245220,4.521928310,5.397158146,4.505983353,6.671830177,7.464404583,4.630641460,7.577803612,5.737496376,4.680641174,6.516131401,6.154890537,7.647973537,6.500202656,4.505983353,7.196300030,5.817581654,4.611769199,4.561769485,5.250086308,4.457919598,5.392898560,4.630641460,4.522393227,7.690679073,4.680641174,7.335716724,4.680641174,7.846065521,7.720572472,6.957527637]}}
-01980{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1756,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684950374,"flow_dst_last_pkt_time":1587041684410372,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":3472,"flow_dst_tot_l4_payload_len":5797,"midstream":0,"thread_ts_usec":1587041684950374,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","tls": {"version":"TLSv1.2","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2"}}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685090830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685090830,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685090830,"flow_idle_time":200000000,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1587041685090830,"pkt":"EBMx8Tl2KDc3AG3ICABFAABJHhYAAP8RGjbAqAEGwKgBAe89ADUANcKVVKoBAAABAAAAAAAABGV1YXoCdHIFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQAB"}
-01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685090830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685090830,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"euaz.tr.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1776,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685091534,"flow_src_last_pkt_time":1587041685091534,"flow_dst_last_pkt_time":1587041685091534,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685091534,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1776,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685091534,"flow_dst_last_pkt_time":1587041685091534,"flow_idle_time":200000000,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1587041685091534,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZE40AAP8RJK\/AqAEGwKgBAdGuADUARafs9AEBAAABAAAAAAAAD3Ryb3V0ZXIyLWFzc2UtYQd0cm91dGVyBXRlYW1zCW1pY3Jvc29mdANjb20AABwAAQ=="}
-01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1776,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685091534,"flow_src_last_pkt_time":1587041685091534,"flow_dst_last_pkt_time":1587041685091534,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685091534,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1777,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685092516,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685092516,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685092516,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1777,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685092516,"flow_idle_time":200000000,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1587041685092516,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZD5kAAP8RKKPAqAEGwKgBAf7OADUARYKEB0oBAAABAAAAAAAAD3Ryb3V0ZXIyLWFzc2UtYQd0cm91dGVyBXRlYW1zCW1pY3Jvc29mdANjb20AAAEAAQ=="}
-01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1777,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685092516,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685092516,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685092516,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1778,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685093044,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685093044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685093044,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1778,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685093044,"flow_idle_time":200000000,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1587041685093044,"pkt":"EBMx8Tl2KDc3AG3ICABFAABRstMAAP8RhXDAqAEGwKgBAcXdADUAPUwYqlcBAAABAAAAAAAAA2FwaQtmbGlnaHRwcm94eQV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="}
-01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1778,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685093044,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685093044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685093044,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"api.flightproxy.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1781,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685091534,"flow_dst_last_pkt_time":1587041685104871,"flow_idle_time":200000000,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"thread_ts_usec":1587041685104871,"pkt":"KDc3AG3IEBMx8Tl2CABFAACfqZ9AADkRFFfAqAEBwKgBBgA10a4AiwAA9AGBgAABAAIAAAAAD3Ryb3V0ZXIyLWFzc2UtYQd0cm91dGVyBXRlYW1zCW1pY3Jvc29mdANjb20AABwAAcAMAAUAAQAADYsAHg90cm91dGVyMi1hc3NlLWEIY2xvdWRhcHADbmV0AMBJABwAAQAAAAUAECoBARHxAHAAAAAAAG\/dVKE="}
-01081{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1781,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685091534,"flow_src_last_pkt_time":1587041685091534,"flow_dst_last_pkt_time":1587041685104871,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":131,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":131,"midstream":0,"thread_ts_usec":1587041685104871,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"42.1.1.17"}}}
-00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1782,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685105349,"flow_idle_time":200000000,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_usec":1587041685105349,"pkt":"KDc3AG3IEBMx8Tl2CABFAACTMl9AADkRi6PAqAEBwKgBBgA1\/s4AfwAAB0qBgAABAAIAAAAAD3Ryb3V0ZXIyLWFzc2UtYQd0cm91dGVyBXRlYW1zCW1pY3Jvc29mdANjb20AAAEAAcAMAAUAAQAADNUAHg90cm91dGVyMi1hc3NlLWEIY2xvdWRhcHADbmV0AMBJAAEAAQAAAAgABDRyDy0="}
-01082{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1782,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685092516,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685105349,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":119,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1587041685105349,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.15.45"}}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1783,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685106192,"flow_dst_last_pkt_time":1587041685106192,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685106192,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1783,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685106192,"flow_dst_last_pkt_time":1587041685106192,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685106192,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGNWvAqAEGNHIPLeyHAbsC\/Q6WAAAAALAC\/\/9IhwAAAgQFtAEDAwUBAQgKMIS4zgAAAAAEAgAA"}
-00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1792,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685127636,"flow_idle_time":200000000,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1587041685127636,"pkt":"KDc3AG3IEBMx8Tl2CABFAADKzTRAADkR8JbAqAEBwKgBBgA1xd0AtgAAqleBgAABAAMAAAAAA2FwaQtmbGlnaHRwcm94eQV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAA4OACoDYXBpC2ZsaWdodHByb3h5BXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAQQAFAAEAAAEsACcbYy1mbGlnaHRwcm94eS1ldW5vLTAxLXRlYW1zCGNsb3VkYXBwwGbAdwABAAEAAAAGAAQ0ck2I"}
-01075{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1792,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685093044,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685127636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":174,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":174,"midstream":0,"thread_ts_usec":1587041685127636,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"api.flightproxy.teams.microsoft.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.136"}}}
-00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1797,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685136892,"flow_idle_time":200000000,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_usec":1587041685136892,"pkt":"KDc3AG3IEBMx8Tl2CABFAADDZa9AADkRWCPAqAEBwKgBBgA17z0ArwAAVKqBgAABAAMAAAAABGV1YXoCdHIFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQABwAwABQABAAALoAAiBGV1YXoCdHIFdGVhbXMOdHJhZmZpY21hbmFnZXIDbmV0AMA5AAUAAQAAAAAAMBJiLXRyLXRlYW1zLWV1bm8tMDULbm9ydGhldXJvcGUIY2xvdWRhcHAFYXp1cmXAJMBnAAEAAQAAAAoABDRy+ns="}
-01195{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1797,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685136892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":167,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":167,"midstream":0,"thread_ts_usec":1587041685136892,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"euaz.tr.teams.microsoft.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.250.123"}}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1798,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685171649,"flow_src_last_pkt_time":1587041685171649,"flow_dst_last_pkt_time":1587041685171649,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685171649,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1798,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685171649,"flow_dst_last_pkt_time":1587041685171649,"flow_idle_time":200000000,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685171649,"pkt":"EBMx8Tl2KDc3AG3ICABFAABADGUAAP8RK\/DAqAEGwKgBAeRZADUALJr8l0UBAAABAAAAAAAAB291dGxvb2sGb2ZmaWNlA2NvbQAAAQAB"}
-01053{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1798,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685171649,"flow_src_last_pkt_time":1587041685171649,"flow_dst_last_pkt_time":1587041685171649,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685171649,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","proto_id":"5.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"outlook.office.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1799,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685171649,"flow_dst_last_pkt_time":1587041685185131,"flow_idle_time":200000000,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1587041685185131,"pkt":"KDc3AG3IEBMx8Tl2CABFAADeqaxAADkRFAvAqAEBwKgBBgA15FkAygAAl0WBgAABAAYAAAAAB291dGxvb2sGb2ZmaWNlA2NvbQAAAQABwAwABQABAAAANQAMCXN1YnN0cmF0ZcAUwDAABQABAAAAxQAUCXN1YnN0cmF0ZQdtcy1hY2RjwBTASAAFAAEAAAAmAAgFYWZkLWvAFMBoAAUAAQAAACYAKBJvdXRsb29rLW9mZmljZS1jb20Gay0wMDAyCGstbXNlZGdlA25ldADAfAAFAAEAAACgAALAj8CPAAEAAQAAAJ8ABA1rEgs="}
-01070{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1799,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685171649,"flow_src_last_pkt_time":1587041685171649,"flow_dst_last_pkt_time":1587041685185131,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":194,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":194,"midstream":0,"thread_ts_usec":1587041685185131,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","proto_id":"5.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"outlook.office.com","dns": {"num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.18.11"}}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1805,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685232231,"flow_dst_last_pkt_time":1587041685232231,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685232231,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1805,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685232231,"flow_dst_last_pkt_time":1587041685232231,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685232231,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyIAbtyjZOTAAAAALAC\/\/8ViAAAAgQFtAEDAwUBAQgKMIS5SgAAAAAEAgAA"}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1806,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685240465,"flow_dst_last_pkt_time":1587041685240465,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685240465,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1806,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685240465,"flow_dst_last_pkt_time":1587041685240465,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685240465,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyKAbtGGzTNAAAAALAC\/\/8rVAAAAgQFtAEDAwUBAQgKMIS5UgAAAAAEAgAA"}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1807,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685243104,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685243104,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685243104,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1807,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685243104,"flow_idle_time":200000000,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1587041685243104,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPU3QAAP8R5NHAqAEGwKgBAchtADUAO5eNyGMBAAABAAAAAAAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAHAAB"}
-01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1807,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685243104,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685243104,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685243104,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skypedataprdcolneu04.cloudapp.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1808,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685248604,"flow_dst_last_pkt_time":1587041685248604,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685248604,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1808,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685248604,"flow_dst_last_pkt_time":1587041685248604,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685248604,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyLAbsws\/klAAAAALAC\/\/\/xvAAAAgQFtAEDAwUBAQgKMIS5WgAAAAAEAgAA"}
-00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1809,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685251950,"flow_dst_last_pkt_time":1587041685251950,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685251950,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1809,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685251950,"flow_dst_last_pkt_time":1587041685251950,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685251950,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR4XAqAEGKH4JB+yMAbvF6IfFAAAAALAC\/\/8d8gAAAgQFtAEDAwUBAQgKMIS5XQAAAAAEAgAA"}
-00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1810,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685240465,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685253368,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0w5JAAHUGiY00ccKEwKgBBgG77IqoHlkCRhs0zoAS\/\/9MIAAAAgQFoAEDAwgBAQQC"}
-00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1811,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685253460,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685253460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyKAbtGGzTOqB5ZA1AQIABs3wAA"}
-00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1812,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":3285032704,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_usec":1587041685253933,"pkt":"EBMx8Tl2KDc3AG3ICABFAADiAABAAEAGgXLAqAEGNHHChOyKAbtGGzTOqB5ZA1AYIAAZhwAAFgMBALUBAACxAwNemFWVZrT7WTFXDzKTJwgyjyi4pczPS4OaStHQgrmy6wAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXAAAAB8AHQAAGmNvbmZpZy50ZWFtcy5taWNyb3NvZnQuY29tAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"}
-01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1812,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685253933,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1813,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_usec":1587041685256108,"pkt":"KDc3AG3IEBMx8Tl2CABFAACb\/nFAADkRv4jAqAEBwKgBBgA1yG0AhwAAyGOBgAABAAAAAQAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAHAABwCEABgABAAAADgBABHByZDEOYXp1cmVkbnMtY2xvdWTAKgZtc25oc3QJbWljcm9zb2Z0A2NvbQB9o\/w8AAADhAAAASwACTqAAAAAPA=="}
-01064{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1813,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685243104,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1587041685256108,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skypedataprdcolneu04.cloudapp.net","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1814,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685106192,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685261856,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0jN1AAG0Ge5k0cg8twKgBBgG77IfA1AaRAv0Ol4AS\/\/+iigAAAgQFoAEDAwgBAQQC"}
-00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1815,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685261955,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685261955,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGNYPAqAEGNHIPLeyHAbsC\/Q6XwNQGklAQIADDSQAA"}
-00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1816,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":3285032704,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"thread_ts_usec":1587041685262299,"pkt":"EBMx8Tl2KDc3AG3ICABFAADzAABAAEAGNLjAqAEGNHIPLeyHAbsC\/Q6XwNQGklAYIAAraAAAFgMBAMYBAADCAwNemFWVnmpu5iBYzDA0OwyTFl3gYWrTqQBuMzMR9X7FRwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAbQAAADAALgAAK3Ryb3V0ZXIyLWFzc2UtYS50cm91dGVyLnRlYW1zLm1pY3Jvc29mdC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="}
-01240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1816,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685262299,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1817,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685265739,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041685265739,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAow5NAAHYGiJg0ccKEwKgBBgG77IqoHlkDRhs1iFAQBAGIJAAAAAAAAAAA"}
-01596{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1824,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685269429,"flow_dst_last_pkt_time":1587041685269476,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":5936,"midstream":0,"thread_ts_usec":1587041685269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}}}
-00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1828,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685232231,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685278616,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8aa1AAGwGYc00ck0hwKgBBgG77IgacWa+co2TlKASIABIJQAAAgQFoAEDAwgEAggKYR7cGTCEuUo="}
-00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1829,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685278702,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685278702,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyIAbtyjZOUGnFmv4AQEAmGrAAAAQEICjCEuXNhHtwZ"}
-00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1830,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":3285032704,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041685278900,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyIAbtyjZOUGnFmv4AYEAk6ggAAAQEICjCEuXNhHtwZFgMBAMkBAADFAwO15W+8jaHI2sAcvPxYu3fOurYjru\/fmNz9T6MzJf3JQCDMFgAAPSmx1EB8rJYwgB6DDk65Ho1qqYZPmBoFpBpgkAAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
-01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1830,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685278900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1833,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685251950,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685280598,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VD9AAGwGx0kofgkHwKgBBgG77IwJMzAcxeiHxqASIADLBQAAAgQFoAEDAwgEAggKUkq4VzCEuV0="}
-00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1834,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685280662,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685280662,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5HAqAEGKH4JB+yMAbvF6IfGCTMwHYAQEAkJnwAAAQEICjCEuXRSSrhX"}
-00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1835,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":3285032704,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1587041685281210,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRpvAqAEGKH4JB+yMAbvF6IfGCTMwHYAYEAl4\/QAAAQEICjCEuXVSSrhXFgMBAPEBAADtAwMO1aNpNC\/DfNA+zTgvlq4OTJH4Eaani+1AUzQaqTtdmgAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"}
-01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1835,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685281210,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
-00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1841,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685248604,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685294102,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VA1AAGwGd200ck0hwKgBBgG77IvHJo2qMLP5JqASIAAqDQAAAgQFoAEDAwgEAggKYR8CxDCEuVo="}
-00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1842,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685294163,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685294163,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyLAbsws\/kmxyaNq4AQEAlolwAAAQEICjCEuYBhHwLE"}
-00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1843,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":3285032704,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041685294436,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyAABAAEAG9sTAqAEGNHJNIeyLAbsws\/kmxyaNq4AYEAkImQAAAQEICjCEuYFhHwLEFgMBALkBAAC1AwNemFWVha04P4CUw6CKshmFd7ZG0fMDUFnrEIuMFFDaDAAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAYAAAACMAIQAAHm1vYmlsZS5waXBlLmFyaWEubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="}
-01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1843,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685294436,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-02439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1846,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685312634,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685312634,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVEFAAGwGwa8ofgkHwKgBBgG77IwJMzW9xeiIvIAQBAWJ5wAAAQEIClJKuHcwhLl1i+Wbrav3bQpcZNAwCwYDVR0PBAQDAgSwMIIBJgYDVR0RBIIBHTCCARmCGWxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb22CG2xvZ2luLm1pY3Jvc29mdG9ubGluZS1wLmNvbYIbbG9naW5leC5taWNyb3NvZnRvbmxpbmUuY29tghpsb2dpbjIubWljcm9zb2Z0b25saW5lLmNvbYIkc3RhbXAyLmxvZ2luLm1pY3Jvc29mdG9ubGluZS1pbnQuY29tgh1sb2dpbi5taWNyb3NvZnRvbmxpbmUtaW50LmNvbYIfbG9naW5leC5taWNyb3NvZnRvbmxpbmUtaW50LmNvbYIebG9naW4yLm1pY3Jvc29mdG9ubGluZS1pbnQuY29tgiBzdGFtcDIubG9naW4ubWljcm9zb2Z0b25saW5lLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEARVCFDXaNOijZYnNGoRWvtuOpazT+6a5NhffPDEd8mw13I5P2ZjdjuwO0BCuAa0rcrb9Xsv2qMoirtQ46ssv7U4RUbJ2q644olWDdoDLw3u2IwAi4+it8uqFANVWf479pYNzQSRACICWvLYyZOXoCzSVgryqqt6S9JYKLV\/5cOCwnLGXIMXunQZDJ9OLbjk3hV+y1gACDA7qTWXqQxmgI9aFpumAbRwTxqZV913sHD\/Cf4ut1VrXdDHEcgGroOgboavAnBPF1buLwyr8dsFVfenl1cv4K6OyxBhOa\/qPQC3E1A4UNtSz4dz0swsNbngQZDrl3H9MqpMRswrpJ9jUAZ4uzcbjmByMFT7UrO5NyfE2e754OXgg0kzSG7F0aYPVW64WQaAN5alS554Apkxzpnhy4dbLpcc+qDxw4uZRbEMvvqiGy3Tzvw2N2ZlLhpfCA79zVH3D9QcugIgQY75KsamAAzOcbXq0zT0xKgmRKBpdzG5DeC2KsBbrTTak1bUSSPLjvYpHhgabRiV7OEik97n1Dth5jNj0APlNTe65xy1gwKh4ItrHo4sQMKfxY9NyTKSBVKN3poUeJpe9p2ArtCr\/ZmVWqTui7XFpZPfiQUHWHxyvx0VTPR40NEp\/NGn3Uw7Bd\/MS5F6AKZAjGFEeyvsfA2p3QKRyzfNkfQWM3fP8ABbgwggW0MIIEnKADAgECAhAIuHpQG76c2i0WTT45Ub9VMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MTI4WhcNMjQwNTIwMTI1MTI4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE"}
-01181{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1846,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685312634,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041685312634,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
-02447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1861,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685327366,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685327366,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUaa5AAGwGXDQ0ck0hwKgBBgG77IgacWa\/co2UYoAQBAV+ZwAAAQEICmEe3EYwhLlzFgMDEGYCAABRAwNemFWVd4ONVISrGBzenOh1wz59KlhffXpAp\/SRVzeitiAuDwAAZ8HaIUQ\/TUKOJyzDpeZ2C6OXN9Z66nmD08\/sf8AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"}
-01755{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1864,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685327559,"flow_dst_last_pkt_time":1587041685327736,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041685327736,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
-02447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1868,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685350456,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685350456,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVA5AAGwGcdQ0ck0hwKgBBgG77IvHJo2rMLP55IAQBAVq\/gAAAQEICmEfAvowhLmBFgMDF7oCAABVAwNemFWVkv8HhgEBqRl7J096sK\/AcfyJkv6Je+CA9SLGGCApBQAAsHV\/DAKaYivrrDw\/3qGp42fGJ7afmMuMlyPWksAwAAANAAUAAAAXAAD\/AQABAAsADt0ADtoACRwwggkYMIIHAKADAgECAhMWAAq9oyiKJqzr8XheAAAACr2jMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDAeFw0xOTEwMTAyMTU1MzhaFw0yMTEwMTAyMTU1MzhaMCYxJDAiBgNVBAMMGyouZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKvCd9UicgkwpI8bSwvCRO2lOesvtPd+z3GH6xRllv8Ei9b8VelLW2PuVMgau2FL6GVCPmGFiOhTMrB6Z5IhkEeYdzS19ordJYDNCTCV4CGHzvr3YSWpcXIsFnyRznGOPnlEMKU5qRnjk8yv7HdVvlTmG5IFjydJQBIE3EVy\/zWWQLcnHvkr+Pm+Ix8GPacEMThyVrZ57NGyt4w\/0XALYy3lIrBrwRrbdUiLTzkL4A+otgHb4wpI6lV59J8U\/8irhpL7YotYvOZ643jEuaSoC\/jdiOIKCF3kQGitPPXXdCq5zTupCxIYUh4B8CR5z8H6nlx9UNqdWcNq9d5jrCXcj+0CAwEAAaOCBNcwggTTMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAW23tMw9AAAEAwBHMEUCIF1LvMGCv0Kl+bp5C3GlL+E\/KEFrucmW+jN0WG1BTye7AiEAlb84qvncp6SV0hcgJPmaG243TJvGYrss3NJol6FvYZkAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAW23tM08AAAEAwBHMEUCIDiK+zbmA9fB\/F+jlf2HQYINB6AsuO6IJw9RLZW6d2VYAiEAgFQKKr4w6oc+CLe9pgqJVTk\/xWbnsVo3VT1pL7gD2NQAdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAW23tMxBAAAEAwBIMEYCIQDC8ilwFdB7z4rC1+bZS4g04LUlLUYH350FnOYfD3Y\/DwIhAKOhDWx9PqjkWoW1QpLAVveNHTmUFKE125bJ\/m64vRMUMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUGvpD1lPIMLQZUxjL0t3R6SFpb+0wCwYDVR0PBAQDAgSwMIHyBgNVHREEgeowgeeCGyouZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIZZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIZKi5waXBlLmFyaWEubWljcm9zb2Z0LmNvbYIO"}
-01755{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1874,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685350807,"flow_dst_last_pkt_time":1587041685350857,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":6079,"midstream":0,"thread_ts_usec":1587041685350857,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
-02446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1902,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685419490,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685419490,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUjN5AAG0Gdfg0cg8twKgBBgG77IfA1AaSAv0PYlAQCARVFQAAFgMDF0UCAABVAwNemFWVsa3S0qCCJCKRvR5FvfRm4ku4Wp9dZjR4sGYcKSB2HAAAgvc9nFx0wNSQ+kfvV9B0Mq9ipN+Lt19U\/tPHHsAwAAANAAUAAAAXAAD\/AQABAAsADkgADkUACIcwggiDMIIGa6ADAgECAhMgAA1\/5iyI2CMUD4FHAAAADX\/mMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMjAeFw0xOTExMjkxNzU3NThaFw0yMTExMjkxNzU3NThaMCgxJjAkBgNVBAMMHSoudHJvdXRlci50ZWFtcy5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKcimDO37qOiITdGLLSgRk4SNqeQiChf5fToMO+7e1Qw4j4NVAURrkRlqOSwosi6x2ool0Qjlt5bANU2A7E0ubHR6fs+J4y2vgrsv41S7Ao\/UxdKklkG0wgp+paNcl2enqs+JFcPVtFPe+T+pnY6IZUpOziGi8NLx\/K2NG5xSvrdawVpY5vXRxXKsvLFIAdaJQozyWf9lCNbt+4C0IVl2Ep7N5bp06LVMZktn1YAjolqeEl3RQ6hM3GKceom5l4hpyP43E\/dTe3eLNBfmO8cDd9p8HlGVSrgjhKz1wuJWFoWgHTgDnVBSZVB7t78lIFlze4qLsPX90PfKUlmjF\/zIQIDAQABo4IEQDCCBDwwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbrhZJv4AAAQDAEcwRQIhALfHXTClbVL1ZG3BQH+fsd9EVlnIhlrRTh9b\/BWQkqOPAiArDlgg99bYekywwY8T40DyNspZOTZKKrpABVWSIcE7CwB3AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABbrhZJyYAAAQDAEgwRgIhAJuNw4ivK3DXIXmUE+m57QEHF+rXHdB72ZviRwQ9s+0GAiEA9kNgaFnkw8l1xiyZdSGjaIfmqNZ4qpxCiXwbbmlDWu4AdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAW64WScNAAAEAwBIMEYCIQDmc93n7UJEyvvIddsbJMxC7aPmS7n2Z\/C8vjlA2j\/H8AIhAP0Hy\/4XLfkD3pYHuzfG85l40mxoPZVRGXbh3zqAj+miMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAyLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUdTnCFCgplfnCaQOBNT9YTfK9XfMwCwYDVR0PBAQDAgSwMFsGA1UdEQRUMFKCHSoudHJvdXRlci50ZWFtcy5taWNyb3NvZnQuY29tgg1nby50cm91dGVyLmlvghEqLmRyaXAudHJvdXRlci5pb4IPKi5kYy50cm91dGVyLmlvMIGsBgNVHR8EgaQwgaEw"}
-01630{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1908,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685420065,"flow_dst_last_pkt_time":1587041685420103,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":5962,"midstream":0,"thread_ts_usec":1587041685420103,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","subjectDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4"}}}
-01964{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1936,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685469669,"flow_dst_last_pkt_time":1587041685469973,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":15976,"midstream":0,"thread_ts_usec":1587041685469973,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":14797.2,"max":153955,"stddev":35697.7,"var":1274323968.0,"ent":2.8,"data": [12903,12995,473,12371,1988,1502,15362,129,134,115,3,85,21608,33026,11480,11732,109,11784,570,13396,140399,715,153955,248,230,250,250,503,25,129,243]},"pktlen": {"min":40,"avg":585.7,"max":1492,"stddev":671.4,"var":450756.0,"ent":4.0,"data": [64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492]},"bins": {"c_to_s": [10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1],"entropies": [4.365527153,4.878727913,4.471928596,5.502106190,4.402616024,7.277978420,7.489027023,4.630640984,7.478912354,4.521928310,7.663036823,6.686788082,4.630640984,6.493359089,4.462505341,5.681205750,4.462504864,5.560394764,4.580641270,7.802004814,4.565872192,7.879904747,7.863986492,4.580641270,7.860152721,4.580640793,7.874552727,7.850657463,4.580641270,4.471928596,7.869473934,7.878328800]}}
-01601{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1936,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685469669,"flow_dst_last_pkt_time":1587041685469973,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":15976,"midstream":0,"thread_ts_usec":1587041685469973,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}}}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2018,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685984732,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685984732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2018,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685984732,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685984732,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyNAbtKVk3bAAAAALAC\/\/8LQAAAAgQFtAEDAwUBAQgKMIS8GgAAAAAEAgAA"}
-00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2019,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685996890,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0TQBAAHUGACA0ccKEwKgBBgG77I3LqgPISlZN3IAS\/\/9gggAAAgQFoAEDAwgBAQQC"}
-00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2020,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685996986,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685996986,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyNAbtKVk3cy6oDyVAQIACBQQAA"}
-00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2021,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":3285032704,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1587041685997296,"pkt":"EBMx8Tl2KDc3AG3ICABFAADbAABAAEAGgXnAqAEGNHHChOyNAbtKVk3cy6oDyVAYIAAs2QAAFgMBAK4BAACqAwNemFWVDIT9d4HngeJpG5mlHm9Rt958WOVPiGzzmIF3agAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAVQAAABgAFgAAE3RlYW1zLm1pY3Jvc29mdC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="}
-01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2021,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685997296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2022,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041686008515,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041686008515,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoTQFAAHYG\/yo0ccKEwKgBBgG77I3LqgPJSlZOj1AQCASYigAAAAAAAAAA"}
-01546{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2029,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686010918,"flow_dst_last_pkt_time":1587041686010988,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":6012,"midstream":0,"thread_ts_usec":1587041686010988,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2043,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686239545,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686239545,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2043,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686239545,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041686239545,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyPAbtgh2e9AAAAALAC\/\/9PlwAAAgQFtAEDAwUBAQgKMIS9EAAAAAAEAgAA"}
-00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2044,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041686288146,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8YwZAAGwGaHQ0ck0hwKgBBgG77I9T9FE0YIdnvqASIADemAAAAgQFoAEDAwgEAggKYR9buzCEvRA="}
-00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2045,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_src_last_pkt_time":1587041686288255,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041686288255,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyPAbtgh2e+U\/RRNYAQEAkdGQAAAQEICjCEvUBhH1u7"}
-00787{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2046,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":3285032704,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041686288562,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyPAbtgh2e+U\/RRNYAYEAniuwAAAQEICjCEvUBhH1u7FgMBAMkBAADFAwPWvyUszXyGVwTdfXyAsIQo65lWnkpPMHo57lR912BOzSAuDwAAZ8HaIUQ\/TUKOJyzDpeZ2C6OXN9Z66nmD08\/sfwAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
-01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2046,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686288562,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-02440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2047,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686339149,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041686339149,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUYwhAAGwGYto0ck0hwKgBBgG77I9T9FbVYIdojIAQBAWA4QAAAQEICmEfW+0whL1ALnNreXBlLmNvbYIQKi5waXBlLnNreXBlLmNvbYIiKi5tb2JpbGUuZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIgbW9iaWxlLmV2ZW50cy5kYXRhLm1pY3Jvc29mdC5jb22CFSouZXZlbnRzLmRhdGEubXNuLmNvbYITZXZlbnRzLmRhdGEubXNuLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFHp7jMHP56DKHNRr+vvhM8MPGqKdMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAUxCmyVHd3H7BNm7xrFDWc0lUKQfFfvZJj7fGm702yYNfNb17H3sDMMybFW0xvlL9Ezzab9UkH29uzppLcvgSPbaskyoVw+2aUUDOWU9BNPXX55faad2R1I6KtC+PfV7YLtmbicvSGz4AqzYw9ZreqUymbtwFHx+mEj1q7bV3EnUB\/tkVGJLU4rtEsbNOyNY0rT1MPRe2qZ6z8OTI\/Ubwew2S+CzQq6NSEinFnoQ24d33L9+Q2VR7IJxgZJZ0JLJRb2EkmyBTG1bJPbFiADdV1t9YSY2ps7oVekv29d\/XDIODAnQFR1IHqlMXtC77TWoRsh1X4rC3iStLm+7YDXNcZ\/4Mj9IuoDmWavbkJCD0d5pvrPILAZtuXahuvQzQtAY2n0vu1+AhHxMbk9e2L2iJYbk++P\/GCSsH0E3MwFuGBx2aD8kcD\/GasOSgJ2hX1PemGbx7\/Y9FGQudVhN6gkjLviiZxZQGDI3hc4aNkSo6HFXMcwVO63+RLd5FmQcXxQ4wQgOa8gPG9Z+WsefaydUjjPdFmpvxlC8L\/\/hy5Vj29oZ7skaSNpSCyBSNkBskAzSt9el50ZVrhM5J4i3BG1jJVGu2oqjlyxlbfhoa6VdObxpgGXjYRrBKCYMJOGSIW1HBsVpPOHiO3HTRTWSc3nsno7KhTt65NB2bdGHaIXFW18cABbgwggW0MIIEnKADAgECAhALarOwPrGp9sRgkmqozf6zMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MjM4WhcNMjQwNTIwMTI1MjM4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCr5etdo2s5nvU0iBK7HVImXX0JC8Z5jqu3Dt8Zst3uD\/bu9FbkRuKSD+JnC+MccaTUQXO0y5kWjr93fbCvHmztcS7DCHdKXpKu7FrQSIHQxemg9XqPHo1e062SwNrGkTUxILk5"}
-01237{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2047,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686339149,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041686339149,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-02282{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2074,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686542441,"flow_dst_last_pkt_time":1587041686541501,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":14115,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041686542441,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":19511.4,"max":52987,"stddev":22191.7,"var":492470496.0,"ent":3.9,"data": [48601,48710,307,51003,89,50699,16,253,253,1686,49778,48144,1391,5,2,50498,49101,4,2,3,37233,37219,5,11525,11515,965,36039,15972,52987,736,111]},"pktlen": {"min":52,"avg":640.9,"max":1492,"stddev":667.9,"var":446080.7,"ent":4.1,"data": [64,60,52,258,1492,1492,64,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,985,52,52,497,52,83,52]},"bins": {"c_to_s": [9,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,1,1,1,0,0,0],"entropies": [4.396777153,5.256567955,4.923395157,6.033491611,7.275527000,7.277948856,5.071470261,4.945419312,7.645617962,4.976373672,5.915142536,5.707202435,4.976374149,7.861220360,7.878036976,7.850315571,5.131024837,7.877380371,7.857055187,7.886486053,7.876827240,5.169486523,7.849795818,7.874622822,5.078045845,7.791067600,5.131024837,5.207948208,7.563468933,5.053297043,5.290699482,4.969671726]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
-00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686659283,"flow_src_last_pkt_time":1587041686659283,"flow_dst_last_pkt_time":1587041686659283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686659283,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1587041686659283,"flow_dst_last_pkt_time":1587041686659283,"flow_idle_time":200000000,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1587041686659283,"pkt":"\/\/\/\/\/\/\/\/jP5XIzfkCABFAABE9p0AAEAR\/0vAqAFwwKgB\/+EV4RUAME6OU3BvdFVkcDBE2bWZ25IvowABAADKIN8ICP0NzlEBuCwq6R7jWIhweQ=="}
-00903{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686659283,"flow_src_last_pkt_time":1587041686659283,"flow_dst_last_pkt_time":1587041686659283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686659283,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}}
-00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2104,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686889381,"flow_dst_last_pkt_time":1587041686889381,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686889381,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2104,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1587041686889381,"flow_dst_last_pkt_time":1587041686889381,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041686889381,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR0nAqAEGKH4JQ+yQAbuMpd1iAAAAALAC\/\/\/7KQAAAgQFtAEDAwUBAQgKMIS\/iwAAAAAEAgAA"}
-00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2108,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1587041686889381,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041686918390,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PdhAAGwG3XQofglDwKgBBgG77JCDb8\/fjKXdY6ASIAC\/qwAAAgQFoAEDAwgEAggKUkSG7zCEv4s="}
-00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2109,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1587041686918473,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041686918473,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR1XAqAEGKH4JQ+yQAbuMpd1jg2\/P4IAQEAn+PwAAAQEICjCEv6dSRIbv"}
-00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2110,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":3285032704,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1587041686919156,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRl\/AqAEGKH4JQ+yQAbuMpd1jg2\/P4IAYEAngnQAAAQEICjCEv6dSRIbvFgMBAPEBAADtAwMbmcXPy8rEyjOH5t3NVXkoUGCRZxMGyIKbY0co\/wunRQAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"}
-01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2110,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686919156,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
-02452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2131,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686950659,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041686950659,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPdlAAGwG19sofglDwKgBBgG77JCDb8\/gjKXeWYAQBAUYLAAAAQEIClJEhw4whL+nFgMDETsCAABVAwNemFWW7R35oy+pDouxbKQc3ZxSE0RLhoRWbTV6NPlktSB6OAAARuc6MTC1YmpF4SmrzBdvOs6F07smAuHCwru2ycAwAAANABcAAP8BAAEAAAAAAAsAD40AD4oACcwwggnIMIIHsKADAgECAhN7AAL0+uu8c4DySSOTAAAAAvT6MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMTAeFw0xODA5MjQyMTQ5MzBaFw0yMDA5MjQyMTQ5MzBaMCsxKTAnBgNVBAMTIHN0YW1wMi5sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9uMC7tn8RKm9hx1Q+vclCmv2FS5644lZCwDqwzCYb8L0QUXObmurDTp9z7imH\/68rvf0\/+KpPvZzn8n+A1ECu6H51tc4jh4cund1rKWCEvaClslKP1O5XZfDppym7WFQSIHQp9LXW26FaTqarCYkxKrkm\/lTdJtaXF5\/C7ZRJIFVaL9dmL\/uMiooAbDLhN56zmBjGeB2V01oJAQhD\/q\/lznyyirBK2V2vQ7WyyX4O7R5ox9CbJ7fjHmVfu5B\/IGhKzckLb+kPv4Ou1DFiJ+VjXUg8+HNiqYybm516lzAMR9GTpDm\/EaK\/DoNiRmeP+V6xIxpVOXNmdtJ2yXkhn+AQIDAQABo4IFgjCCBX4wggH1BgorBgEEAdZ5AgQCBIIB5QSCAeEB3wB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZg2YTSEAAAQDAEYwRAIgNf1dCr\/A\/68iTF44ctzG4dfYj5k8kwrcMxb+OAftshACIEOFf1L8DyVWvGmp2q28iEZd5RDO6L\/3eE60TQKPTKibAHcAVhQGmi\/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFmDZhK0AAABAMASDBGAiEA6k0qgGOQ2\/4vWshsmYpY7DSpdiwLlTeFqoSnh81\/2Y4CIQDv1+L779lV6U+goVXZN5Lr8mJnM2dtvY1ZqBBLJZkaOwB1AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABZg2YSsoAAAQDAEYwRAIgWKBW8MG0XWRpOFEy6yhRlkRMXWMvZwn2MMfc6oSrj0gCIBftriorxFHUNkLYAHoFWkhm8hNqcHO+KKiAs49boZzUAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFmDZhLTgAABAMARzBFAiAA3dU0fJfG9tq5Rc4+sUUH+XraMuPYSatYD6LC\/2\/zTAIhAJWqprUivm3Ca3RKEfcrJtar2nlcdcqed0u5OIHS\/4PYMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAxLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUiTQV2m224F\/j"}
-01755{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2135,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686950934,"flow_dst_last_pkt_time":1587041686950999,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":4416,"midstream":0,"thread_ts_usec":1587041686950999,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","tls": {"version":"TLSv1.2","server_names":"login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"678aeaf909676262acfb913ccb78a126","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=stamp2.login.microsoftonline.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63"}}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2189,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687245112,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687245112,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2189,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687245112,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041687245112,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyRAbt4yq\/kAAAAALAC\/\/\/rWgAAAgQFtAEDAwUBAQgKMITA4AAAAAAEAgAA"}
-00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2193,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687293530,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8EaVAAGwGudU0ck0hwKgBBgG77JHMBk4keMqv5aASIADnTgAAAgQFoAEDAwgEAggKYPR58TCEwOA="}
-00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2194,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687293639,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687293639,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyRAbt4yq\/lzAZOJYAQEAkl0AAAAQEICjCEwQ9g9Hnx"}
-00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2195,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687294098,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":3285032704,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041687294098,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyRAbt4yq\/lzAZOJYAYEAmZKwAAAQEICjCEwQ9g9HnxFgMBAMkBAADFAwOyv9PSQv\/SmdcPkRjuFnJs95jqk9PvclXpwloDxRoWsCDkPAAAKbM0d7f12FXyaEAA7qD+P9kwtx+HS3tAUpaW7wAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
-01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2195,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687294098,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687294098,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687370480,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1587041687370480,"pkt":"EBMx8Tl2KDc3AG3ICABFAABF06EAAP8RZK7AqAEGwKgBAdM1ADUAMUK+cAQBAAABAAAAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAE="}
-01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687370480,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.microsoftstream.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2197,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1587041687382278,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":3285032704,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041687382278,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyRAbt4yq\/lzAZOJYAYEAmY0wAAAQEICjCEwWdg9HnxFgMBAMkBAADFAwOyv9PSQv\/SmdcPkRjuFnJs95jqk9PvclXpwloDxRoWsCDkPAAAKbM0d7f12FXyaEAA7qD+P9kwtx+HS3tAUpaW7wAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
-00859{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2199,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687427043,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041687427043,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzETBAAEARZ+HAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAJGRMVEAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
-00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2201,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687435320,"flow_idle_time":200000000,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1587041687435320,"pkt":"KDc3AG3IEBMx8Tl2CABFAAD6rblAADkRD+LAqAEBwKgBBgA10zUA5gAAcASBgAABAAYAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAHADAAFAAEAAAe+AB8DYXBpBnN0cmVhbQ50cmFmZmljbWFuYWdlcgNuZXQAwDUABQABAAAAPAAJBmV1d2UtMcAMwGAABQABAAAEVQANCmV1d2UtMS1hcGnAQMB1AAUAAQAAACkACwhldXdlLTEtMcAMwI4ABQABAAAAwQApHWFtcy1ldXdlLTEtaG9zLWFwaWdhdGV3YXktMS0xCGNsb3VkYXBwwE\/ApQABAAEAAAANAARoKLuX"}
-01060{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2201,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687435320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1587041687435320,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.microsoftstream.com","dns": {"num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.40.187.151"}}}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2202,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687436782,"flow_dst_last_pkt_time":1587041687436782,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687436782,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2202,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687436782,"flow_dst_last_pkt_time":1587041687436782,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041687436782,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGVUrAqAEGaCi7l+ySAbtvi5oIAAAAALAC\/\/9njAAAAgQFtAEDAwUBAQgKMITBnAAAAAAEAgAA"}
-00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2203,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687436782,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687466298,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8OsBAAGwG7o1oKLuXwKgBBgG77JKBluUGb4uaCaASIADVGwAAAgQFoAEDAwgEAggKAbkbHzCEwZw="}
-00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2204,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687466398,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687466398,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVVbAqAEGaCi7l+ySAbtvi5oJgZblB4AQEAkTrwAAAQEICjCEwbkBuRsf"}
-00796{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2205,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":3285032704,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_usec":1587041687466635,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEKAABAAEAGVIDAqAEGaCi7l+ySAbtvi5oJgZblB4AYEAl2MwAAAQEICjCEwbkBuRsfFgMBANEBAADNAwNcYEYY9r+P9DTmk4+ghvjGxbgXLamZQ7BCvuLi0gzQzQAAHMrKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACI2toAAP8BAAEAAAAAHAAaAAAXYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAgqKgAdABcAGAAbAAMCAAIaGgABAA=="}
-01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2205,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687466635,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
-02445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2206,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687512045,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041687512045,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUOsFAAGwG6PRoKLuXwKgBBgG77JKBluUHb4ua34AQBAUPSwAAAQEICgG5Gz4whMG5FgMDF2ACAABeAwNemFWXWoznNEDG0nqSFdxS15urfQPAW1Ki15lKX+AAtiAKRAAA667wWoqa+vDiRfvp7swmXkbxWCktv+PyIN9JCMAwAAAWAAUAAAAQAAUAAwJoMgAXAAD\/AQABAAsADpsADpgACNowggjWMIIGvqADAgECAhMtAAcUzkF9hlrqvm6yAAAABxTOMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA3MTYwMDAyMzBaFw0yMTA3MTYwMDAyMzBaMCQxIjAgBgNVBAMMGSouYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYCLN53Kexlrvsr+3rXZR74UHw5zlzegNiM6ErPRT\/txn4iFY2zFTqC+sWY7W7Oz4G1tsBCxRCqDiWTxn5SoBhxDmnlpMqOtTTpv5IM4kd\/8Guw\/818ANBFltXQet6T9XZsisGK5x9lUCYcHW8ynBG3v5uNf0Z6m2VB67+wzZ2C3iG0UAM447HUmbA40yblclmVBneenfOna+w64hv1nSyt5YNMGiattt3RBLqQ25FUDZwDSm6\/Xrxs5bFSfj0HMxAb5EpzZ2SxfSP+UgsmRV0Oq\/HfZsAL9LwqbT3aESBPoyba7n926l2qjVJiyrcjkPpm+NqXC8ligQT0pRVDCcpAgMBAAGjggSXMIIEkzCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFr+B+sPAAABAMARjBEAiBx6hq9wYK8lGTp3u5E7AFX+BkbRLRZ5Lup8OuEt\/B0tQIgGypwFVlROzmTzUQqtoWQp2MHW1EriZKLwX2GVgWat5wAdgBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWv4H61YAAAEAwBHMEUCIBBA4jXntmRWzvCXbsrMW4W1hyQue\/vS7Ncn0z5ewGEwAiEAln3ydSWKxMs1mek8BuU+Pp\/Ar72loNB67Ntve4Q85KAAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWv4H62XAAAEAwBHMEUCIQDLjQfYXTzdnrjIDBYNPqxZrBUDuC2VVPJNvuwXJuHkoAIgHkqG2mwJ4b5UFgxZl8\/iCIL8mYENQc4ZRdEfVujQdbMAdgBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWv4H6xWAAAEAwBHMEUCIDM4gWIHlpsWZA++c4q0XblHDWvH710R4c4I0Xek5jDJAiEAoovM291ZXguFtfeLFlqPtsBXmuKsHbLob14668lLPKIwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBRaFtJxTHeO"}
-01755{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2226,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687544052,"flow_dst_last_pkt_time":1587041687544137,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":412,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041687544137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
-02127{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2258,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041687725655,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":18634.2,"max":125561,"stddev":31723.1,"var":1006353792.0,"ent":3.4,"data": [29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561]},"pktlen": {"min":52,"avg":345.2,"max":1492,"stddev":499.9,"var":249913.2,"ent":3.9,"data": [64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52]},"bins": {"c_to_s": [12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0],"s_to_c": [2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0],"entropies": [4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687731296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1587041687731296,"pkt":"EBMx8Tl2KDc3AG3ICABFAABM83AAAP8RRNjAqAEGwKgBAfUPADUAOAAFY+UBAAABAAAAAAAABmV1bm8tMQNhcGkPbWljcm9zb2Z0c3RyZWFtA2NvbQAAAQAB"}
-01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687731296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"euno-1.api.microsoftstream.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2260,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687745080,"flow_idle_time":200000000,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_usec":1587041687745080,"pkt":"KDc3AG3IEBMx8Tl2CABFAADTPBBAADkRgbLAqAEBwKgBBgA19Q8AvwAAY+WBgAABAAQAAAAABmV1bm8tMQNhcGkPbWljcm9zb2Z0c3RyZWFtA2NvbQAAAQABwAwABQABAAAGxQAfCmV1bm8tMS1hcGkOdHJhZmZpY21hbmFnZXIDbmV0AMA8AAUAAQAAABUACwhldW5vLTEtMcATwGcABQABAAAAOgApHWFtcy1ldW5vLTEtaG9zLWFwaWdhdGV3YXktMS0xCGNsb3VkYXBwwFbAfgABAAEAAAAVAAQ0qbp3"}
-01067{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2260,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687745080,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1587041687745080,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"euno-1.api.microsoftstream.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.169.186.119"}}}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2261,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687745932,"flow_dst_last_pkt_time":1587041687745932,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687745932,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2261,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687745932,"flow_dst_last_pkt_time":1587041687745932,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041687745932,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGienAqAEGNKm6d+yTAbth0wzHAAAAALAC\/\/81+QAAAgQFtAEDAwUBAQgKMITCxwAAAAAEAgAA"}
-01965{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2264,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687718851,"flow_dst_last_pkt_time":1587041687768506,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":17623,"flow_dst_tot_l4_payload_len":4254,"midstream":0,"thread_ts_usec":1587041687768506,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":32165.6,"max":161774,"stddev":44327.4,"var":1964919296.0,"ent":3.6,"data": [48418,48527,459,88180,136486,113743,249,161774,129,117,1072,74551,73518,1076,4,2,50124,49022,3,3,12,48400,48413,4,15,2,1599,1536,46881,1065,1749]},"pktlen": {"min":52,"avg":736.7,"max":1492,"stddev":694.0,"var":481656.1,"ent":4.2,"data": [64,60,52,258,258,64,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480,1480,52,1462,52,52,52]},"bins": {"c_to_s": [5,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0],"s_to_c": [8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,0,1,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,1,1,1],"entropies": [4.396777153,5.256567478,4.923395157,5.966666698,5.971492767,5.091578960,7.290405750,7.275161743,4.961856842,7.668800354,5.000318527,6.002202988,5.583368301,4.961856842,7.860765934,7.857263088,7.894361019,5.193430901,7.864349842,7.853641510,7.869278908,7.874048233,5.054101944,7.853607655,7.866478443,7.865472317,7.878810406,5.154969692,7.853725433,5.193431377,5.154969692,5.154969692]}}
-01760{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2264,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687718851,"flow_dst_last_pkt_time":1587041687768506,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":17623,"flow_dst_tot_l4_payload_len":4254,"midstream":0,"thread_ts_usec":1587041687768506,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
-00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2265,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687745932,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687789261,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GLFAAGwGRTw0qbp3wKgBBgG77JMQ1B2QYdMMyKASIACACgAAAgQFoAEDAwgEAggKASJ3bTCEwsc="}
-00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2266,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687789367,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687789367,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGifXAqAEGNKm6d+yTAbth0wzIENQdkYAQEAm+kQAAAQEICjCEwvABIndt"}
-00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2267,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":3285032704,"pkt_caplen":287,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":287,"pkt_l4_len":253,"thread_ts_usec":1587041687789561,"pkt":"EBMx8Tl2KDc3AG3ICABFAAERAABAAEAGiRjAqAEGNKm6d+yTAbth0wzIENQdkYAYEAmMqgAAAQEICjCEwvABIndtFgMBANgBAADUAwN1hCAWlzZVXD7TCb6igB3LJP9WVkluJUaJIbsmWjvyJAAAHCoqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACP6uoAAP8BAAEAAAAAIwAhAAAeZXVuby0xLmFwaS5taWNyb3NvZnRzdHJlYW0uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAI2toAHQAXABgAGwADAgACOjoAAQA="}
-01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2267,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687789561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"euno-1.api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
-02455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2268,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687835274,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041687835274,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGLJAAGwGP6M0qbp3wKgBBgG77JMQ1B2RYdMNpYAQBAV+GwAAAQEICgEid5owhMLwFgMDF2ICAABeAwNemFWXh6zC4\/H\/NtqCN0bOMCauIHEB+mzTfOs8euglHiDdOQAAbpqWXnIoaFoz5CwjBIm\/uwJeUgS1lb4+XjBSWMAwAAAWAAUAAAAQAAUAAwJoMgAXAAD\/AQABAAsADp0ADpoACNwwggjYMIIGwKADAgECAhMWAAXWDX37jaDzNM+RAAAABdYNMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDAeFw0xOTA3MTYwMDAyMzVaFw0yMTA3MTYwMDAyMzVaMCQxIjAgBgNVBAMMGSouYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3WyrqhMwneHn3ldwh\/L7UvhOaeyJEw9wAAoXcE2xoCmqN4VQ5dbEJYH2mvnyhH\/q6XQPMuv5SvOYFeFvBsXU42c+cX\/k7ETSWOHymPaiIe9DTakXAw15b1zeAID1a\/qtYq5SKoRqlJOmhP2W2Kj0sGRH9wfU0k6ZKAWCfTCOD3TUKn+kY2\/mFqcxx163RyO5fuue9HjLSPUcK\/XG71pH60ASR2HaDJ53frCURseRASs3N8sp\/lXPNSJpmTy7XzZlvWnjNXBXoGazR\/Ok20dcDNsKQLrS\/5IQoN1eesCyt1n77jwW\/wlDvDN1w4lyx8ZJ\/cWIxkLDRUfkhCN5r674PAgMBAAGjggSZMIIElTCCAfcGCisGAQQB1nkCBAIEggHnBIIB4wHhAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFr+B+\/gwAABAMARjBEAiBFAIuj2Tc26ezbEtOORf3erX84s94DFwS362RUQnwe7QIgOIGvV6+3NbZm4ZuetunBQ10P6vIaYP3f6rBpFmv0R+kAdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWv4H7+HAAAEAwBIMEYCIQDNJZUV9kVpum734SuFZbu\/+8d+lBfpKXnRWlVnv4VBQAIhAOB8l0UtbGxz+O5oUYg0D5KcrYbc2wZN7ZDiNmBXUAj6AHYAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFr+B\/ArgAABAMARzBFAiEAuBvGi+GOETS1WKJJY5hLjgoB7c051zHr2NZg0TjxMOsCIDxZ4sYqPPwpfAkKARkELM5\/901w8Rli7y0l6JyGidHOAHcAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFr+B+\/jQAABAMASDBGAiEA+MKOXA0Ondu3DQFnrt75yf8KubCg3tehYpwWY4vXmlsCIQD\/nRJiTBIbc8ubEEHt73izO3Lpmnq\/6a3pOruDbMUQaDAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF9OtggV2E0t9CgueTegIBZAIBHTCBhQYIKwYBBQUHAQEEeTB3MFEGCCsGAQUFBzAChkVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcnQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLm1zb2NzcC5jb20wHQYDVR0OBBYEFBqManmr"}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041690880711,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690880711,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690880711,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690880711,"flow_idle_time":200000000,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1587041690880711,"pkt":"EBMx8Tl2KDc3AG3ICABFAABSJv0AAP8REUbAqAEGwKgBAfm6ADUAPoc2eGoBAAABAAAAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQAB"}
-01062{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041690880711,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690880711,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690880711,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"dc.applicationinsights.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2318,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690915102,"flow_idle_time":200000000,"pkt_caplen":301,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":301,"pkt_l4_len":267,"thread_ts_usec":1587041690915102,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEfVLxAADkRaLrAqAEBwKgBBgA1+boBCwAAeGqBgAABAAUAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQABwAwABQABAAAACgAuHWFwcGxpY2F0aW9uaW5zaWdodHNfaW5nZXN0aW9uB21vbml0b3IFYXp1cmXALcBCAAUAAQAAAJEALB1hcHBsaWNhdGlvbmluc2lnaHRzX2luZ2VzdGlvbgtwcml2YXRlbGlua8BgwHwABQABAAAAXwAXAmRjDnRyYWZmaWNtYW5hZ2VyA25ldADAtAAFAAEAAAAeABwQY2ZyLWJyZWV6aWVzdC1pbghjbG91ZGFwcMDGwNcAAQABAAAABwAEKE+KKQ=="}
-01079{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2318,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041690880711,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690915102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":259,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":259,"midstream":0,"thread_ts_usec":1587041690915102,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"dc.applicationinsights.microsoft.com","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.79.138.41"}}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2319,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041690916341,"flow_dst_last_pkt_time":1587041690916341,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690916341,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2319,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1587041690916341,"flow_dst_last_pkt_time":1587041690916341,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041690916341,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxpHAqAEGKE+KKeyUAbup7MP+AAAAALAC\/\/9nAwAAAgQFtAEDAwUBAQgKMITPEwAAAAAEAgAA"}
-00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2320,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1587041690916341,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041690946470,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GwdAAG4GfY4oT4opwKgBBgG77JSCI5UvqezD\/6ASIAArFwAAAgQFoAEDAwgEAggKUvjCpTCEzxM="}
-00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2321,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1587041690946579,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041690946579,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyUAbup7MP\/giOVMIAQEAlpqQAAAQEICjCEzzFS+MKl"}
-00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2322,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":3285032704,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"thread_ts_usec":1587041690946965,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEjAABAAEAGxa7AqAEGKE+KKeyUAbup7MP\/giOVMIAYEAnoKAAAAQEICjCEzzFS+MKlFgMBAOoBAADmAwMbIQaP+rFGCYsreMCv9lvxK9Aj9uBCbNOtF1CHIeISyAAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACV\/wEAAQAAAAAXABUAABJnYXRlLmhvY2tleWFwcC5uZXQAFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACgAIAB0AFwAYABk="}
-01128{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2322,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690946965,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
-02431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2323,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690980253,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041690980253,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGwlAAG4Gd\/QoT4opwKgBBgG77JSCI5rQqezE7oAQBAU0IQAAAQEIClL4wsUwhM8xdGlvbmluc2lnaHRzLmF6dXJlLmNvbYISZ2F0ZS5ob2NrZXlhcHAubmV0ghVkYy50cmFmZmljbWFuYWdlci5uZXSCH2F1c3NlLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHmJyenMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2NhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWNmci1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1jaW4tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2tvLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWN1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh9jdXMwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1lYXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdZWF1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWVqcC1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1ldXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDItYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDQtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDUtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIeZXVzMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5uY3VzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHW5ldS1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5zYWZuLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHnNjdXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdc2VhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXN1ay1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1zd24tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdd2V1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXd1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh53dXMyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCIHd1czIwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0MIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAJWTZzx1MK5GdVXHHDNo4UfZmpqNSZyuP+i0NBu9AKrV3sQoq5pmeYJ7vP+oV2p39mLTb2oqM52AGvlnpmoTNJwN7XVFBPYI8jrT6ZwWv1hAZa"}
-01142{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2323,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690980253,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041690980253,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2343,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041691075869,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691075869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691075869,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2343,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691075869,"flow_idle_time":200000000,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1587041691075869,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZLy0AAP8RCQ\/AqAEGwKgBAfWPADUARdrUdPIBAAABAAAAAAAABGVtZWECbmcDbXNnDHRlYW1zLW1zZ2FwaQ50cmFmZmljbWFuYWdlcgNuZXQAAAEAAQ=="}
-01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2343,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041691075869,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691075869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691075869,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"emea.ng.msg.teams-msgapi.trafficmanager.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2351,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691148968,"flow_idle_time":200000000,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1587041691148968,"pkt":"KDc3AG3IEBMx8Tl2CABFAACQrGdAADkREZ7AqAEBwKgBBgA19Y8AfAAAdPKBgAABAAIAAAAABGVtZWECbmcDbXNnDHRlYW1zLW1zZ2FwaQ50cmFmZmljbWFuYWdlcgNuZXQAAAEAAcAMAAUAAQAAADwAGw9tc2dhcGktcHJvZC1zZnIIY2xvdWRhcHDANMBJAAEAAQAAAAoABDRybAg="}
-01082{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2351,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041691075869,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691148968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":116,"midstream":0,"thread_ts_usec":1587041691148968,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"emea.ng.msg.teams-msgapi.trafficmanager.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.108.8"}}}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2352,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691149774,"flow_dst_last_pkt_time":1587041691149774,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691149774,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2352,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1587041691149774,"flow_dst_last_pkt_time":1587041691149774,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041691149774,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG2I\/AqAEGNHJsCOyVAbumbhw9AAAAALAC\/\/8jXgAAAgQFtAEDAwUBAQgKMITP9QAAAAAEAgAA"}
-00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1587041691149774,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041691168973,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PCRAAHEGa280cmwIwKgBBgG77JWud4Fgpm4cPqASIABnNAAAAgQFoAEDAwgEAggKUqoqrDCEz\/U="}
-00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2354,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_src_last_pkt_time":1587041691169076,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041691169076,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2JvAqAEGNHJsCOyVAbumbhw+rneBYYAQEAml0QAAAQEICjCE0AhSqiqs"}
-00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2355,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":3285032704,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"thread_ts_usec":1587041691169247,"pkt":"EBMx8Tl2KDc3AG3ICABFAAESAABAAEAG173AqAEGNHJsCOyVAbumbhw+rneBYYAYEAkjHAAAAQEICjCE0AhSqiqsFgMBANkBAADVAwNwlpHiXHB3s5dLKatTLHHCd3zPHP62TkNPLWHwExyS1QAAHAoKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACQysoAAP8BAAEAAAAAJAAiAAAfZW1lYS5uZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACMrKAB0AFwAYABsAAwIAAhoaAAEA"}
-01126{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2355,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691169247,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
-02444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2356,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":5,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691190981,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041691190981,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPCZAAHEGZdU0cmwIwKgBBgG77JWud4cBpm4dHIAQBAU1egAAAQEIClKqKsEwhNAIOSG3N+pypQO63Wiq+lXA9TALBgNVHQ8EBAMCBLAwgdYGA1UdEQSBzjCBy4IabXNnYXBpLnRlYW1zLm1pY3Jvc29mdC5jb22CHCoubXNnYXBpLnRlYW1zLm1pY3Jvc29mdC5jb22CIHBnLm1zZy5pbmZyYS50ZWFtcy5taWNyb3NvZnQuY29tgiIqLnBnLm1zZy5pbmZyYS50ZWFtcy5taWNyb3NvZnQuY29tghpuZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbYIcKi5uZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbYIPKi5tc2cuc2t5cGUuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAL6k2g2YNYubaMQKNE1HOCJsRU+ocKgoaCUntNxasdyLm3sRjtpRjulwsmHOrGDRgisqGVKYPLOcPDYZIMeHJRyVC9lP7rDFU4mwEdob9bYoVAdPJ2aPEkM0RXDf2sxO3K11UvhIdAETfgAyN9OClLnbVRlD+uqcSQfdbt9NgeCozGT3uA8rW\/bT\/D+YBI2NyvjucwOF4fAmlb69iaENpHzKyKPP3gChGWXwPlsCAHcWT5DWYPJpL\/3DLl81bF7tO5zY3zxJMB1OeVgvUKXeAS+CwfpLrKG0C\/eU6XUXAM17Wou3AdZL8ESxq7zdQlPlfLXcrxTWn\/9yqOyE2Dy4v0AC0DldAOOVuaP1Qw\/jkncKrZHy6CBjd4i6SlAvV9SXMMji3v+3tCPq3NDcYwEwIaLF7pK3asugmSWv+kUpt0b\/7nszZggDVjiXOaXQXGxlI76wm\/oQiScQLHdORY8mAIDxrFvAZJI7K5Yvpy\/uFT0TJ1pbtUzx0WkkWUFI1ibsaySDvxZ5PLRRf\/b+CTj2DeuAhuHN0bB0Jvlf\/geQ+McX36gP8ZJv4hZskP2p2eU4LlDvKZxVbJkUfzIhrbjoxfdlKOwkktqzdS57vVoeibk02\/OS8fdv79ZBLOsYxfdKaSWNDVEN1Q82426XhaggJ7kscl3nnmFp\/\/6iCwQwe+4wAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC"}
-01140{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2356,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691190981,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041691190981,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
-02148{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2417,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691305451,"flow_dst_last_pkt_time":1587041691582252,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":994,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2028,"flow_dst_tot_l4_payload_len":8121,"midstream":0,"thread_ts_usec":1587041691582252,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":18972.7,"max":276869,"stddev":49493.9,"var":2449644032.0,"ent":2.9,"data": [19199,19302,171,22008,34,21827,18,184,203,246,14,193,1070,12295,280,19893,29,6313,3,603,11971,11399,1472,1415,54998,62106,42,25528,33,18437,276869]},"pktlen": {"min":52,"avg":370.2,"max":1492,"stddev":512.1,"var":262257.7,"ent":3.9,"data": [64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335]},"bins": {"c_to_s": [11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1],"entropies": [4.396777153,5.256567478,4.923395634,5.577177048,7.100010395,7.346216679,4.975505829,4.976374149,7.520713806,4.854287148,7.591184139,7.492725372,4.937912464,6.281796932,6.325607300,7.565563679,5.628156662,5.942033768,4.976374149,4.937912464,5.421134472,5.660066128,5.014835358,7.536164761,4.976373672,5.169486523,7.784315586,6.192806721,5.169486523,5.596017838,5.014835358,7.848025322]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
-02149{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2430,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682938651,"flow_dst_last_pkt_time":1587041692001418,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1060,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2113,"flow_dst_tot_l4_payload_len":7396,"midstream":0,"thread_ts_usec":1587041692001418,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":328636.7,"max":8978171,"stddev":1582353.1,"var":2503841415168.0,"ent":0.8,"data": [47150,47228,506,44398,29,43913,16,46,186,124,2,213,4,4433,9743,291,46519,32116,477,409,98,18910,1378,20235,62883,403234,424977,8978171,32,9,7]},"pktlen": {"min":40,"avg":339.2,"max":1492,"stddev":486.1,"var":236250.5,"ent":3.9,"data": [64,52,40,276,1492,1492,52,40,40,1492,1492,309,40,40,198,133,568,91,40,109,40,78,46,409,40,46,1100,46,411,415,86,78]},"bins": {"c_to_s": [10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1],"entropies": [4.334277153,4.946223736,4.571928501,5.576080799,7.377434731,7.334023952,4.748329639,4.630640984,4.571928501,7.530410290,7.590536594,7.109602451,4.680641174,4.630641460,6.484649181,6.111595631,7.563093662,5.442209721,4.630641460,5.902398109,4.630641460,5.214766979,4.462505341,7.402733803,4.680641174,4.505983353,7.828750610,4.609350681,7.428915024,7.453095436,5.564571857,5.463537216]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
-00859{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2437,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1587041692419649,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041692419649,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzETFAAEARZ+DAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAPmTDokAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
-00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2438,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692528594,"flow_dst_last_pkt_time":1587041692528594,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041692528594,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2438,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1587041692528594,"flow_dst_last_pkt_time":1587041692528594,"flow_idle_time":3285032704,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1587041692528594,"pkt":"KDc3AG3IEBMx8Tl2CABFAACscMtAADIGTDyXCzKLwKgBBgiu1d6yibcLw8sjj4AYAfWSMAAAAQEICnMgXuAwhCbwdBDZH1X2LNSHenV0XPT5UOuNQPq3DAtDODIIsZ4L3xE8W9ceOtMh\/taRn1i3oYCG\/lk5DiXu3JH7RFT8gb0ANFHp9LfVVHPD+A0sB0\/WJaUdO\/QQPvH9sYa9nCylNS5SUfWnuhHHtKPL+2Ql1DSrQI\/KjFfe6Sr3"}
-00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2439,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_src_last_pkt_time":1587041692528594,"flow_dst_last_pkt_time":1587041692528684,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692528684,"pkt":"EBMx8Tl2KDc3AG3ICABFSAA0AABAAEAGrzfAqAEGlwsyi9XeCK7DyyOPsom3g4AQD\/zTvAAAAQEICjCE1UVzIF7g"}
-00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2440,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_src_last_pkt_time":1587041692528594,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":3285032704,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1587041692528752,"pkt":"EBMx8Tl2KDc3AG3ICABFSAB8AABAAEAGru\/AqAEGlwsyi9XeCK7DyyOPsom3g4AYEADukgAAAQEICjCE1UVzIF7g5AplDBJ5jEkO1U2Mpra9\/PbG6UC\/FVXGQ5pEnr4zSbP3LnLXhdyZOGgH9qsJLTZHLgDXKr5t+q9K3Mvbm5JFapBhK16BH5zD"}
-00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2441,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":4,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692578366,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0cMxAADIGTLOXCzKLwKgBBgiu1d6yibeDw8sj14AQAfXhSgAAAQEICnMgXxEwhNVF"}
-00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2443,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692808980,"flow_dst_last_pkt_time":1587041692808980,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041692808980,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2443,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1587041692808980,"flow_dst_last_pkt_time":1587041692808980,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041692808980,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+gHAqAEGp2PXpOyWEVIVrX6QAAAAALAC\/\/9dQAAAAgQFtAEDAwUBAQgKMITWWwAAAAAEAgAA"}
-00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2444,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1587041692808980,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041692880898,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7JY0lYWJFa1+kaAS\/ohhIwAAAgQFrAQCCAoTeUD2MITWWwEDAwc="}
-00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2445,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_src_last_pkt_time":1587041692880999,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692880999,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyWEVIVrX6RNJWFioAQECx9\/QAAAQEICjCE1qITeUD2"}
-01203{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2446,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":3285032704,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1587041692881339,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG+AjAqAEGp2PXpOyWEVIVrX6RNJWFioAYECynDgAAAQEICjCE1qITeUD2FgMBAgABAAH8AwNIwmNvYpaxx4YaNkM5UOMBu+\/rhWm5ROKLkUQ+n9+bqCDe8bvsDQaKZ\/SHTClTSUEpcKfm8tnRcB\/XxmDM4wjf0gByEwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAK0Aq8yuzK3MrACdAKnMqwCsAKoAnACoAD0APMA4wDYAtwCzAJUAkQA1AK8AjcA3wDUAtgCyAJQAkAAvAK4AjAD\/AQABQQAAABIAEAAADWRhdGkubnRvcC5vcmcACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgqeitnlzPDiYBqjP3nyoLl6FANLUWPuCFiHYla5PeYScAFQB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-01292{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2446,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041692881339,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2447,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":5,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692951911,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692951911,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HBJAADQG6funY9ekwKgBBhFS7JY0lYWKFa2AloAQAfqJ4wAAAQEIChN5QT0whNai"}
-01380{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2448,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692953141,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041692953141,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2464,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693428391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":977,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":977,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":977,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693428391,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-01801{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2464,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693428391,"flow_idle_time":200000000,"pkt_caplen":1019,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1019,"pkt_l4_len":985,"thread_ts_usec":1587041693428391,"pkt":"EBMx8Tl2KDc3AG3ICABFAAPt48gAAEART4\/AqAEGNHJNiMnhDZYD2eNwBl3+t6o2WT+OKw\/oTFMopoursiGTBsvvLvg3wuBfZT1pBB1vO2396s1T+U1VujmCqj4L5tMtU2F\/1TQzFXSUlw7M8VMfNQQRkYM68GVjRmInITISf9xExqdFNNQs5RQE95Yd7wUQ0WB34xO5EY6WIo8x\/N\/uDXPR3dWPSffY9Pjxt3AuIhSE\/33TPi9IZfwvBkn0Ytl+OD1doGxH0KzkYpDzBS9hB1dBsT+zr8uYQ4OitShMofb6WewMwiNNfNExsV6iWN3hyOrqzEPoHJ8xMa7bW1q9BLkbd5BDoIOv\/MoJUwfM2rHFjSZuGzr\/wQ6fSJlA+ga+XWQ5cCOxemM862mQg5uhFhBag2VuzDKpysLY0ZCqnKz91R2yhrxoXReoN9yIxCUIquc7SAW\/92cRId8y07O6L1X8x\/aDl3FC0Al6caV7h\/r8ddpLTlDH6yLNlYfOWE7QuJLs4lty891N9hHky+P7SbB6VN0+eXLlpdIKbixmAmCZ1p6\/DFecrkQrfBusU7fCQ0m5UtC7A9xyYw8qrbidfp8KJduef6Xu3BA4D0YD6FFqNyrfEvkjpJ+3rNXlm\/vqN6+pA7Pyjrxbc8hNlLHZHBWyirKyjtN28dUXzlP+LsRPGNdQvqJFK3pV96V25LmYF5yiAGBc2dVjL3CV3I8BZIc1iv9PSXq8u5cmF3NAvFW+ejj0aUJys0KqSuB+SsBchm0XJNdD1T31o3cnzHzdRkPqsYgQxN+TMH4xz2ipnYwRm5mpiVbDbtght4DZhZkINSjZm+P+w6KJ1sJkRZyTcItShxjipY0pc0YcI\/iPO8Kihnfm0h7aZYr8JbNTXfrRfggxMyqgTWxlobhHKsiboGB5nz9mqNXgN5f2w6aCT8Ygr4J\/d\/M8CNiCRT+CKMTqRpDBqIcnsL3KBgSmI2li51fHmCYLknW2Aw3F82bIDyzOvtteFfeZxum8+GIS5JvJh64JDL9hUaT9FEJ6txlWLszG+bg1use4IiVMiF2jfKWFA1eFZRDjiQXrMStv0vPT1Ma73OvVsZAHSptss39ti+ltbCNxC0S+MDiB1jQrFVUZ5nHLM44PsanYQ\/0cpyVO6zbbzjzXTUfs+tAIMkUNPFZtCs1rFpKhkI3NcGs+yvSb4SV1GxhoDHVRpRNuKqFbFinCHp\/37lAaE9HGUTnfhxGhnCIfOfHIUUAT3eHul9H3b0Z8OnLYIK1ZDLQGkd0pzOUxUVHtQtXMulhXsHz7fr\/A21yG\/8b8NgTEX+gU6e+h1l0XisCpHYMfVCMz3mHn3ia\/HdLRjG51YnI="}
-00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2480,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693474528,"flow_idle_time":200000000,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1587041693474528,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJIAAGwR1nE0ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="}
-00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2481,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693475613,"flow_idle_time":200000000,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":1587041693475613,"pkt":"KDc3AG3IEBMx8Tl2CABFAADdNJMAAGwR1dQ0ck2IwKgBBg2WyeEAyV65B51cqyKYlOqfHC4eUj71t0+3OzD2kNc2OfFPQNt7fwvuOZltdCnrcr0l94iSgE3VeMj4bdDb+vZ+CObqTNO+QGlUnkV8bcknbNvGUx42nvxp8mhw\/srnkVApKnhDe\/uy29skE82ON2NOubAQd6VBKyo6DT6MaE1A1qjybrSe5XwDrj8OJ1EA\/FUFx\/b063Ar395Oi1sw+DBTZ16KUXaymVRCSFNXRrfz6yWlsSmdtxTLQfpVrW5dlejTUGgaSVxvSg=="}
-00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2482,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2482,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693515047,"pkt":"EBMx8Tl2KDc3AG3ICABFAABg5p0AAEARo1PAqAEGNHL6e8NgDZYATAKlAAMAMCESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
-00992{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2482,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2483,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693516414,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693516414,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2483,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693516414,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693516414,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NiAbvwxDFFAAAAALAC\/\/9VoQAAAgQFtAEDAwUBAQgKMITZEwAAAAAEAgAA"}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2484,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693517336,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693517336,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693517336,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2484,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693517336,"flow_idle_time":200000000,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1587041693517336,"pkt":"EBMx8Tl2KDc3AG3ICABFAABfDxsAAP8RKRvAqAEGwKgBAdnVADUASzsZd8IBAAABAAAAAAAAEmItdHItdGVhbXMtZXVuby0wNQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AABwAAQ=="}
-01078{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2484,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693517336,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693517336,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693517336,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Azure","proto_id":"5.276","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"b-tr-teams-euno-05.northeurope.cloudapp.azure.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2485,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693530810,"flow_idle_time":200000000,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_usec":1587041693530810,"pkt":"KDc3AG3IEBMx8Tl2CABFAACrU5xAADkRak7AqAEBwKgBBgA12dUAlwAAd8KBgAABAAAAAQAAEmItdHItdGVhbXMtZXVuby0wNQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AABwAAcAfAAYAAQAAAAUAQARwcmQxDmF6dXJlZG5zLWNsb3VkA25ldAAGbXNuaHN0CW1pY3Jvc29mdMA6AAAnEQAAA4QAAAEsAAk6gAAAADw="}
-01090{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2485,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041693517336,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693530810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":143,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1587041693530810,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Azure","proto_id":"5.276","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"b-tr-teams-euno-05.northeurope.cloudapp.azure.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2486,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693561382,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZBAAGwGgJc0cvp7wKgBBgG7w2KOQNor8MQxRoAS\/\/8u4wAAAgQFoAEDAwgBAQQC"}
-00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2487,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693561493,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693561493,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NiAbvwxDFGjkDaLFAQIABPogAA"}
-00747{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2488,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":3285032704,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1587041693561676,"pkt":"EBMx8Tl2KDc3AG3ICABFAADjAABAAEAGSXnAqAEGNHL6e8NiAbvwxDFGjkDaLFAYIADs+gAAFgMBALYBAACyAwNemFWdM\/wbLFSI3dPgZpkO7ysDE3\/GJlDQM9ZmaeyX\/AAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXQAAACAAHgAAG2V1YXoudHIudGVhbXMubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="}
-01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2488,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693561676,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2489,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693572678,"flow_idle_time":200000000,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693572678,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJQAAGwR4OU0cvp7wKgBBg2Ww2AAw6emARMApyESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAh\/IMTdT4SN+oAgAAgAAcHVcadqCg=="}
-00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2490,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693576546,"flow_idle_time":200000000,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":1587041693576546,"pkt":"KDc3AG3IEBMx8Tl2CABFAADdNJQAAGwR1dM0ck2IwKgBBg2WyeEAyV65B51cqyKYlOqfHC4eUj71t0+3OzD2kNc2OfFPQNt7fwvuOZltdCnrcr0l94iSgE3VeMj4bdDb+vZ+CObqTNO+QGlUnkV8bcknbNvGUx42nvxp8mhw\/srnkVApKnhDe\/uy29skE82ON2NOubAQd6VBKyo6DT6MaE1A1qjybrSe5XwDrj8OJ1EA\/FUFx\/b063Ar395Oi1sw+DBTZ16KUXaymVRCSFNXRrfz6yWlsSmdtxTLQfpVrW5dlejTUGgaSVxvSg=="}
-00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2491,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693576566,"flow_idle_time":200000000,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1587041693576566,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJUAAGwR1m40ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="}
-00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2492,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2492,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693582165,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgF74AAEARcjPAqAEGNHL6e8N0DZYATEppAAMAMCESpEI9x0RmdejywONbcT4ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
-00992{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2492,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2493,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693582610,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582610,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2493,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693582610,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693582610,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NlAbtcWVYoAAAAALAC\/\/\/E5AAAAgQFtAEDAwUBAQgKMITZVQAAAAAEAgAA"}
-00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693597783,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyLLYAAEARXJfAqAEGNHL6jcNgDZYA3iTJAAMAwiESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIfyDE3U+EjfoAFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACB+ROZSH0cQpVQPYpCmfWn5X6jy8HHHqFihd3XDn9tzDQ=="}
-00995{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
-02447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2495,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693608822,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693608822,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZVAAGwGevI0cvp7wKgBBgG7w2KOQOnM8MQyAVAQCARhxAAANjIwWjCBmzCBmDBMMAkGBSsOAwIaBQAEFCmF\/GE9vi+wEg9eQg5MnsPVnv18BBQI\/iWfdOqHBMK8u46oOF8zxtFsZQITLQAGXpgoyD\/NFydgrgAAAAZemIAAGA8yMDIwMDQxNTE5MDYyMFqgERgPMjAyMDA0MTkxOTA2MjBaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTA2MjBaMA0GCSqGSIb3DQEBCwUAA4IBAQAaQYaDpwd6DNwyOUeit6mUOBXgoV06pe6ThWCURamS0COPur719YO54pzaWQ\/wQiNdRfJ+6IxdL624Y9ECjW7h0i3GVY5McK\/JE0+t8QKiDyIrzja2mdM3dr87glc0ghsX25i5Wq+uovmAq2y0kIR5ZDxPkSCewMHChNQBpgB6w7ldXqSVgO6mMxOPGIUJeCKP7XKb6HxICQ+KDOclyTMlRvOfgXDsfJ+qgS\/\/Xx69gdsXVVKuxxVgmTXKPjwc6+0PAhk7AM38T+1uvkyY+cnLoNXnWfuXwei6nw4U+wy7NBkdjTNfderi681shWsjrz7QTveMgXHXa8hDzke10XqeoIIFIzCCBR8wggUbMIIDA6ADAgECAhNuABXTTwZmllgRJK\/RAAAAFdNPMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0yMDA0MDIxNjU4MDlaFw0yMTA0MDIxNjU4MDlaMCsxKTAnBgNVBAMMIE1pY3Jvc29mdF9JVF9UTFNfQ0FfNV9LZXlCaW5kaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt72xRWYGvzznDDT8NXYL9rp9+Ya3b0Z6P2wS3akQ58NdGCNNqh5bkYWl59MsBDUHv9Ef+w2CazdUk3Nynho4E8vpdECh67pX0G62DZBOiFmluBNKbuC5wy0qFpuDZifuCaL\/JIioH+qZxw1n9T+IlPYbhUIt9LEWbIcz3NKvVAjL22uCbIe4fgQeiRQY6CQMOOiKJvbVG0ji+rtc86+Mxhhl4WT\/oA0rEF\/rkByMk2VOShPm7OYdkPB4JadSsYxElQdJQqZtZ7Dx1QoI7ppuYvpwizs9bk5\/qpPbZOX2ffENmbYPX8IEIoHImvw+d5OCujhcH8ND8y2D3AEt3YOySwIDAQABo4HWMIHTMB0GA1UdDgQWBBQodwHOZZ6LuFUo+CvPI9\/FvHYaTDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAfBgNVHSMEGDAWgBQI\/iWfdOqHBMK8u46oOF8zxtFsZTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdgcybR4HI6RYCAWQCAQcwGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAgEAZeWmp3UPfRLZIyUkIOP3qzADvvJHesY63Dc2ynSZnVwywgjceFf+k+yQAXU4qttDwcVbl8RAxZ3TRxOK\/tx9uYmaavtEm3swh9h5B7DCvmIXfqsJJlRpK\/OFGfcf49BNBZXJky59f8YfJ49hsiJiWchclECz2p04IejlY2rjzCMngCMT2bpAzYBsJXomAbKsVRl07LYT4CLhdIIHrd+syTeudyjkMfJb34y+qxxeDCvdd+fLKHcrxUao3ZXsd7wz3mk1EWQVaTo+Md3\/ECUv"}
-01240{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2495,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693608822,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041693608822,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693611913,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgfyMAAEARCrzAqAEGNHL6jcNhDZYATBjuAAMAMCESpELalY8VcoE3uJ+0vVMADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
-00992{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}}
-00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2515,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693625394,"flow_idle_time":200000000,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693625394,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxUAAGwRBmU0cvp7wKgBBg2Ww3QAwyhaARMApyESpEI9x0RmdejywONbcT4ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAhb5VsGDC2J+oAgAAgAAc5scadqCg=="}
-00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2516,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693628354,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Nx9AAGwG5wg0cvp7wKgBBgG7w2XeqFvwXFlWKYAS\/\/\/MOwAAAgQFoAEDAwgBAQQC"}
-00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2517,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693628427,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693628427,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NlAbtcWVYp3qhb8VAQIADs+gAA"}
-00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2518,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":3285032704,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1587041693628756,"pkt":"EBMx8Tl2KDc3AG3ICABFAADjAABAAEAGSXnAqAEGNHL6e8NlAbtcWVYp3qhb8VAYIADHIgAAFgMBALYBAACyAwNemFWdJel+38T72uo9XNMIcFrJVaaQNKpU+a+Uq8VSQwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXQAAACAAHgAAG2V1YXoudHIudGVhbXMubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="}
-01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2518,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693628756,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2519,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693640777,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJUAAGwR4QY0cvp7wKgBBg2Ww2AAoaFUAQMAhSESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHB1XGnagqAUAAYm3E8YjrBv7v21SN1g6+m0xjhRrQAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIK\/9w8VcH20Bp+o9r1mX6tB+MRypEJNYTX2DO\/tetQep"}
-00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2520,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2520,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693654732,"pkt":"EBMx8Tl2KDc3AG3ICABFAADySXIAAEARP9\/AqAEGNHL6icN0DZYA3q9FAAMAwiESpELOvwn047sA+HEU4bYADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIW+VbBgwtifoAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACCU7UyKuDgKSJKUvk8SSs9ovhsGMp06Kok2oE1dFOuKzQ=="}
-00995{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2520,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}}
-00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2521,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693658468,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJYAAGwR4NE0cvqNwKgBBg2Ww2EAw+F\/ARMApyESpELalY8VcoE3uJ+0vVMADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAiQUL8kDsWN+oAgAAgAAcwTcadqCg=="}
-00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2525,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2525,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693668523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgYKIAAEARKUHAqAEGNHL6icN1DZYATE9EAAMAMCESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
-00992{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2525,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
-02450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2526,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693675117,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693675117,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNyJAAGwG4WU0cvp7wKgBBgG7w2XeqGPBXFlW5FAQCASBlQAAW6sdwoMA3bRkqxv5VpjyajDfFXWqL4G9QZfl841dfR9SjQLMnRDtMHjHLLEHhJCKLU2ikazGCdNZMqtfaxeWquCIWw56s0bCKwmin9Y3DIsAdEejps5dwVGPEJfdlpEbIxcuBzCIRY0C23wA8SsmAke7nyJfwnrDoCjE4H7m3XXod08er9hfv0q4nITSnedP3o61Oc42o6ZTtprTcb83jeNHnfqPTx\/r7JoPcNdqLrU2S9F5B\/3\/72kY0IJW8GVz3JfVywG\/oGQZf4DtR+N9iCPyVunnsxwatk5VQeVSeoKWofbhmm5\/59\/eJyGGKNh6xcOod+zQ\/yRc87f6tHNG2YoyFngY2b4iSL5cKDGkUG4HW8AD3tnSSMB+eS+kUxAHQWzl9sk8GGj5SN\/h6yZsZx0M8Cajppy8O10hsA4MnuDtB3uK64JLD12Do4vw3+8vrlcfGCUgqrNGgRVPtSVulxGnCvWOq0JhUVItmI195Is0h3MiJgXc2KNuZpMfbIcuyiiUJx2zdkFT81nL1PidcMdiaFVUoMih7rr4UtgVbmkgKemK\/Z7z3no4iLWFOB0NszihbN+mXEPfve7ERdipQf9N4gAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4UEla9xB7d\/jmSpBKVVLelK10CaBkVyzNB5CfFq2Vw9EGuvHvbAW1BKyp3Bsxmw4tGZUET95my601cq8ZggiyFDoWX7A8m9uNDLAC1iYf6BVxxO\/5YzlDjOnCki6hwqAwJQ6WJ1+eoyuC1hC9PBkepof+VSE6XEH8AZjML5L\/Zji0uGacDxJoS0qshrtemP+eppxTbDMRpNCuUkfXi4\/xlqy5KZqPLPGtZBjDJrsAZN5QcMC77MZrrtOg78DxXA3yzHpZ2hgzL1kQrWcULF8iQ0pE4ejd4OdVFk4J7wNMDEhQWvAD347vY8pbZ4dDQCwGth8PPlPAZj\/XFBXmCGKYSH6D5ae1XVEtVC1h\/TRd1LeAzdJ9zrEkO\/OXbGwT3ooXyYr1SJVC9xKQ4xAX9qEAxTYqZZGeBexCLlq4mRv\/1E61+mZV2YOOvwgpjfoLAgMBAAGjggFCMIIBPjAdBgNVHQ4EFgQUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHwYDVR0jBBgwFoAU5Z1ZMIJHWMys+ghUNoZ7OrUETfAwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwJwYDVR0lBCAwHgYIKwYBBQUHAwEGCCsGAQUF"}
-01240{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2526,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693675117,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041693675117,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2542,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693698272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxYAAGwRBoY0cvp7wKgBBg2Ww3QAoWPcAQMAhSESpELOvwn047sA+HEU4bYADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHObHGnagqAUAAYmiULR7BQSjV7GJ7mOy6WXuQ5anUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIJWLEhTAIKUMzT0EuyGZ9cU94RPVJanGef0JixSMSj4H"}
-00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2543,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693711026,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyfgoAAEARC0PAqAEGNHL6jcNhDZYA3rEpAAMAwiESpEJLDXUDhL3sfvdJg10ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIkFC\/JA7FjfoAFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACBfcijkK3I1E6fsjRiPsKvs33Xfpf\/cKnDyh7VrIY168g=="}
-00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2545,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693714142,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxcAAGwRBlU0cvqJwKgBBg2Ww3UAwwtKARMApyESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAjDwJ1K7o6J+oAgAAgAAcBocadqCg=="}
-00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2551,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693756239,"flow_idle_time":200000000,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693756239,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJcAAGwR4PI0cvqNwKgBBg2Ww2EAoTssAQMAhSESpEJLDXUDhL3sfvdJg10ADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHME3GnagqAUAAYLOxJmLF8a9P8QJMpg69OprVoITMAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIMhO7y5FcPLOAgpkLIJifRx7Dv8ek2QLf5zo\/BiwDhB4"}
-00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2552,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693763689,"pkt":"EBMx8Tl2KDc3AG3ICABFAADy1jgAAEARsxjAqAEGNHL6icN1DZYA3qn\/AAMAwiESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIw8CdSu6OifoAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACAOMJjC3yWHP2a8uRvQ6tdNq4Cf2VvwjY\/Ply+68rS7wg=="}
-00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2556,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693808734,"flow_idle_time":200000000,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693808734,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxgAAGwRBnY0cvqJwKgBBg2Ww3UAoXQEAQMAhSESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHAaHGnagqAUAAYaOUMdiD0+ug9lexVR\/3YR6\/W6KUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIL4g0LfB18yA2q\/RVWXcDhE8D9XtCMo2nCqOglxViaD8"}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2559,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693828302,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693828302,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2559,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693828302,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693828302,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSf\/AqAEGNHL6mMNeAbvdNMkXAAAAALAC\/\/\/QFQAAAgQFtAEDAwUBAQgKMITaQwAAAAAEAgAA"}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2562,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693849498,"flow_dst_last_pkt_time":1587041693849498,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693849498,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2562,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693849498,"flow_dst_last_pkt_time":1587041693849498,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693849498,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSf7AqAEGNHL6mcN0AbuMksvlAAAAALAC\/\/8dvwAAAgQFtAEDAwUBAQgKMITaVwAAAAAEAgAA"}
-00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2564,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693869354,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZxAAGwGgG40cvqYwKgBBgG7w17cXACa3TTJGIAS\/\/81\/QAAAgQFoAEDAwgBAQQC"}
-00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2565,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693869423,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693869423,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShfAqAEGNHL6mMNeAbvdNMkY3FwAm1AQIABWvAAA"}
-00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2566,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":3285032704,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041693869663,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWAABAAEAGSWnAqAEGNHL6mMNeAbvdNMkY3FwAm1AYIACuOQAAFgMBAKkBAAClAwNemFWd9sBVDmqpQ1JOmTf85+s9vRwXDIKd7RSpfqD9hwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAUAAAABMAEQAADjUyLjExNC4yNTAuMTUyAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"}
-01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2566,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693869663,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"52.114.250.152","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2567,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693849498,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693893017,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NypAAGwG5t80cvqZwKgBBgG7w3QJhgXYjJLL5oAS\/\/9RUwAAAgQFoAEDAwgBAQQC"}
-00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2568,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693893121,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693893121,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShbAqAEGNHL6mcN0AbuMksvmCYYF2VAQIAByEgAA"}
-00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2569,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":3285032704,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041693893319,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWAABAAEAGSWjAqAEGNHL6mcN0AbuMksvmCYYF2VAYIAA4UQAAFgMBAKkBAAClAwNemFWd\/1XCA+79geTWEWiWwTsvTSnBi9NExcEsdrOoSgAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAUAAAABMAEQAADjUyLjExNC4yNTAuMTUzAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"}
-01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2569,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693893319,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"52.114.250.153","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-02439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2576,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693912361,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693912361,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZ1AAGwGes00cvqYwKgBBgG7w17cXACb3TTJxlAQCARdzwAAFgMDF+kCAABVAwNemFWdM9zHzxbjC7QANdHz8AfaCDM7kl4CH3iC8m+C5SA8HQAAdg+4AWMXjI8CbVJCHoa9vuL+BAQY6d2I21i7H8AwAAANAAUAAAAXAAD\/AQABAAsADuwADukACSswggknMIIHD6ADAgECAhMtAAZemCjIP80XJ2CuAAAABl6YMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA1MjQxNDEwMjZaFw0yMTA1MjQxNDEwMjZaMCExHzAdBgNVBAMTFnRyLnRlYW1zLm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLTNHPfgLoOgUfyR4c2CDg+CoBg7bwaQp6OOdTLjN80e6165bdZW8ryNWADQBv\/\/6Ld1H5eQQNetSDwVifHVU+CteBiHg6T9F1rA96B1Fk1nARcGhMPsZbgvGxJ+NR6ygkRK7GWC6KFZyOiZ0MvWyxQTJBlsBwklHTiX9D0fiSz06Q+tVkIHpWWHGkJRO+Tm3UUtCMr7e1K4eQloaVRg1AeMGEhZEaGXyKum9VwAP15maK0zwKMiUymx8uWFHW4J0+7wZd9kZyUeJvDO2QDZvxPl5w9NBzvGZUQFIkRD+XvUanlt9AtvhnDy5BiPzueeQgaJbyvyJl4Af8nIo8gppfAgMBAAGjggTrMIIE5zCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFq6jb0ngAABAMARzBFAiEA+SbPYnNZBq5NAa+KJuZcLJF6Cs7c51vg2wno92Y73cQCIFui0LePG9Yu0H+TqmpdeWJeVlJ0KiyWWMKI6D92L\/K3AHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFq6jb1LQAABAMARjBEAiAZDnc3oPi8LaNBy6Df89WOlPch018jWvYNKaDO2U51nQIgYZuZffTHCtDDZ3lWVJgiVsjUCTGqki0p6MIBuSQoIfUAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWrqNvNaAAAEAwBIMEYCIQChq4nHPM4twtbxyAgrDLE3a797eV+6L2EiO6pBrFmrUAIhANBHWXnY9HAcs6WqVRp9r8q8wlaSY9pBfB7vJlbCShQPAHUARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFq6jb0QQAABAMARjBEAiAzKKpy8ELEm5AO\/Cl8weRDML0CJ7IOPZ2GbRbx\/8vxWgIgDCW1c1pNKCE9DA2mbQwKGa4Z2H7dNtIRrzU4ZJcZOr8wJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBSC313bBDWiwUMAeq0EgFmCSqbJVzALBgNVHQ8EBAMC"}
-01752{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2585,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":8,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693913259,"flow_dst_last_pkt_time":1587041693913604,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693913604,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.152","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75"}}}
-02440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2595,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693937910,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693937910,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNyxAAGwG4T00cvqZwKgBBgG7w3QJhgXZjJLMlFAQCAT\/SwAAFgMDF+kCAABVAwNemFWdlZ1o0K1pDuc31o7KbeFA6zW0UoTj74rN53YU1yAVNwAAZbPmUJGFDDA3baQ8RQ+flEqSYPNJweq+ysirz8AwAAANAAUAAAAXAAD\/AQABAAsADuwADukACSswggknMIIHD6ADAgECAhMtAAZemCjIP80XJ2CuAAAABl6YMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA1MjQxNDEwMjZaFw0yMTA1MjQxNDEwMjZaMCExHzAdBgNVBAMTFnRyLnRlYW1zLm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLTNHPfgLoOgUfyR4c2CDg+CoBg7bwaQp6OOdTLjN80e6165bdZW8ryNWADQBv\/\/6Ld1H5eQQNetSDwVifHVU+CteBiHg6T9F1rA96B1Fk1nARcGhMPsZbgvGxJ+NR6ygkRK7GWC6KFZyOiZ0MvWyxQTJBlsBwklHTiX9D0fiSz06Q+tVkIHpWWHGkJRO+Tm3UUtCMr7e1K4eQloaVRg1AeMGEhZEaGXyKum9VwAP15maK0zwKMiUymx8uWFHW4J0+7wZd9kZyUeJvDO2QDZvxPl5w9NBzvGZUQFIkRD+XvUanlt9AtvhnDy5BiPzueeQgaJbyvyJl4Af8nIo8gppfAgMBAAGjggTrMIIE5zCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFq6jb0ngAABAMARzBFAiEA+SbPYnNZBq5NAa+KJuZcLJF6Cs7c51vg2wno92Y73cQCIFui0LePG9Yu0H+TqmpdeWJeVlJ0KiyWWMKI6D92L\/K3AHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFq6jb1LQAABAMARjBEAiAZDnc3oPi8LaNBy6Df89WOlPch018jWvYNKaDO2U51nQIgYZuZffTHCtDDZ3lWVJgiVsjUCTGqki0p6MIBuSQoIfUAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWrqNvNaAAAEAwBIMEYCIQChq4nHPM4twtbxyAgrDLE3a797eV+6L2EiO6pBrFmrUAIhANBHWXnY9HAcs6WqVRp9r8q8wlaSY9pBfB7vJlbCShQPAHUARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFq6jb0QQAABAMARjBEAiAzKKpy8ELEm5AO\/Cl8weRDML0CJ7IOPZ2GbRbx\/8vxWgIgDCW1c1pNKCE9DA2mbQwKGa4Z2H7dNtIRrzU4ZJcZOr8wJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBSC313bBDWiwUMAeq0EgFmCSqbJVzALBgNVHQ8EBAMC"}
-01752{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2603,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693938156,"flow_dst_last_pkt_time":1587041693938382,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693938382,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.153","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75"}}}
-00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2632,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694219802,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694219802,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2632,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694219802,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041694219802,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9w\/AqAEGNHJNiOyXAbs8mpamAAAAALAC\/\/8lfgAAAgQFtAEDAwUBAQgKMITbvgAAAAAEAgAA"}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2633,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694221137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694221137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2633,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694221137,"flow_idle_time":200000000,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_usec":1587041694221137,"pkt":"EBMx8Tl2KDc3AG3ICABFAABWS5cAAP8R7KfAqAEGwKgBAe2lADUAQpDJn88BAAABAAAAAAAAG2MtZmxpZ2h0cHJveHktZXVuby0wMS10ZWFtcwhjbG91ZGFwcANuZXQAABwAAQ=="}
-01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2633,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694221137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694221137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"c-flightproxy-euno-01-teams.cloudapp.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2634,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694234511,"flow_idle_time":200000000,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"thread_ts_usec":1587041694234511,"pkt":"KDc3AG3IEBMx8Tl2CABFAACixyFAADkR9tHAqAEBwKgBBgA17aUAjgAAn8+BgAABAAAAAQAAG2MtZmxpZ2h0cHJveHktZXVuby0wMS10ZWFtcwhjbG91ZGFwcANuZXQAABwAAcAoAAYAAQAAAA4AQARwcmQxDmF6dXJlZG5zLWNsb3VkwDEGbXNuaHN0CW1pY3Jvc29mdANjb20AfaP8PAAAA4QAAAEsAAk6gAAAADw="}
-01075{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2634,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694234511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1587041694234511,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"c-flightproxy-euno-01-teams.cloudapp.net","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2637,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041694262764,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0VplAAGwGdII0ck2IwKgBBgG77Jdw4z8APJqWp4AS\/\/+58wAAAgQFoAEDAwgBAQQC"}
-00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2638,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_src_last_pkt_time":1587041694262870,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041694262870,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG9yfAqAEGNHJNiOyXAbs8mpancOM\/AVAQIADasgAA"}
-00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2639,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":3285032704,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_usec":1587041694263191,"pkt":"EBMx8Tl2KDc3AG3ICABFAADrAABAAEAG9mTAqAEGNHJNiOyXAbs8mpancOM\/AVAYIADbZQAAFgMBAL4BAAC6AwNemFWex6L93KvTNrWWS\/8PQ2rao\/9bFvV0yUUyu2nlvwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAZQAAACgAJgAAI2FwaS5mbGlnaHRwcm94eS50ZWFtcy5taWNyb3NvZnQuY29tAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"}
-01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2639,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694263191,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-02449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2641,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":5,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694308351,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041694308351,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVptAAGwGbuA0ck2IwKgBBgG77Jdw40StPJqXalAQCAQlEAAAcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUenuMwc\/noMoc1Gv6++Ezww8aop0wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQCGBg8ckx9UDTW7UZXC+1At9FP7A44gNWDP9CaNquKk0Ym4Hc6H0wUEGjC2TPH4ZMpVVvzoaDTGQwOYpaTTUvX3MEMOYKEG1Cvx9tqcsdP3yUB2L0u\/Y3lBDRRYTQjeuiKHInHCIKjjX\/QCOyzvB5\/C0exDQl9fWwS+qncho+mgAfK2IA8Fxzsv6+EtDoQ7Dvl6yGFB0IOq2h0mRJqrPawbpWi2DqNdE30PlqszN6KarfO3etdnYrpJGC2USn7nux+J+nU9mSFC0ZsLRlurcf+j5mIScxOoR1R1zgqZUwqnxhpp4P1IJVImICPzlelUrV+V7b3YppHp2Rgn\/+S4J10m17s2TbLTa97JGjEE\/3YQ7h5IdjwTnwuq1dP++rQhXt3FX3MOWAHLNAKjiWyKZFU6vIewI5Hi6y2fkjqSeRt4\/aWEgJvh20gdM0p+zqdmShg\/748CHucnl5Zm4aJe3RbjYEYoFcds8ex0ujMudADb\/QzGDXRU0vzS1rVbA4cYFxJP\/arXmxNmNaQws3ulhsztenPZhSi+YjcTSxMjLvyNTiFRWl6oPmD03juUR4abmC3Z6rh\/ORpnPJ\/Em03uuhRVjI2A+WVhItVGj\/kDERprkC2fKCqbcztcQMil\/Kk2WHT\/UliJtmxX7yjxKPFWCSC+MDNsBV3uBwoK+m\/VewoOUwAFuDCCBbQwggScoAMCAQICEAtqs7A+san2xGCSaqjN\/rMwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUyMzhaFw0yNDA1MjAxMjUyMzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKvl612jazme9TSIErsdUiZdfQkLxnmOq7cO3xmy3e4P9u70VuRG4pIP4mcL4xxxpNRBc7TLmRaOv3d9sK8ebO1xLsMId0pekq7sWtBIgdDF6aD1eo8ejV7TrZLA2saRNTEguTkEzRAqPJcdAJ6ZGBgJz0uX5Mn8APAMWp026LJAwUqshCiqPUYYK6eKrPSvS6h+SULHYiDA5qc7XeuQH7uK2JyQ4zqxbMKUzj4ya8txs0EuucXhXdhZJ4L74UgNfugE8fkBJ0H6lFp9xTC7trrXEZuI+gHMbkuSufh4PMucaJoWZojQk7Aqgy6XER1+gSBh5LC5m5xuU5WVIsbZvXUQutl1jDw\/HdCW+DNFe3sfVDPlSJenBSSi29Hcla4gKn2WiUh7knrQJLHeSBH3Zzy03\/hYYPVPezRo"}
-01247{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2641,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694308351,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041694308351,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695278787,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMhisAAEARcdvAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
-01125{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
-00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2666,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2666,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695278905,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZ7QAAEARkFLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
-01125{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2666,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
-00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2667,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2667,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695305290,"pkt":"KDc3AG3IEBMx8Tl2CABFAACMbOkAADURirVdR27NwKgBBj\/Mw2AAeJv\/AAEAXCESpEJpQfrkOEmJN4IqUAgABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUCA60OBRrDjRc1P+cP0BpsLC+QjmAKAAEPxxxZQ=="}
-01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2667,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
-00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2668,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2668,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695305879,"pkt":"KDc3AG3IEBMx8Tl2CABFAACM2aMAADURHftdR27NwKgBBj\/Nw3QAeFT\/AAEAXCESpEKjF0z2+O91Jw0PY1cABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUo4jart22gVLrHF0JHGaI64vA9HeAKAAEUHwvEg=="}
-01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2668,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
-00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2670,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695330085,"flow_idle_time":200000000,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695330085,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0TLUAAEARoAHAqAEGXUduzcNgP8wAYAttAQEARCESpEJpQfrkOEmJN4IqUAiAcAAEAAAABwAgAAgAAR7efFXKj4A3AAQAAAACgDYABAAAAAEACAAUlU+ROI4McMZBUuZSU8\/gWyGrdx6AKAAE+OcqVw=="}
-00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2671,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695330306,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695330306,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMkXkAAEARWyXAqAEGXUduzcNgP8wAeAk2AAEAXCESpEL9LF5WbGc54yQwO\/cABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAU1YbVJoGA61aUBne1Qcfqud7BOGOAKAAEmnK+Jw=="}
-00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2672,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330316,"flow_idle_time":200000000,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695330316,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0gkYAAEARanDAqAEGXUduzcN0P80AYEblAQEARCESpEKjF0z2+O91Jw0PY1eAcAAEAAAABwAgAAgAAR7ffFXKj4A3AAQAAAACgDYABAAAAAEACAAUNbjIzLk8Htcx5rlGPdUzB6Mtkf+AKAAECmy4uA=="}
-00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2673,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695330389,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMX9EAAEARjM3AqAEGXUduzcN0P80AeEAgAAEAXCESpEJvsFtMkRg8G\/ztdLwABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUIVL6+UU6k643kpe64\/MzitD9Q4eAKAAEwjOytg=="}
-00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2674,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695381451,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsaPwAAEARIBfAqAEGNHL6jcNgDZYBGBOdAAQA\/CESpEIsNFIeR67x\/KSTudUADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAfAABAGghEqRCH9y33u2t\/jYyT2+1AAYACW81L0k6RlkzMgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAh\/IMTdT4SN+oA3AAQAAAACAAgAFLkI9+jCSAoSd\/OOXciVMXiIrqbdgCgABLPHZEgACAAg7sRmb8sPDDsK8L9wIx7c4\/un3a7csABeHu5jm1wMzFk="}
-00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2675,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695381585,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsXTYAAEARK+HAqAEGNHL6icN0DZYBGMK2AAQA\/CESpEIeamDBSEqcaMKGtFYADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAguGTqGqFZLfExfohAPRW3NYW9D0LDg15vdpj82BiyuIs="}
-00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2677,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389155,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4fJgAAGwR4O40cvqNwKgBBg2Ww2AApNd+ARUAiMLWdk9T8dgTMFhVlH2+EmsADwAEcsZLxgASAAgAAT\/MXUduzQATAHAAAQBcIRKkQpOT7iqoT5owckEG1gAGAAlGWTMyOm81L0kAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQwsyB\/3AcVNGFmgIYtfHOO0Vm54oAoAAR90b9H"}
-00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2678,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389378,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4VxkAAGwRBnI0cvqJwKgBBg2Ww3QApCdjARUAiE\/LrilDXPJWtp6yDikzcPIADwAEcsZLxgASAAgAAT\/NXUduzQATAHAAAQBcIRKkQlPk9TFAsI2GK+OZoAAGAAkrbUl2OkpGd2oAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQqoNaJl5j6Qph3wmShySpejyG1ZYAoAAR\/OzfK"}
-00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2679,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695406639,"flow_dst_last_pkt_time":1587041695330306,"flow_idle_time":200000000,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695406639,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0Bd0AADUR8dldR27NwKgBBj\/Mw2AAYJiUAQEARCESpEL9LF5WbGc54yQwO\/eAcAAEAAAABwAgAAgAAcHVcadqCoA3AAQAAAACgDYABAAAAAEACAAUfLZK4Jp9GCnUwepSRXJ0QYfNKUiAKAAEeKXxaw=="}
-00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2680,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695407379,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695407379,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0iYEAADURbjVdR27NwKgBBj\/Nw3QAYAIVAQEARCESpEJvsFtMkRg8G\/ztdLyAcAAEAAAABwAgAAgAAc5scadqCoA3AAQAAAACgDYABAAAAAEACAAUt0fBakPBlSed9Q+UJ+6ZvN9VvN+AKAAELvJkIw=="}
-00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587041695421892,"pkt":"KDc3AG3IEBMx8Tl2CABFAACYUPwAAGwRCyM0cvwVwKgBBg2Yw3QAhCaSAAEAaCESpEK59F1PLtIJs2rQCYoABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACGUfNM4ueRX8gDcABAAAAAIACAAUDNg3puCxSSnyiCvs+zLb4wfWy9WAKAAEDuovdw=="}
-01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
-00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2683,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2683,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587041695422685,"pkt":"KDc3AG3IEBMx8Tl2CABFAACY4AMAAG0Reyg0cvwIwKgBBg2Xw2AAhBBVAAEAaCESpEKBJ1p+KLNk2I89FPkABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACN6qKWcI9wj8gDcABAAAAAIACAAUyAS6wVT6GpHQ1gnRXe5kbQ9LDuWAKAAEokvlFA=="}
-01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2683,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
-00795{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2684,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695432593,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1587041695432593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEIQwIAAEARRjXAqAEGNHL6jcNgDZYA9FdMAAQA2CESpEKfui7uErrywVVZDhwADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAWAEBAEQhEqRCk5PuKqhPmjByQQbWgHAABAAAAAcAIAAIAAEe3nxVyo+ANwAEAAAAAoA2AAQAAAABAAgAFFFp\/EIw9m0w0dRwmYyqML3\/iSKPgCgABN8vUt8ACAAgqGRf4o8r70c+bwbjLKjnyOxfHW\/RCLgda6bT0E3pUpo="}
-00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2685,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1587041695432665,"pkt":"EBMx8Tl2KDc3AG3ICABFAACA0aoAAEARtpnAqAEGNHL8CMNgDZcAbO2O\/xAAYN6qKWcI9wj8AQEARCESpEKBJ1p+KLNk2I89FPmAcAAEAAAABwAgAAgAASyFFWBYSoA3AAQAAAACgDYABAAAAAEACAAUmYtT\/sgffZE\/GPjMTGRSk5h1N+2AKAAEPqesNg=="}
-00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2686,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695432806,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsslcAAEAR1rvAqAEGNHL6jcNgDZYBGA46AAQA\/CESpEKGfpR3I6Wm38Zk7TUADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAfAABAGghEqRCH9y33u2t\/jYyT2+1AAYACW81L0k6RlkzMgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAh\/IMTdT4SN+oA3AAQAAAACAAgAFLkI9+jCSAoSd\/OOXciVMXiIrqbdgCgABLPHZEgACAAg4ni\/MyGpn0IPPfamZXcwXcyTP9hFKqNf3gjYqNKVXl0="}
-00793{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2687,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695433232,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1587041695433232,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEIB74AAEARgX3AqAEGNHL6icN0DZYA9JXXAAQA2CESpEJpchKVO4fonPIh+aAADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAWAEBAEQhEqRCU+T1MUCwjYYr45mggHAABAAAAAcAIAAIAAEe33xVyo+ANwAEAAAAAoA2AAQAAAABAAgAFKSOPm9ycNiS3mJyX4fapy4vEu1\/gCgABIqjvoYACAAg+pL5K0Lk7MyR0ZqbhlMFnDsKGKI3TTZKmRHPJasNnPQ="}
-00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2688,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695433333,"flow_idle_time":200000000,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1587041695433333,"pkt":"EBMx8Tl2KDc3AG3ICABFAACAFs8AAEARcWjAqAEGNHL8FcN0DZgAbMYz\/xAAYGUfNM4ueRX8AQEARCESpEK59F1PLtIJs2rQCYqAcAAEAAAABwAgAAgAASyKFWBYV4A3AAQAAAACgDYABAAAAAEACAAUb+d2GMvNHhGxBtT1sjJNLSVYAvSAKAAEqoFJXQ=="}
-00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2689,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695433459,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695433459,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsR2QAAEARQbPAqAEGNHL6icN0DZYBGOj5AAQA\/CESpELTjfKyZNTNUCzFgVAADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAgUB2ZPqsXXGYjBv8pRG+HEjCK6R8QdiEsnAYTs3tf1IE="}
-02272{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2690,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693824623,"flow_dst_last_pkt_time":1587041695435566,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041695435566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":71850.4,"max":1566873,"stddev":274680.6,"var":75449425920.0,"ent":1.9,"data": [44968,45079,183,47440,47249,164,13,124,2,107,17,104,3,107,2,120,2,1,8026,8,35,52434,1246,45626,48613,92238,43679,69083,272,113543,1566873]},"pktlen": {"min":40,"avg":256.9,"max":1492,"stddev":427.0,"var":182315.3,"ent":3.7,"data": [64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46]},"bins": {"c_to_s": [15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1],"entropies": [4.396777153,4.946223736,4.453056812,5.436062336,7.472877979,4.624014378,7.357961178,6.174726009,4.707639694,4.669178009,7.651301384,7.035131931,4.669178009,4.492897511,7.576755524,6.572272301,4.384184361,4.492897511,4.492897034,6.376044750,4.495644569,5.773638725,4.565871716,5.388861179,4.561769009,6.442826271,6.864662647,4.511769295,5.438062191,4.384184361,4.565872192,4.565872192]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
-00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2696,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586059,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZh4AAEARkejAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
-00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2697,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586146,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMyucAAEARLR\/AqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
-00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2701,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890424,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890424,"pkt":"EBMx8Tl2KDc3AG3ICABFAACM6boAAEARDkzAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
-00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2702,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890513,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890513,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMMbQAAEARxlLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
-00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2707,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":4,"flow_src_last_pkt_time":1587041696194345,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041696194345,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMXPIAAEARmxTAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
-00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2708,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":4,"flow_src_last_pkt_time":1587041696194432,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041696194432,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMFBgAAEAR4+7AqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
-00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2709,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":5,"flow_src_last_pkt_time":1587041696498337,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041696498337,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMrv0AAEARSQnAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
-00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2710,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695406639,"flow_dst_last_pkt_time":1587041696498551,"flow_idle_time":200000000,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1587041696498551,"pkt":"EBMx8Tl2KDc3AG3ICABFAACQu2oAAEARMTDAqAEGXUduzcNgP8wAfBKsAAEAYCESpEKyalJ26c+bCI1C0PUABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAlAAAAJAAEbv\/+\/4A3AAQAAAACAAgAFNd7wOvI0gzaWL0JHAJmvaCW1OcegCgABLiDaXI="}
-00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2711,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":5,"flow_src_last_pkt_time":1587041696498651,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041696498651,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMPIAAAEARu4bAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
-00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2712,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695407379,"flow_dst_last_pkt_time":1587041696498784,"flow_idle_time":200000000,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1587041696498784,"pkt":"EBMx8Tl2KDc3AG3ICABFAACQSB8AAEARpHvAqAEGXUduzcN0P80AfNVTAAEAYCESpEKDWwnX0gcAJk8k2boABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAlAAAAJAAEbv\/+\/4A3AAQAAAACAAgAFPLvVpmLRoXR+XSjZzwE+pIZjkn7gCgABO2z0lM="}
-00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2730,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697061972,"flow_dst_last_pkt_time":1587041697061972,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697061972,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2730,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_src_last_pkt_time":1587041697061972,"flow_dst_last_pkt_time":1587041697061972,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041697061972,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxpHAqAEGKE+KKeyYAbtVmTcwAAAAALAC\/\/8wcwAAAgQFtAEDAwUBAQgKMITmwQAAAAAEAgAA"}
-00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2731,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_src_last_pkt_time":1587041697061972,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041697091344,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8X+VAAG4GOLAoT4opwKgBBgG77Jhhqm+9VZk3MaASIADeAQAAAgQFoAEDAwgEAggKC\/ZmGDCE5sE="}
-00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2732,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_src_last_pkt_time":1587041697091452,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041697091452,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyYAbtVmTcxYapvvoAQEAkclQAAAQEICjCE5t4L9mYY"}
-00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2733,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":4,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":3285032704,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"thread_ts_usec":1587041697092026,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEjAABAAEAGxa7AqAEGKE+KKeyYAbtVmTcxYapvvoAYEAlljAAAAQEICjCE5t4L9mYYFgMBAOoBAADmAwMvt9\/l19PgHHhBJ7fePZ9nkIIpM9PqvMR3RuXFQQr78gAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACV\/wEAAQAAAAAXABUAABJnYXRlLmhvY2tleWFwcC5uZXQAFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACgAIAB0AFwAYABk="}
-01128{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2733,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697092026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
-02430{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2734,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697123566,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041697123566,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUX+dAAG4GMxYoT4opwKgBBgG77JhhqnVeVZk4IIAQBAXnDAAAAQEICgv2ZjgwhObedGlvbmluc2lnaHRzLmF6dXJlLmNvbYISZ2F0ZS5ob2NrZXlhcHAubmV0ghVkYy50cmFmZmljbWFuYWdlci5uZXSCH2F1c3NlLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHmJyenMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2NhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWNmci1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1jaW4tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2tvLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWN1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh9jdXMwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1lYXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdZWF1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWVqcC1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1ldXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDItYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDQtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDUtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIeZXVzMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5uY3VzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHW5ldS1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5zYWZuLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHnNjdXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdc2VhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXN1ay1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1zd24tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdd2V1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXd1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh53dXMyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCIHd1czIwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0MIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAJWTZzx1MK5GdVXHHDNo4UfZmpqNSZyuP+i0NBu9AKrV3sQoq5pmeYJ7vP+oV2p39mLTb2oqM52AGvlnpmoTNJwN7XVFBPYI8jrT6ZwWv1hAZa"}
-01142{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2734,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697123566,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041697123566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
-00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2762,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041693756239,"flow_idle_time":200000000,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041697617344,"pkt":"EBMx8Tl2KDc3AG3ICABFAADW2xEAAEARrlfAqAEGNHL6jcNhDZYAwt8iAAMApiESpEINQAd8TvBOvXDWMxoADwAEcsZLxoAIAAQAAAAGAA0ABAAAAACAUAAEAAAAAQAUABQ+mj9JKfg8kAiQ47rNqp++2YC3UgAVAAoicnRjbWVkaWEiAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8AAgAILegjOD1prOmcIML6MAq3Q5voM\/8\/Vbx8\/OHsgTOe6Dx"}
-00724{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697660621,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697660621,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5}
-00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_src_last_pkt_time":1587041697660621,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1587041697660621,"pkt":"KDc3AG3IEBMx8Tl2CABFoAA40fgAADUBJWpdR27NwKgBBgMDcCsAAAAARQAASh2AAAAyEd1gwKgBBl1Hbs3DdD\/NADaJWQ=="}
-00892{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697660621,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697660621,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":4.321296}}
-00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2770,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041693808734,"flow_idle_time":200000000,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041697668978,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWXowAAEARKuHAqAEGNHL6icN1DZYAwtlEAAMApiESpEJ\/K8mw63L1SVFc8SkADwAEcsZLxoAIAAQAAAAGAA0ABAAAAACAUAAEAAAAAQAUABRzrT6HZUT09MBbGfgrZXo06YoDbQAVAAoicnRjbWVkaWEiAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8AAgAIBF1x2DO\/FnH+NItZ0DdGmNq9Qpo8WCUVFVIxiEnjM\/h"}
-00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2774,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_src_last_pkt_time":1587041697673040,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1587041697673040,"pkt":"KDc3AG3IEBMx8Tl2CABFoAA4akMAADUBjR9dR27NwKgBBgMDcBsAAAAARQAAWp4wAAAyEVygwKgBBl1Hbs3DdD\/NAEaJWQ=="}
-02324{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2805,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041697913583,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4324,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041697913583,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":160381.3,"max":1168245,"stddev":365653.3,"var":133702352896.0,"ent":2.7,"data": [24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257]},"pktlen": {"min":66,"avg":253.4,"max":1242,"stddev":374.4,"var":140199.2,"ent":4.0,"data": [140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102]},"bins": {"c_to_s": [0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00767{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041694047808,"flow_dst_last_pkt_time":1587041694047695,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":567,"flow_dst_tot_l4_payload_len":6363,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01098{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":13,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041695435668,"flow_dst_last_pkt_time":1587041695435566,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
-01098{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":13,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041694243274,"flow_dst_last_pkt_time":1587041694243144,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
-00912{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697673040,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00766{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041697722873,"flow_dst_last_pkt_time":1587041697765326,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":817,"flow_dst_tot_l4_payload_len":6541,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":20,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676536132,"flow_dst_last_pkt_time":1587041676536089,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":11864,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
-00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":614,"flow_dst_packets_processed":686,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041697130428,"flow_dst_last_pkt_time":1587041697130317,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":208871,"flow_dst_tot_l4_payload_len":541255,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
-00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":19,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041685098215,"flow_dst_last_pkt_time":1587041685098126,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1754,"flow_dst_tot_l4_payload_len":7280,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
-01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":28,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685471822,"flow_dst_last_pkt_time":1587041685471619,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":28998,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
-00768{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":13,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686156488,"flow_dst_last_pkt_time":1587041686156402,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":900,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1750,"flow_dst_tot_l4_payload_len":6374,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01079{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041696498337,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP"}}
-00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687963041,"flow_dst_last_pkt_time":1587041687962963,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1286,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2098,"flow_dst_tot_l4_payload_len":7352,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681744695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-01079{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041696498651,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP"}}
-00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685092516,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685105349,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":119,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00940{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041680216814,"flow_src_last_pkt_time":1587041680216814,"flow_dst_last_pkt_time":1587041680216814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":355,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":355,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":355,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01073{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685136892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":167,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":167,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01094{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":28,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041677034491,"flow_dst_last_pkt_time":1587041677077119,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":55346,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
-01094{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":13,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677329010,"flow_dst_last_pkt_time":1587041677375849,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":15383,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
-00765{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":10,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678260705,"flow_dst_last_pkt_time":1587041678303901,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":7350,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681895434,"flow_dst_last_pkt_time":1587041681895339,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":623,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":975,"flow_dst_tot_l4_payload_len":6679,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
-00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681908691,"flow_dst_last_pkt_time":1587041681908585,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":608,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":945,"flow_dst_tot_l4_payload_len":6653,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00950{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682370931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":10,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682204478,"flow_dst_last_pkt_time":1587041682204431,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":4763,"flow_dst_tot_l4_payload_len":7425,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
-00766{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682212323,"flow_dst_last_pkt_time":1587041682212216,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":7371,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01095{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":67,"flow_dst_packets_processed":40,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041683043372,"flow_dst_last_pkt_time":1587041683086074,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":81655,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
-00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":17,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041692020857,"flow_dst_last_pkt_time":1587041692106644,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1060,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2340,"flow_dst_tot_l4_payload_len":7396,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
-00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":34,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041691929361,"flow_dst_last_pkt_time":1587041691929326,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":4886,"flow_dst_tot_l4_payload_len":9530,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
-00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":15,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683511746,"flow_dst_last_pkt_time":1587041683511702,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2582,"flow_dst_tot_l4_payload_len":7830,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
-00767{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":11,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683605577,"flow_dst_last_pkt_time":1587041683650246,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":10847,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00767{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685981024,"flow_dst_last_pkt_time":1587041685980991,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1339,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1700,"flow_dst_tot_l4_payload_len":7160,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00766{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685846969,"flow_dst_last_pkt_time":1587041685890013,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":4906,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00767{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":13,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041688035601,"flow_dst_last_pkt_time":1587041688035530,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":4661,"flow_dst_tot_l4_payload_len":7035,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01095{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":12,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686542441,"flow_dst_last_pkt_time":1587041686589907,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":14115,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
-01095{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":14,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041688014105,"flow_dst_last_pkt_time":1587041688061175,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":17654,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
-00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":14,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691582349,"flow_dst_last_pkt_time":1587041691582252,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":994,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2028,"flow_dst_tot_l4_payload_len":8121,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
-01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041695898012,"flow_dst_last_pkt_time":1587041695993731,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":649,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1651,"flow_dst_tot_l4_payload_len":6669,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
-00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041697427096,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1674,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00952{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280602,"flow_src_last_pkt_time":1587041679280602,"flow_dst_last_pkt_time":1587041679280602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00902{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1587041673094451,"flow_src_last_pkt_time":1587041677380886,"flow_dst_last_pkt_time":1587041673094451,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00753{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1587041673094451,"flow_src_last_pkt_time":1587041677380886,"flow_dst_last_pkt_time":1587041673094451,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041684291077,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684304618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":172,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","proto_id":"5.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":26,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041685465859,"flow_dst_last_pkt_time":1587041685465767,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":6160,"flow_dst_tot_l4_payload_len":8327,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}}
-00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685243104,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01088{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041688135097,"flow_dst_last_pkt_time":1587041688190082,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":955,"flow_dst_max_l4_payload_len":1226,"flow_src_tot_l4_payload_len":1523,"flow_dst_tot_l4_payload_len":1409,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
-00950{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280885,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-01087{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041695538890,"flow_dst_last_pkt_time":1587041695538791,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":946,"flow_dst_max_l4_payload_len":1225,"flow_src_tot_l4_payload_len":2423,"flow_dst_tot_l4_payload_len":1677,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
-00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041683142905,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683184989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":180,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":180,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-01011{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"STUN","proto_id":"78","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
-00769{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00950{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682668456,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682697730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00848{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":72,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
-00761{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":72,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":162,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-01104{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041698021081,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4692,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041696574201,"flow_dst_last_pkt_time":1587041697619539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":424,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685091534,"flow_src_last_pkt_time":1587041685091534,"flow_dst_last_pkt_time":1587041685104871,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":131,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":131,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00950{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041690880711,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690915102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":259,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":259,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00952{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041693517336,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693530810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":143,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Azure","proto_id":"5.276","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686659283,"flow_src_last_pkt_time":1587041686659283,"flow_dst_last_pkt_time":1587041686659283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}}
-00765{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1587041682740607,"flow_src_last_pkt_time":1587041682856432,"flow_dst_last_pkt_time":1587041682745518,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":8819,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041679059584,"flow_src_last_pkt_time":1587041680062816,"flow_dst_last_pkt_time":1587041680074798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":94,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":94,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00953{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695591686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":994,"flow_dst_tot_l4_payload_len":420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP"}}
-00950{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP"}}
-01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00952{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041697663187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP"}}
-00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041697669056,"flow_dst_last_pkt_time":1587041697713165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":186,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1180,"flow_dst_tot_l4_payload_len":565,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP"}}
-00950{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP"}}
-00952{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041697714311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP"}}
-01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695433333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687435320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":10,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676808147,"flow_dst_last_pkt_time":1587041676808041,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1405,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1808,"flow_dst_tot_l4_payload_len":6621,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}}
-00973{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685681752,"flow_dst_last_pkt_time":1587041685681659,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3164,"flow_dst_tot_l4_payload_len":6995,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}}
-00765{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041687253807,"flow_dst_last_pkt_time":1587041687253692,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3163,"flow_dst_tot_l4_payload_len":7012,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00760{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041680294054,"flow_src_last_pkt_time":1587041680294649,"flow_dst_last_pkt_time":1587041680294680,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1090,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1126,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685171649,"flow_src_last_pkt_time":1587041685171649,"flow_dst_last_pkt_time":1587041685185131,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":194,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":194,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","proto_id":"5.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00940{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041691089391,"flow_dst_last_pkt_time":1587041691089314,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1343,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00940{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697244908,"flow_dst_last_pkt_time":1587041697244816,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1359,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687745080,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681218709,"flow_src_last_pkt_time":1587041681218709,"flow_dst_last_pkt_time":1587041681248693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","proto_id":"5.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00939{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041675997451,"flow_src_last_pkt_time":1587041675997451,"flow_dst_last_pkt_time":1587041676010607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":67,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":67,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041691075869,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691148968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":116,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694234511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685093044,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685127636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":174,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":174,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00571{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","packets-captured":2817,"packets-processed":2775,"total-skipped-flows":0,"total-l4-payload-len":1327851,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":64,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":682,"global_ts_usec":1587041698021081}
+02281{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":209,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677328754,"flow_dst_last_pkt_time":1587041677327352,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":15383,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041677328754,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":18406.6,"max":49836,"stddev":21194.3,"var":449200096.0,"ent":3.9,"data": [45263,45409,339,49216,21,48838,224,177,1271,46526,45316,1920,4,2,47729,45783,4,2,3,37748,37711,4,8018,8058,5,734,37027,7756,4339,49836,1321]},"pktlen": {"min":52,"avg":680.6,"max":1492,"stddev":673.1,"var":453031.8,"ent":4.2,"data": [64,60,52,258,1492,1375,64,1492,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,825,52,52,52,497,52,83]},"bins": {"c_to_s": [7,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0],"s_to_c": [7,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,1,1,1,1,0,0],"entropies": [4.340968132,5.220872402,4.976373672,5.983667850,7.275708199,7.688739777,5.052015305,7.275113583,4.976373672,6.006431580,5.733948708,5.053297043,7.842315674,7.876612663,7.858495712,5.246409416,7.872724533,7.868679523,7.873967648,7.874578953,5.207947731,7.865746021,7.852710724,5.169486046,7.855942726,7.767035484,5.116507530,5.169486046,5.207947731,7.497245789,4.961856842,5.338891983]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
+00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1587041677380886,"flow_dst_last_pkt_time":1587041673094451,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041677380886,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGPCzAqAEGlZqnW+SlAbsZTPC8DAoX91AUECaMmwAA"}
+00287{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041677408485,"packet_id":213,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041677408485}
+00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":213,"source":"teams.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041677380886,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1587041677422728,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041677422728,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES5AAEARZ+PAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGADtdrMEAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
+00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041677611261,"packet_id":215,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041677611261}
+00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":215,"source":"teams.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041677422728,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
+00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678029919,"flow_dst_last_pkt_time":1587041678029919,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041678029919,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1587041678029919,"flow_dst_last_pkt_time":1587041678029919,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041678029919,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex5Abv0H+uOAAAAALAC\/\/9XkAAAAgQFtAEDAwUBAQgKMISdwwAAAAAEAgAA"}
+00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1587041678029919,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041678074133,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8KlZAAGwGoSQ0ck0hwKgBBgG77Hk7ZXhQ9B\/rj6ASIAAz8QAAAgQFoAEDAwgEAggKYRL\/2zCEncM="}
+00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1587041678074233,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041678074233,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex5Abv0H+uPO2V4UYAQEAlydQAAAQEICjCEne9hEv\/b"}
+00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":3285032704,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041678074525,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex5Abv0H+uPO2V4UYAYEAlkRgAAAQEICjCEne9hEv\/bFgMBAMkBAADFAwOeU\/FfLHrtrdCBVUwx+w+ija6LF0MoHL44Af8vhwR8KyDASAAAvuo5mSGLHTbLJlo\/aqiaHVmeYbbWtXIqS6QEPwAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
+01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041678074525,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+02444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678120796,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041678120796,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUKldAAGwGm4s0ck0hwKgBBgG77Hk7ZXhR9B\/sXYAQBAVKXAAAAQEICmETAAQwhJ3vFgMDEGYCAABRAwNemFWOOTYxM1NwQpKmeq910c4Y3+sTj8LkGeyXAZo3KyA\/IwAA6KEdJo41XGChq4nIXjJi3Ldaf94\/c7z6UnyyFcAwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"}
+01753{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678120910,"flow_dst_last_pkt_time":1587041678120987,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041678120987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
+00285{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041678611338,"packet_id":242,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041678611338}
+00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":242,"source":"teams.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041678303901,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679059584,"flow_src_last_pkt_time":1587041679059584,"flow_dst_last_pkt_time":1587041679059584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679059584,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1587041679059584,"flow_dst_last_pkt_time":1587041679059584,"flow_idle_time":200000000,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1587041679059584,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFmxQAAP8RnTvAqAEGwKgBAfouADUAMTs\/p0sBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="}
+01043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679059584,"flow_src_last_pkt_time":1587041679059584,"flow_dst_last_pkt_time":1587041679059584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679059584,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"b._dns-sd._udp.ntop.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":244,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280602,"flow_src_last_pkt_time":1587041679280602,"flow_dst_last_pkt_time":1587041679280602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679280602,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1587041679280602,"flow_dst_last_pkt_time":1587041679280602,"flow_idle_time":200000000,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"thread_ts_usec":1587041679280602,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAIBKZoAAEARjaTAqAEG\/\/\/\/\/0RcRFwB7XmveyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxMzMzNTg3NDkxMjE4NDQ1MzM1NDE0MzUyMjUyODU2OTU0NjIxMiwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzI3NTAzNzA1NjAsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCA0MDU2NDYyNTkyLCA3MDUzNjI3MTg0LCAxNTIyMTc3NTg3LCAxNDIxMTE0Mzk5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="}
+00912{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":244,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280602,"flow_src_last_pkt_time":1587041679280602,"flow_dst_last_pkt_time":1587041679280602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679280602,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280885,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679280885,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+01130{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"thread_ts_usec":1587041679280885,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAIBMegAAEARwq7AqAEGwKgB\/0RcRFwB7bcHeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxMzMzNTg3NDkxMjE4NDQ1MzM1NDE0MzUyMjUyODU2OTU0NjIxMiwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzI3NTAzNzA1NjAsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCA0MDU2NDYyNTkyLCA3MDUzNjI3MTg0LCAxNTIyMTc3NTg3LCAxNDIxMTE0Mzk5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="}
+00910{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280885,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679280885,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+00288{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041679406816,"packet_id":246,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041679406816}
+00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":246,"source":"teams.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041679280885,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+00285{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041679611289,"packet_id":247,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041679611289}
+00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":247,"source":"teams.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041679280885,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
+00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1587041680062816,"flow_dst_last_pkt_time":1587041679059584,"flow_idle_time":200000000,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1587041680062816,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFhq8AAP8RsaDAqAEGwKgBAfouADUAMTs\/p0sBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="}
+00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1587041680062816,"flow_dst_last_pkt_time":1587041680074798,"flow_idle_time":200000000,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_usec":1587041680074798,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB61LQAAEARImfAqAEBwKgBBgA1+i4AZgAAp0uBgwABAAAAAQAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAHAGwAGAAEAAAA7ACkFZG5zZG\/AGwpwb3N0bWFzdGVywBt4ZvNkAACowAAAHCAAJOoAAAACWA=="}
+01053{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":249,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041679059584,"flow_src_last_pkt_time":1587041680062816,"flow_dst_last_pkt_time":1587041680074798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":94,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":94,"midstream":0,"thread_ts_usec":1587041680074798,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"b._dns-sd._udp.ntop.org","dns": {"num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041680216814,"flow_src_last_pkt_time":1587041680216814,"flow_dst_last_pkt_time":1587041680216814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":355,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":355,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":355,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041680216814,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00965{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1587041680216814,"flow_dst_last_pkt_time":1587041680216814,"flow_idle_time":200000000,"pkt_caplen":397,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":397,"pkt_l4_len":363,"thread_ts_usec":1587041680216814,"pkt":"\/\/\/\/\/\/\/\/AICPmq69CABFAAF\/44MAAEARlesAAAAA\/\/\/\/\/wBEAEMBa5dnAQEGABWCmMYYtQAAAAAAAAAAAAAAAAAAAAAAAACAj5quvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBPRP\/j5quvQABAAEfyzfOuCfrPQjbUAB0AQE5AgXcPC1kaGNwY2QtNi4xMC4xOkxpbnV4LTQuOS41Ny12Nys6YXJtdjdsOkJDTTI4MzUMDHBpMy5udG9wLm9yZ5EBATcPAXkhAwYMDxocKjM2Ojt3\/w=="}
+00958{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041680216814,"flow_src_last_pkt_time":1587041680216814,"flow_dst_last_pkt_time":1587041680216814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":355,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":355,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":355,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041680216814,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dhcp": {"fingerprint":"","class_ident":""}}}
+00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":251,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041680294054,"flow_src_last_pkt_time":1587041680294054,"flow_dst_last_pkt_time":1587041680294054,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041680294054,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1587041680294054,"flow_dst_last_pkt_time":1587041680294054,"flow_idle_time":3285032704,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_usec":1587041680294054,"pkt":"KDc3AG3IEBMx8Tl2CABFAABYCTNAAHEGSuNdPpadwKgBBgG77GBJd2ZkkI5L3oAY\/\/uUpgAAAQEICsJ1bW4wg\/kbFwMDAB8AAAAAAAAABVYf48xkHJTZ\/YMO7dmv4tC6Gofi60hR"}
+00892{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041680294054,"flow_src_last_pkt_time":1587041680294054,"flow_dst_last_pkt_time":1587041680294054,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041680294054,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1587041680294054,"flow_dst_last_pkt_time":1587041680294170,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041680294170,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGhUbAqAEGXT6WnexgAbuQjkveAAAAAFAEAAAvzgAA"}
+01982{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1587041680294649,"flow_dst_last_pkt_time":1587041680294170,"flow_idle_time":3285032704,"pkt_caplen":1156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1156,"pkt_l4_len":1122,"thread_ts_usec":1587041680294649,"pkt":"KDc3AG3IEBMx8Tl2CABFAAR2CTRAAHEGRsRdPpadwKgBBgG77GBJd2aIkI5L3oAY\/\/v9PwAAAQEICsJ1bW4wg\/kbFwMDBD0AAAAAAAAABm9iu+t9XgqZR4s0F3BUPHh3OFodjBrwIjhJ5jzUDrtlDVli1SVxk270m+gEbse5EGdXD2tQPqX+uNfx4B7otIIyfqifH2S\/KFxGyKDkumEYrUX2hsTy4AvsIXg77ggsd77nUCYIUkr9Dcu1K8XBBisxPpHT+zWCDZADIu9GEbXV2\/9sowiGe8yrlpVrokOfQ1DpsHmZowwlG7Bi36UFm+L5Z6cwifqjKB8bGHxJp5qTVRJD\/elikR43sBRzkZfcKqYDSp7JYzhK3QKUfc6m5GUQ5dfnLhv5nlfAs74UtmJ5EyjXuAHe9YxanSSvzzG4JMTWGAY5tTjjtYwpZihFAGx52HToq2O+CpcbwPHV1TLQUDbT2yGJc7gM1GLG5aFGzYu4CebCnnBl2NsUqq80dM5DZBgWZFtSy9z2NYnNFnXM\/L50k82dbGP\/hbFfCNFMS6BvXhwvqUQidPN2cRmVwTsWXaFgKlMTAFoatWZ\/LRmGoWBdnNparAnK8NJzgtzGWejWpNSxsXZQ1NSy\/4QwWmZ1aiyH3lAZfsyIjqYBH478mZLwQeLwCsFzK39ybhvc8awbkRiAIoeLHCDrqRPBNhP62oMKfuuybYfQO5cgeLBcoVWj4YmTHvVqXUaiIJM0ecCweYrE28c1bMOuRYrnD6X5H1vOaut8zUARe+SwmWED1FAd9+LaLocuQm5mzrdNkB6aXE4s0lhsnmXfrvdjFstoXCwJT0nh7ITIpoT2HCapxHTDXopSW+f6iqr0aTti5yh8nUUMgZZ++9jn1o3T3lmRclm9+mgQdUUmHkA3dQCgvlVHN9ZAWzkNyqS56Hs+VXyhIUgDoTONh43ut\/yBnqLWJ6HXKcI6qe1ntdtXyoQyjYZpSOnm2uYp+6WFP8eztjtGexEu6hDqMx2fyQv\/mVl0auJxOvVANURsh9C6cu1LRWqw8SukcmJhO9ptW5iUNYclFK0BRMa7HDoqgqFCccb2WkU4sxDCVFF52CIMR33VkffteHiI9\/NgTNgZERM3tobFzsdXrDpRRXLWDage6O7fLzs8m9hERZCv46Exgndu8ho3VvbFCaZyMsnBpC0\/L6igC1xzLSs2ksZSkx5L9Q7VhMaHlPusEBUMQJ5uA6CkdGrw0a3GiTrkSUGJIGKC7WyL+yh36GZcaflqIrfqPpArwHS0O6hsLRU\/2t+Pwt19umaYcC7QuLOwfSwEr1PxrFtzW1mzlNCKarl0LmPBlPWyV5JfN4y4C1aRVZ7yV7\/4iclnIrddqAkiXdgSc+ai4OnXQhk4fgmfh+Ar5gfpmM8U2v\/X345bEZszWOszb+cdvmzW47cwiYheg59HkuZ4TWUwEFRrPkd047noDz+bhfvXLMYNCStN2XWEGpRFtvI8rpdiTmvHc7+aKDQSaaH8jzVNbso1cSOHqJjXtpeD+vrVfOMXgQ=="}
+00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1587041680294649,"flow_dst_last_pkt_time":1587041680294680,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041680294680,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGhUbAqAEGXT6WnexgAbuQjkveAAAAAFAEAAAvzgAA"}
+00285{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041680611341,"packet_id":255,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041680611341}
+00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":255,"source":"teams.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041680294680,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681218709,"flow_src_last_pkt_time":1587041681218709,"flow_dst_last_pkt_time":1587041681218709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681218709,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681218709,"flow_dst_last_pkt_time":1587041681218709,"flow_idle_time":200000000,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1587041681218709,"pkt":"EBMx8Tl2KDc3AG3ICABFAABLUFkAAP8R5\/DAqAEGwKgBAd06ADUANyl9Kf0BAAABAAAAAAAAB2NhcHRpdmUFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AAABAAE="}
+01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681218709,"flow_src_last_pkt_time":1587041681218709,"flow_dst_last_pkt_time":1587041681218709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681218709,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","proto_id":"5.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"captive.apple.com.edgekey.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681218709,"flow_dst_last_pkt_time":1587041681248693,"flow_idle_time":200000000,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1587041681248693,"pkt":"KDc3AG3IEBMx8Tl2CABFAACAqEJAADkRFdPAqAEBwKgBBgA13ToAbAAAKf2BgAABAAIAAAAAB2NhcHRpdmUFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AAABAAHADAAFAAEAAADSABkFZTcyNzkFZHNjZTkKYWthbWFpZWRnZcAmwDsAAQABAAAAFAAEFzKeWA=="}
+01067{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":257,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681218709,"flow_src_last_pkt_time":1587041681218709,"flow_dst_last_pkt_time":1587041681248693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041681248693,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","proto_id":"5.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"captive.apple.com.edgekey.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.50.158.88"}}}
+00288{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041681407197,"packet_id":258,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041681407197}
+00339{"packet_event_id":1,"packet_event_name":"packet","packet_id":258,"source":"teams.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041681248693,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+00285{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":15,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041681611328,"packet_id":259,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041681611328}
+00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":259,"source":"teams.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041681248693,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714331,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1587041681714331,"pkt":"EBMx8Tl2KDc3AG3ICABFAABCnaYAAP8RmqzAqAEGwKgBAcdZADUALvSsiC0BAAABAAAAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAE="}
+01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714331,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714835,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1587041681714835,"pkt":"EBMx8Tl2KDc3AG3ICABFAABRU9EAAP8R5HLAqAEGwKgBAfaCADUAPVgfcugBAAABAAAAAAAAB2V1LXByb2QHYXN5bmNndwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="}
+01056{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714835,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-prod.asyncgw.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681744695,"flow_idle_time":200000000,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_usec":1587041681744695,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC9OkBAADkRg5jAqAEBwKgBBgA19oIAqQAAcuiBgAABAAMAAAAAB2V1LXByb2QHYXN5bmNndwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAvAACoVYXNtLWFwaS1wcm9kLWV1LXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAQQAFAAEAAAEsABoOd2V1MS1hcGktdGVhbXMIY2xvdWRhcHDAZsB3AAEAAQAAAAoABDRyS0Y="}
+01073{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":262,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681744695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1587041681744695,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-prod.asyncgw.teams.microsoft.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.75.70"}}}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681745719,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681745719,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681745719,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041681745719,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VHAqAEGNHJLRux6AbuCUaOxAAAAALAC\/\/8ErAAAAgQFtAEDAwUBAQgKMISsLQAAAAAEAgAA"}
+00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1587041681754842,"pkt":"KDc3AG3IEBMx8Tl2CABFAACo\/M1AADkRwR\/AqAEBwKgBBgA1x1kAlAAAiC2BgAABAAMAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAHADAAFAAEAAAb4ACQPYXNtLWFwaS1wcm9kLWV1DnRyYWZmaWNtYW5hZ2VyA25ldADAMgAFAAEAAAEsABoOd2V1MS1hcGktc2t5cGUIY2xvdWRhcHDAUcBiAAEAAQAAAAUABDRyS0U="}
+01070{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041681754842,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.75.69"}}}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681755860,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681755860,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681755860,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041681755860,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VLAqAEGNHJLRex7AbtPkLhOAAAAALAC\/\/8ixgAAAgQFtAEDAwUBAQgKMISsNwAAAAAEAgAA"}
+00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041681772449,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8MUxAAG0Gmwk0cktGwKgBBgG77HoxlVjpglGjsqASIACccwAAAgQFoAEDAwgEAggKVud31zCErC0="}
+00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1587041681772560,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041681772560,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux6AbuCUaOyMZVY6oAQEAnbCgAAAQEICjCErEZW53fX"}
+00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":3285032704,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"thread_ts_usec":1587041681772814,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEWAABAAEAG+HvAqAEGNHJLRux6AbuCUaOyMZVY6oAYEAmUUgAAAQEICjCErEZW53fXFgMBAN0BAADZAwO+LJEVwOHGYhKiVcLvt6A9rXWEi+VY68GJ4Pnee\/+sYQAAHLq6zKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACU6uoAAP8BAAEAAAAAKAAmAAAjZXUtcHJvZC5hc3luY2d3LnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjq6gAdABcAGAAbAAMCAAL6+gABAA=="}
+01129{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681772814,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041681786454,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PqJAAGwGjrQ0cktFwKgBBgG77HsaOOK2T5C4T6ASIABGlgAAAgQFoAEDAwgEAggKVN17aDCErDc="}
+00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1587041681786551,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041681786551,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex7AbtPkLhPGjjit4AQEAmFKgAAAQEICjCErFNU3Xto"}
+00794{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":3285032704,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1587041681786764,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEHAABAAEAG+IvAqAEGNHJLRex7AbtPkLhPGjjit4AYEAnBuAAAAQEICjCErFNU3XtoFgMBAM4BAADKAwNa\/jUh9W55wUB0tnlMq1eAEhrPfTr7oU\/DtVhV\/8e2AwAAHNrazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACFGhoAAP8BAAEAAAAAGQAXAAAUZXUtYXBpLmFzbS5za3lwZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAgqKgAdABcAGAAbAAMCAAJ6egABAA=="}
+01117{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681786764,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+02447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681802258,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041681802258,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUMU5AAG0GlW80cktGwKgBBgG77HoxlV6KglGklIAQBAXbeQAAAQEIClbnd\/MwhKxGsYFQCvPTWcgwCwYDVR0PBAQDAgSwMCgGA1UdEQQhMB+CHSouYXN5bmNndy50ZWFtcy5taWNyb3NvZnQuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQA2X\/om4H+4\/cR81+swhscxS+n0lRF6\/9QaS3UJkZbRbKTCin3OgcYqSG9pYg6G1+1K1UtTBpsolwlA3Wj42xE7Uv4QpgEXC5f0oaTcFK1me59SUtzp5qGDrwX6WjG8Ktb6uYB5gEczE7C4PC+CFPM3paTb5H5cy9SB3sXBctpW9JL3Q4jgLf0RmKI+tU\/yzqXGVuQXEGhEGBnx2gx7c5jv9zuJnDG+h+fy0tJ8oKxrnU3\/YDtE5a8Gc9riCos64k1IwawJ2ex5sg6EIN6aZMm7jlbnY0GaYkT3Xzq9y\/pq48vIUbUNujVUDc5\/R\/SCSk\/dzf6G7\/xO1H5cZnPEC40ThKUvhXFO2qUKIhsUCjzJG5EdSNtcUv8eCyVsfCMB7dRsifQSwSDmGmM4n\/G81i0O9M4b2XZ+YaSEgJZmQx7Uh5AdoOqwYq2SqBhAihGJdwH2XMq283yNTDRqqo\/WVv2tQAJnjORm59j1r8dDWyuUfRzmyA\/balmQRC8\/yMgQswTFwP1y97tt4lyNjydBDOIBJv2TudKgtjqTbU59+fWu1pBkJP0+oPi5U7f32J4ZwXrKLU9tbuRaGYpYaW\/H8\/s8ycG4tlrTfTYH+M+FW9Y1DTTSC08bOYNW3zgFB64XvsPWTwevXfQWad0gfn6zMKIffJ0Woh7B4kndlMdWD8PoFQAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4"}
+01143{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":272,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681802258,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041681802258,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+02454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681819208,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041681819208,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPqVAAGwGiRk0cktFwKgBBgG77HsaOO33T5C5IoAQBAWJqAAAAQEIClTde4YwhKxTjSsxwxRzId3jeGOcUYa1okhJwHkIFUMAK5m4S+DHVwdsxLmmVC0BU\/Kj8qTM2cFU84jN5EwT04ozIVitGL++OYFwOWk3+FukY+8JB9+HGmLHmgjF0R1eYnYB3WnmOLtEsC1NOsYugOBgclvyzOaOXDohHl2wOSu96hPLlsu2anSMjrwOEJ8bpUBBj5FcdqcO8ao6h7cMd99xai8oYUItkA9yBatn4MF7y5xAmsQKCESMfD26qQ4esdkivR9fQWpzVPZm4qD5pjne0nfzaQS\/t7s8xJP\/cgQctTadaH\/f+jlPsvaPuRz\/re0OFQjjhnzySEl3lxb2\/QD2T6Zeb+c5wFFlPeuxlzDs6p5z\/B4soN+Lz3NftQ4GQhcmlezYqSfQ0GWUXOI\/yigppSD0yN1dtP\/m3QIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBADCaxp1q\/e+TCAy+gnf5dqBtnnswI3uoKVr0aj7HCwyW37hLUuQNnDjteGO1c8AcHzvgp\/9\/SVGVMrjQm6nlz5YDgYDVSmEY\/sRqxt9\/QUYinIBm6w9CoOTzpCGjmNB6dPaM6MPSK6orzhFZGUTnXAcJQuvX\/RVNuW9sRDUmh7qjO2iwgecgyX8TAvPMq58clVDLrmSAu4cKXc6ma7J94z024ilRtyX80AnjsK3EYi4+foUmsvav920xc8YZmKlykwLOygs9POzZcOiA9RareGqHTcaBN6gKdoEGqO8XYHxwEBM8ONczTOQ3ZQj7kbPoFnZhKmX1WJSzRQHvwE8De7gWAAcrAQAHJzCCByMKAQCgggccMIIHGAYJKwYBBQUHMAEBBIIHCTCCBwUwgceiFgQUqShwURmVA+Jp3zLm2A+QCVyZqYAYDzIwMjAwNDE1MTkzMzA5WjCBmzCBmDBMMAkGBSsOAwIaBQAEFE8LW9m32q+ftvNjciJ21uGVriYpBBRYiJ\/W3JxIIrcUPv+EiOjmhf\/6fQITewAE4Lxi6ctlZLvhngAAAATgvIAAGA8yMDIwMDQxNTE5MzMwOVqgERgPMjAyMDA0MTkxOTMzMDlaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTMzMDlaMA0GCSqGSIb3DQEBCwUAA4IBAQBJ3b+j9b9amWJnAoiCkmf2UNIwgNLUYY7i2oIxOcCe4FwtfKqAknYBXLXDmybtzIEQGc9zVWPgZbClw+Dn6abFkbXSG0mhM4QP5D5MQbVxhe7SgYoYVGwkJbmRpd4grc+7uBTiXMgAxBCB5kUsxvRwqLqgwU4Ain2W6hQNvDRMAvojfSg3lYkOFvlf7bcTwOK90BIJGU11EABEc5brrKndHE9hje0klAXbzMZTL8AqrbgnzOZi1rf+0+Wq4RUDesXv6I1AJt7EoKj704jMo9fFhVZPD8osr0ZocAW0OSf5m2CQ\/UMENY99jq5D1K0ZM\/O3ik40uY\/GyUUQa5PIKgTroIIFIzCC"}
+01131{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":283,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681819208,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041681819208,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682076700,"flow_dst_last_pkt_time":1587041682076700,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682076700,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682076700,"flow_dst_last_pkt_time":1587041682076700,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041682076700,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VHAqAEGNHJLRux8AbuMg\/cHAAAAALAC\/\/+l4gAAAgQFtAEDAwUBAQgKMIStbAAAAAAEAgAA"}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682077081,"flow_dst_last_pkt_time":1587041682077081,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682077081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682077081,"flow_dst_last_pkt_time":1587041682077081,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041682077081,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VLAqAEGNHJLRex9AbuFeblcAAAAALAC\/\/\/qlgAAAgQFtAEDAwUBAQgKMIStbQAAAAAEAgAA"}
+00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682076700,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682106830,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8XUVAAGwGcBA0cktGwKgBBgG77HwdJJF2jIP3CKASIACM5QAAAgQFoAEDAwgEAggKVscEoDCErWw="}
+00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682106937,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682106937,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux8AbuMg\/cIHSSRd4AQEAnLdwAAAQEICjCErYpWxwSg"}
+00816{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":3285032704,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_usec":1587041682107386,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEaAABAAEAG+HfAqAEGNHJLRux8AbuMg\/cIHSSRd4AYEAmCtgAAAQEICjCErYpWxwSgFgMBAOEBAADdAwM8bxQ0whreuqvYvEztjLrW4PBGRpjuL7egzSBD9aU3vgAAHKqqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACYCgoAAP8BAAEAAAAAKAAmAAAjZXUtcHJvZC5hc3luY2d3LnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAISkoAHQAXABgAGwADAgAC2toAAQA="}
+01129{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682107386,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682077081,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682108320,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8CPlAAG0Gw100cktFwKgBBgG77H37toO1hXm5XaASIACQKwAAAgQFoAEDAwgEAggKVQ929DCErW0="}
+00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682108400,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682108400,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex9AbuFebld+7aDtoAQEAnOvQAAAQEICjCErYtVD3b0"}
+00795{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":3285032704,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_usec":1587041682108566,"pkt":"EBMx8Tl2KDc3AG3ICABFAAELAABAAEAG+IfAqAEGNHJLRex9AbuFebld+7aDtoAYEAl5vQAAAQEICjCErYtVD3b0FgMBANIBAADOAwNRm85ZKo2j5rIUIlemfdLsNPrk0mWhHKlhPOh2TLU7CwAAHKqqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACJ6uoAAP8BAAEAAAAAGQAXAAAUZXUtYXBpLmFzbS5za3lwZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAI+voAHQAXABgAGwADAgACmpoAAQA="}
+01117{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682108566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682129643,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1587041682129643,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIVE8AAP8R4\/3AqAEGwKgBAcFqADUANJ5TmvIBAAABAAAAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="}
+01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682129643,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"config.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+02446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682139467,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682139467,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUXUdAAGwGanY0cktGwKgBBgG77HwdJJcXjIP37oAQBAXL3gAAAQEIClbHBMAwhK2KsYFQCvPTWcgwCwYDVR0PBAQDAgSwMCgGA1UdEQQhMB+CHSouYXN5bmNndy50ZWFtcy5taWNyb3NvZnQuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQA2X\/om4H+4\/cR81+swhscxS+n0lRF6\/9QaS3UJkZbRbKTCin3OgcYqSG9pYg6G1+1K1UtTBpsolwlA3Wj42xE7Uv4QpgEXC5f0oaTcFK1me59SUtzp5qGDrwX6WjG8Ktb6uYB5gEczE7C4PC+CFPM3paTb5H5cy9SB3sXBctpW9JL3Q4jgLf0RmKI+tU\/yzqXGVuQXEGhEGBnx2gx7c5jv9zuJnDG+h+fy0tJ8oKxrnU3\/YDtE5a8Gc9riCos64k1IwawJ2ex5sg6EIN6aZMm7jlbnY0GaYkT3Xzq9y\/pq48vIUbUNujVUDc5\/R\/SCSk\/dzf6G7\/xO1H5cZnPEC40ThKUvhXFO2qUKIhsUCjzJG5EdSNtcUv8eCyVsfCMB7dRsifQSwSDmGmM4n\/G81i0O9M4b2XZ+YaSEgJZmQx7Uh5AdoOqwYq2SqBhAihGJdwH2XMq283yNTDRqqo\/WVv2tQAJnjORm59j1r8dDWyuUfRzmyA\/balmQRC8\/yMgQswTFwP1y97tt4lyNjydBDOIBJv2TudKgtjqTbU59+fWu1pBkJP0+oPi5U7f32J4ZwXrKLU9tbuRaGYpYaW\/H8\/s8ycG4tlrTfTYH+M+FW9Y1DTTSC08bOYNW3zgFB64XvsPWTwevXfQWad0gfn6zMKIffJ0Woh7B4kndlMdWD8PoFQAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4"}
+01143{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":313,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682139467,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041682139467,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+02439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682140048,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682140048,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUCPpAAG0GvcQ0cktFwKgBBgG77H37toO2hXm6NIAQBAUeeAAAAQEIClUPdxEwhK2LFgMDF00CAABVAwNemFWQkTKZfyBaLuzO97G0quTrEm7BgPWyftzaEzJa0iBuSwAAwHf6a8yXd\/slaOSfyDbI53lK7p5dSy9A7BIMcMAwAAANAAUAAAAXAAD\/AQABAAsADnAADm0ACK8wggirMIIGk6ADAgECAhN7AATgvGLpy2Vku+GeAAAABOC8MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMTAeFw0xOTA1MDcxMjUwMDNaFw0yMTA1MDcxMjUwMDNaMBoxGDAWBgNVBAMMDyouYXNtLnNreXBlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALSeVBZeaxVgbEF7BDFpA+N3ExF3ZQK1QrQQqA05Ko2A7Gpby+2Es8MXR3Kj2VRAX9P5YFzjF3SN5faeJJRz+j7An2iOLXkwQNkglDT6\/sjB3LbEb7T\/nzN+yIm+S8blVfyih6JM9Apu\/ik1krtvLJUniVwHJtK2\/rOjpX264mOpTx8SQf7TjiIlSs3HiDphOG0YLn3YYZ8njuADtWKju18sgzmH3TMQYaJ5rR8rrvEPgZCHNBk+XQJFexPiGtcDjF2WCQ1CKqCKZf8hKbpm8Y4TnLNUxuhK2E+6sFA1dP+E8Bm6m26cCfBNV3G7APHf8AN1YKGjnSNcO3xC9CoOmEMCAwEAAaOCBHYwggRyMIIB9wYKKwYBBAHWeQIEAgSCAecEggHjAeEAdwC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWqSYTh5AAAEAwBIMEYCIQCK9TKQMvnjt3bF9IskNoov410+TNUfrflXc+EV+7RCFQIhAOhI+FRSDv5ZevTOA7yjzgGxZ7+Vifwc2fzYuzpyLBBgAHYA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFqkmE4gAAABAMARzBFAiAiHsCLrUDabE9VESRZTt4BikyAq6rNE1j3618pfpVpCAIhALEshKOsZh7n88+DKEMN6Qrti43TvlJOQ0RAjLMbS84WAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFqkmE4gwAABAMASDBGAiEAhlim8PX4pyi\/mpblvrIKUelL3OW87784ne5SOBJO7rUCIQCJx97+HPxXSJjEZtGi1euZMJxoXD7mYyvmnAr9RyA7ngB1AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABapJhOJEAAAQDAEYwRAIgSWpW2jkU6iqzOFfqoMvHGTVxpA4qvulMcPxZZ3C6R34CIBq5beRJMDaP8rIHcokNsjMMe+YTY4GBs5JmQen9SUa+MCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAxLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQU3aROfyhw35kc1iGhSMjmHtjM\/20wCwYD"}
+01431{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682140200,"flow_dst_last_pkt_time":1587041682140797,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":5970,"midstream":0,"thread_ts_usec":1587041682140797,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","server_names":"*.asm.skype.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=*.asm.skype.com","advertised_alpns":"h2,http\/1.1","fingerprint":"B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48"}}}
+00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"thread_ts_usec":1587041682143053,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC+wIdAADkR\/U\/AqAEBwKgBBgA1wWoAqgAAmvKBgAABAAQAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAs5ACEGY29uZmlnBXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAOAAFAAEAAAALAB8MY29uZmlnLXRlYW1zBnMtMDAwNQhzLW1zZWRnZcBUwGUABQABAAAAOgACwHLAcgABAAEAAABoAAQ0ccKE"}
+01066{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":333,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":162,"midstream":0,"thread_ts_usec":1587041682143053,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"config.teams.microsoft.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.113.194.132"}}}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682144166,"flow_dst_last_pkt_time":1587041682144166,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682144166,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682144166,"flow_dst_last_pkt_time":1587041682144166,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041682144166,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx+AbuHxTqTAAAAALAC\/\/\/vlgAAAgQFtAEDAwUBAQgKMIStqwAAAAAEAgAA"}
+00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682144166,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682156833,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0EIdAAHUGPJk0ccKEwKgBBgG77H5W9rKzh8U6lIAS\/\/\/8MgAAAgQFoAEDAwgBAQQC"}
+00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682156932,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682156932,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx+AbuHxTqUVvaytFAQIAAc8gAA"}
+00783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":3285032704,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_usec":1587041682157086,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEBAABAAEAGgVPAqAEGNHHChOx+AbuHxTqUVvaytFAYIACSqAAAFgMBANQBAADQAwMdYvXtwu11hWCpvITmw2DM6JIDDr9YgJ4rTdtCECjTrgAAHBoazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACLCgoAAP8BAAEAAAAAHwAdAAAaY29uZmlnLnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjKygAdABcAGAAbAAMCAAKKigABAA=="}
+01128{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682157086,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682169218,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041682169218,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoEIhAAHYGO6Q0ccKEwKgBBgG77H5W9rK0h8U7bVAQBAE4GAAAAAAAAAAA"}
+01516{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":351,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682172494,"flow_dst_last_pkt_time":1587041682172683,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":5949,"midstream":0,"thread_ts_usec":1587041682172683,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}}}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682355684,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1587041682355684,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPcIEAAP8Rx8TAqAEGwKgBAf9rADUAOydaEDoBAAABAAAAAAAADm5vcnRoZXVyb3BlY25zDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQAB"}
+01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682355684,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"northeuropecns.trafficmanager.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682369801,"flow_dst_last_pkt_time":1587041682369801,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682369801,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682369801,"flow_dst_last_pkt_time":1587041682369801,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041682369801,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex\/Abv2sXoGAAAAALAC\/\/+1wwAAAgQFtAEDAwUBAQgKMISugAAAAAAEAgAA"}
+00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682370931,"flow_idle_time":200000000,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1587041682370931,"pkt":"KDc3AG3IEBMx8Tl2CABFAACdUKtAADkRbU3AqAEBwKgBBgA1\/2sAiQAAEDqBgAABAAIAAAAADm5vcnRoZXVyb3BlY25zDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQABwAwABQABAAAA5AAyEW5vcnRoZXVyb3BlY25zLTMyC25vcnRoZXVyb3BlCGNsb3VkYXBwBWF6dXJlA2NvbQDAPwABAAEAAAAEAAQ0ckww"}
+01075{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":383,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682370931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1587041682370931,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"northeuropecns.trafficmanager.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.76.48"}}}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682376166,"flow_dst_last_pkt_time":1587041682376166,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682376166,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682376166,"flow_dst_last_pkt_time":1587041682376166,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041682376166,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+GfAqAEGNHJMMOyAAbuusi7sAAAAALAC\/\/9JyAAAAgQFtAEDAwUBAQgKMISuhQAAAAAEAgAA"}
+00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682369801,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682420333,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8cKZAAGwGWtQ0ck0hwKgBBgG77H8VHmMl9rF6B6ASIAAZOgAAAgQFoAEDAwgEAggKYQa0RDCEroA="}
+00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682420448,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682420448,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex\/Abv2sXoHFR5jJoAQEAlXvgAAAQEICjCErqxhBrRE"}
+00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":3285032704,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041682420739,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex\/Abv2sXoHFR5jJoAYEAmOxwAAAQEICjCErqxhBrREFgMBAMkBAADFAwMlzpQNXKnJso0lmbQsWQ9QP0JUtMkYTF2ySEjqwct4CiA\/IwAA6KEdJo41XGChq4nIXjJi3Ldaf94\/c7z6UnyyFQAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
+01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682420739,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682376166,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682423316,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HMFAAGwGr7I0ckwwwKgBBgG77ICUvjjErrIu7YAS\/\/+TZQAAAgQFoAEDAwgBAQQC"}
+00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682423394,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682423394,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG+H\/AqAEGNHJMMOyAAbuusi7tlL44xVAQIAC0JAAA"}
+00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":3285032704,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"thread_ts_usec":1587041682423900,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEUAABAAEAG95PAqAEGNHJMMOyAAbuusi7tlL44xVAYIABbPwAAFgMBAOcBAADjAwOLjruZZJmwp+AQ5ixl8mdC3oKgE\/9DUAxdN3dPhROtcwAAHCoqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACe+voAAP8BAAEAAAAAMgAwAAAtbm9ydGhldXJvcGUubm90aWZpY2F0aW9ucy50ZWFtcy5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIysoAHQAXABgAGwADAgACWloAAQA="}
+01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":236,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682423900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+00859{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682440956,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041682440956,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES9AAEARZ+LAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAHT\/ICoAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
+02447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682467714,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682467714,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHMNAAGwGqhA0ckwwwKgBBgG77ICUvj5xrrIv2VAQCAS9XwAAx23sJOl22cozxfimMAsGA1UdDwQEAwIEsDBJBgNVHREEQjBAgiMqLm5vdGlmaWNhdGlvbnMudGVhbXMubWljcm9zb2Z0LmNvbYIZKi5ub3RpZmljYXRpb25zLnNreXBlLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAaMoTg\/CrkXvH3jnb1h9ibtDE5NT9WRyEmtWPdlMgqhbXA+eyQkb6BYaT\/ta0E\/bOL5hM07pSBrD5uauHzlX4vs6BmFI3X35rS4lnHgq3cUKdaq3M5dfcGtIoKERK4KHEXYdDhAF8RY9DfZJta8j9hj4NqjvMcG7hzkZJWkwVjeh7J49fLI2k+ojmtb1lfRr9wT7N317pl9QMlUj3HrapDo2fvCe\/9jktj3lbttPHLsuaLesAF3dE1wm5y4UOzoiawZGA4Fu5fMnwFxWfpzZRwMq0O\/xKMAg5RkinWwDyzGDnwCbl\/c52s299ZBhbtM6yURpSqq0aQFxtyQoGGDw\/qhMEVa25dds5d0iBdM6KFgBsOhenjJcJxMzPvvOPmkJltWXhqnxSJWsJkaqh7zSNoA5U1JZzOXFYRt3uw3OVIBSfQ21T75pEiBJReA5mMtRoJjyJYo4d7ViJlpWq6D+qmTq9MD3A+u3+2YaocGXunqdlchKzuckM3C3Mck\/119eusSb9+YO\/2kHgBIQsNEyRtMbVXs6aJDUwnxYYIGRAPR16yCXImFMfJYah5q6a0OgPBMYG1cJ5tHN0+DQkL0jj0N6DmBrUSDSDele8PSh59PdIzO8wgJ\/BtAAk1rmVDiVhBV4spP7GSKWzbAS3cC\/0tn2xGj\/VdVxgHiGox4WbcNAABbgwggW0MIIEnKADAgECAhAIuHpQG76c2i0WTT45Ub9VMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MTI4WhcNMjQwNTIwMTI1MTI4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCO8\/GEdXe8vsmk9RalUytQYJnc2H3ZJLXhckk3SP7ahpOjfR2aSxBNd3l+Zal8bjbiR9Q2SdDMJAInFOKucc3ZV3Q8EFYZkkqHYvnjkI1e3tFBGxqmH0CiLB6OVdcm2GhCq+wN3t1eYZWzrGyBzqjgra9fyqbkUWguJ\/1UKnGkzLt+kvH2U1EFMdAZgrDKY9DySgALzfRpS\/Ra"}
+01153{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":392,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682467714,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":236,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041682467714,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682484937,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682484937,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0cKdAAGwGWts0ck0hwKgBBgG77H8VHmMm9rF61YAQBAVitAAAAQEICmEGtIQwhK6s"}
+01754{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":417,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682557246,"flow_dst_last_pkt_time":1587041682557307,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041682557307,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
+00285{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041682611214,"packet_id":421,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041682611214}
+00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":421,"source":"teams.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041682598222,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682668456,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682668456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682668456,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682668456,"flow_idle_time":200000000,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_usec":1587041682668456,"pkt":"EBMx8Tl2KDc3AG3ICABFAABW2rQAAP8RXYrAqAEGwKgBAeC6ADUAQqKILzcBAAABAAAAAAAACHByZXNlbmNlCHNlcnZpY2VzA3NmYg50cmFmZmljbWFuYWdlcgNuZXQAAAEAAQ=="}
+01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682668456,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682668456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682668456,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"presence.services.sfb.trafficmanager.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682697730,"flow_idle_time":200000000,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_usec":1587041682697730,"pkt":"KDc3AG3IEBMx8Tl2CABFAACny9dAADkR8hbAqAEBwKgBBgA14LoAkwAALzeBgAABAAIAAAAACHByZXNlbmNlCHNlcnZpY2VzA3NmYg50cmFmZmljbWFuYWdlcgNuZXQAAAEAAcAMAAUAAQAAASwANRRhLXVwcy1wcmVzZW5jZTQtcHJvZAtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AwEYAAQABAAAABgAENHJNOg=="}
+01082{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682668456,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682697730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":1587041682697730,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"presence.services.sfb.trafficmanager.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.58"}}}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041682698689,"flow_dst_last_pkt_time":1587041682698689,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682698689,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682698689,"flow_dst_last_pkt_time":1587041682698689,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041682698689,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG913AqAEGNHJNOuyBAbtgCOGqAAAAALAC\/\/\/jdgAAAgQFtAEDAwUBAQgKMISvtwAAAAAEAgAA"}
+00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":431,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682740607,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682740607,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041682740607,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682740607,"flow_idle_time":3285032704,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1587041682740607,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEdws9AADEGDl2ifRODwKgBBgG767gSqyGfi6a7DoAYAWi65wAAAQEICpHNoqswhBBbFwMDAOQAAAAAAAAACKmKftpP18TObpudfRHF+x2Q26rJbEiP394UtjZJPj4wSIR\/hp3JlNrAGtpUw45IgQ+\/Td3gBgwIaydoMxwS3i93S6aIvQahVpj\/c5RwIn5XTgvMLlxphbaNgBQKVcUBzOyFCFmX25bboaZrE8yGPewBV8YF9rPw3wiL2qX6gOrVwGBD+SxN5WBWFI2hGO+JWJUmRSYMjHC+44xSTFiyxGwuYeySW1fNosn1ZrrnxmEfRHvkqjQUYvkmRW87MNYmA\/nzpUUAJUjx7fyAlsSNV0cWWtSO31yX1lU5orE="}
+00898{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":431,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682740607,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682740607,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041682740607,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Dropbox","proto_by_ip_id":121,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682740712,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682740712,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGwxXAqAEGon0Tg+u4AbuLprsOEqsiiIAQD\/hw3AAAAQEICjCEr+CRzaKr"}
+00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682698689,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682744342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA09YRAAGwG1eQ0ck06wKgBBgG77IG+FZNKYAjhq4AS\/\/+qaAAAAgQFoAEDAwgBAQQC"}
+00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682744445,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682744445,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG93XAqAEGNHJNOuyBAbtgCOGrvhWTS1AQIADLJwAA"}
+00783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":3285032704,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_usec":1587041682744658,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEDAABAAEAG9prAqAEGNHJNOuyBAbtgCOGrvhWTS1AYIAAsUQAAFgMBANYBAADSAwPkbX85xJUsmCJfCQtb2nqS5r5NxitfmjfkWtCVFh+GIgAAHEpKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACNCgoAAP8BAAEAAAAAIQAfAAAccHJlc2VuY2UudGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACAoKAB0AFwAYABsAAwIAAkpKAAEA"}
+01122{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682744658,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+01326{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745381,"flow_idle_time":3285032704,"pkt_caplen":665,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":665,"pkt_l4_len":631,"thread_ts_usec":1587041682745381,"pkt":"EBMx8Tl2KDc3AG3ICABFAAKLAABAAEAGwL7AqAEGon0Tg+u4AbuLprsOEqsiiIAYEAA0LgAAAQEICjCEr+ORzaKrFwMDAlK2BaXSajSAVWEKj3frXxijYpT3GD2Cuos6bxaeeEb0O6UJhzmzPZI\/SWy+fgBnTfneCwusduYkx4s3F4xCn2MY3DEvpr\/P48ATzKlJ++OHqI7OI3KpokJ1bF8YwJjJpFyWkPT0\/gdDA2C0thwexYlLgVCHe4dECfAKO3ai6a9AkpIGftSCmWnSsB7\/GodcDd1wDIWHn+mS6A9bTO\/2sRCfLQjmwaqnM\/0Kd1DorrQMm9TT6\/w11NzOyGJGqVRWfthWKCJ2r5CEFaogXR64MxPpr2FM6spcuDUY4C3Hc53Q7uc97BndljPBEgsGGu2WIs1hpBKyBrbp4cakeWFrgRHILDge\/JLjoB\/we0ie6rPfHdzAzbH+CVHboc7ECVvIV6N2Rd\/z5fI6cJ5y1i\/CGpe9JS\/DjF+npNlL3gVvBs3y7VpT4ziTRBRlbzG6hzfaYWVE\/I1GNwloup0kRP0\/\/fFg59buQBmTxdHJsfm4laPDQEGg2\/E9TD5wbcmagME1tYB8Z6HaDDAe1MbrBXtLSM8VMS0ZeI23LZfgw6dIscXGQh+EZCVohYQ2K\/dCOtZqYIGlXsZd11O+bX\/KPVaVnsGCQqimWVbYkJXTdkE5fdL4ibwUdj8vI7+8IXUv8oArxAdVEWB2+pth6d9Zti7C4SxMlmajA50jkJHElO8G4w6Wzb86qkyK4WbkuYLazUSRxEvrQrVtZjtDDcEAhbB3i\/CCiXoyK9403MAI7UV+NXn0+Iqmacnoi+GSVKkccDjbrlFQ3qxHSBpnh\/Zt22FSB4TV4eA="}
+02437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745498,"flow_idle_time":3285032704,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1587041682745498,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAGvYHAqAEGon0Tg+u4AbuLpr1lEqsiiIAQEADIXgAAAQEICjCEr+SRzaKrFwMDIBe2BaXSajSAVsA+S0rbnqiekP4iuZq32HuCU1Zk8b7DobfyXAMC40RMGMmv03seNmRLB1WBKOAndSNsjwejL\/4UdAY51oTzt\/idB5m9EO71\/T1MmFynzxV07rmvd3Y7KFXQR\/+x23FlX8GjLiPfQFhiUhRh28ymzOk2Fma1O328pbgtPmfOm2\/I1HthpOnXap2OPKovdSqIn\/dOEzmEXK5RH4Vhc7yfPS0tJ3lq\/j9Y4mE4jZEoUqARpTmnt\/EmaVbJrcge1AqzkW+CZ+w4JlO7k9TdFEi5TByHM4C1T005glLtZNkRmPpMGHQbjibw3NTyD4LLOA7ibrI0r9IDNmoeUUfh8DCZdpfo3pxnEzyt7oapZ3bsP3f2dkvlxSg+Dlv55qlRYMXtNU7tnt3+G6vIRUNWvNYWxEeaewlxO7D31DoGy39yf6\/Uf40kqlYmjJklCFuyytx+XwcWqT4ARI652Z\/KTokqiY0d8hvIMHweZqCdsZ3sZLcS92z0hCZYB+QTk3oNwXMxF3HPTJhWvhOq0wqkZDSVoE431Wjz26KTR\/D\/dA5pInq8bEC3yVuUKN1PLZW9Mz7MYJyzusjyBNsPLXM5O8OEeeK5MiWTYDXzmOLsLkb2vkB\/HV4y3Ev95rIiSF36Cpgqv6+0aR866vdj7FtuF34EidwFeCf1Bf+A5YjRmGj3oaiwxanjseDhhtnxhUTf19iNoEFSzhAIqnGHRAvLOkI5d3FBbQQt+YdQcTmf4uC9ThNnySNA0HXREePQs7huoiwdf2bLMzadvLcQRiRnWU7Hl35DzJo7SAfHQVc1y7a5SVG8H0C\/gvRNuAfv3HAV07QuKJAR49iIkFCcVRaJ\/jE5NYdjrNiiLdvzoxuEZ0dWMxMftRotvm8FM6ig5uEvIZbx9cs5I19iYZQ+xjuzmSG9hz4iz+WjzAoY1dmLOtgbT\/XB2FXmqmn+QhnOY3Ljx0J2ha7XjBQ8hWDhzClw138COO6BoFzaLcXOQXTKJXlqio99G1EHem2LSJs4Fip7GdtxGPNIMZ40wLG2DFzen08a5EPl23FFXPX0SR69Sbx3M0R+hQyRTGJvzQ2b0FETVcaGBWv\/AJUXgawU3fpNn7TAnn6usnhvfGudG7WV4wZ6vkSA+LX0MCVzjn7ur93PxY\/kpdqz3fuiKZIsdz1qUGtjG9iABsh28XZ9j4vR0VSK81wLD3NNpJ2yPv0bwOqpCaovF6tXQ1Ews6XsxqJi5G36BrzaJ5\/NXawhnu8ri1Vz28LUjmOZPpd6keVddX571\/oIU+Q3p3lccmI7+gjH3KqlUBiHCmpfZcYeOnCUEoJ6+9LH3uDsI4lVcAzp2csO0NXDwcfvMalB6gajtPszvwIJElID7GHKx1BsawLle+AuhD6lA8\/ePLwyuj37+iokrx6+vklOjmfe4s9diN429ybZIsLrxpS9gvhCcqJjHRib1BY+X07qe0e72A4QTMrUQvOqVAnCJ6MepkVyL+TYwE71AQhIyEcdhSMj5NByh+Ps2+o6B6TxNGxL+Hz7Gkx+JsBR2inYY8O+Lv0UT9kVL4KGsfhNjVDtOQlSBGenVIqSWzA0IMPQo8+3Of8Hq4M82zM4CAZ0HSDgvnwrTIr12aPKQZeXdT79Zkpu9xzzr2tssbkalNRSPafbicgt9KUTproDv5wkhK7YwHiqPcGR0QVqeIcuyQotM2kpYtKzEsnaTsMsANkeXwUSaYMnhtvVUO0AlG4\/nEwlNMBHzNthJE9IyucPPp6lNbtpzJXbzjnbqhKzr1pBPW1NzcsmUvTf4AThdCxRFDDYC8Q9bGPZ8M76S438LhtuVyUo\/lD6YFPci0DvupTGZalsukVJfD\/0b05qjSDFI9eEwsvlchodrzNqwexfGQO0oqhK"}
+02437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745501,"flow_idle_time":3285032704,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1587041682745501,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAGvYHAqAEGon0Tg+u4AbuLpsL5EqsiiIAQEABs5gAAAQEICjCEr+SRzaKrei53o4vFQHMBld1Fh\/SJ7lY\/Br6V6nMJYu3OAHgdn1qCcCSFYKKt9BOxyQf3yfDnlntHKN9zdEPSvXN\/0hi8YerzFHTzlE9CpJ2R08FI9jE11z3fnVvhf8e7OcEQqRZgxnPlEzNldSNYqEcmHkXvJhZMq8lx7wyR4LUbGNhgoKdPGH278UPChna6A3t6rVbTyY26njMEfo0Zm6rhpJo44iHLRIKvpaj2GQsfRT+cQeJIZ7CCI7T1q2PUyZhm1ySaJCt2LeO9BPdVU6xJnGhMV\/aWAPQcJ6kB0bxcZrLoRiXTU5Sjkns\/IiFNL\/xvNJTPnSiFRhwUoHK+lhufNQUo13wAlnryX9ux9knlEKyd0St6x6x3\/0AcGE5iocc88TMKvbPeEJdROrTHJPBGw3wEtTcJnsCO86HHTsshAVdGVqkIx3wKVLP63U4Kblp4jy32ZZqt5mrVmtgkvfyXyOjEWSHg9\/kbER4PSr77Twprpqx983VEq2Hcb9Z5Mm3nOhfwTP2T3g\/CCF8QgaWGZrUDu1iiRUPI6K2BHYirquzyMaFufY9V8GpIhq1n1xceUiQLPYGN3l5fQJCiBdXfFafOcSFxIjVpojrL2EOuqK2nuMjLQQp+4Aqc6WZPgm2ebUN\/iKkfC2yH2bLExo2MPi3VUFi92NENpciPyW+eXAFY69MJj5yxa5BiY59sQ5ELiBJlv7RkENWrGuHIllIcpW3ItUf5UzQsbStrqU99fkGX6jKCwXrvMoRcz4OdAQSCuL42ekbFYHiL0ne5NvHaRIqcek4\/JcqoZpMdpQey7y+2Dl6doTImRGjrtsYDDKgFGhDU4N8dTso9ThZ3fuQI5GnuKCyDE7AIeVXiQlYv5F01woYov2hCUZp7ZcJSt2ohbipTR8\/9XsRLAxqgXB5GsFcoOvfysdpEjckn3ixs\/e\/E+9YhRVwcgw9hwvaxpOHeSVNLQn1UC1jd6XPsedgr5CYCUUWjOwS77pYeBf15DMuXoTC2DTw4N0qK0I2k9jO2h06\/VwS+DdyYzdZyIEDJootRjKr6+oHebS0B7nXpok59GLbGxDjEh9wakV1SZs7RvQXUIMtwshnqDiJum9ddTnNB2+bpdzgJa3FjnjCyxjYAJBZhtEPLvmmDoY+ugXE9QtbOp299K6ArOZPB6JuK4rlVYneXIpSl0yfeQgFoaNPTPCWdaxvM+AfcOB7YkH0w1UJu2dyLSmHw42qCGfzhxeXIbZVNdJjctQ0Cqo5zXErR1874K9\/40112SIrZY04P1wdyAy51DHX6xP4DMvjfqz6wVaf6gJ\/DZxBp20paRElTtDQN\/dHqjokoah04MvpFxBCi0Oy+R7CfKweUnqAqr1HqpFAPT9qsa8YrIc8G0wUUzeAax4URzLWOt85EjAnPLK1DAQYPq0v9Q0KLOsGsn1kbSvDpNs37iMzwcZRFzWoLHwwnKhxoV5ph1YHpzct0GfB5TMtawMLt6xx8fpDVN\/qmtv7vr0PwcpkWAe12mwk6YMCBt5BjA8f7N0hNc28Z18gN\/CgGnUTUJNyHOY9\/otIhpyZk2nAcBRRfiJ1pLKbDvtAKXiFEDhY9R4CdMU31jbFPykJh6n2eH+U5nfePcR\/NQL8CGF86lRBvbS1BffGRulEfJVi517lk3dtmRmFX4czmj4U5S0fLX7dTEWdkjlqGvyPwcgdLRBZYccWZ3e0IwyZLzh4ZvqC6GXgR\/YxXU2EyExTuarC8OxvaikQEuWDLdXLrVfF\/5zh5AAnOxdXMDpgpl7zVyHlEg1yLy9mLgj1yQgKUqwCNhyVJZLyPBjuKvSewLkE6Yb4TMgTQzgnkGvHFjAbR3wnBeO3lqHZFEbIHcmklDS0L5Y7TchFMURbahXYDs4fVUOyQ800EYRGVfodFdgqI"}
+02442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682792228,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682792228,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXU9YZAAGwG0EI0ck06wKgBBgG77IG+FZj3YAjihlAQCAQbpwAAahz3MIwwCwYDVR0PBAQDAgSwMIHfBgNVHREEgdcwgdSCIyoubm9hbS5wcmVzZW5jZS50ZWFtcy5taWNyb3NvZnQuY29tgiMqLmVtZWEucHJlc2VuY2UudGVhbXMubWljcm9zb2Z0LmNvbYIjKi5hcGFjLnByZXNlbmNlLnRlYW1zLm1pY3Jvc29mdC5jb22CJSoubm9hbWRmLnByZXNlbmNlLnRlYW1zLm1pY3Jvc29mdC5jb22CHioucHJlc2VuY2UudGVhbXMubWljcm9zb2Z0LmNvbYIccHJlc2VuY2UudGVhbXMubWljcm9zb2Z0LmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAFfJmXOb1G3\/gkDpDClarQB6kon6qcwX4Kh295CbM2AS5Vgj29434HX0cY+Z9iv\/MTbIOmx9325DU4Jkds6+IU\/YaIPC6iJQpcE2e349x3dnDm3opekdQpM9PDa129MKr2YMPfEeN8v0qTyUuQZhGs4n0KhbSGQjx5\/B9gHGSpxe32oG49c+UQMe29vQ918eWYGlRxmosgaDo1O8G3hucKxVwq7wwZImn3rzlX2p3MvbHeLrrJ0NnlDsEaTwHS4Q6zzFHSGKHEGxwFQAn8mD1A4CEULHR5utg70c+5SvpcPBwDRulBAl1YVyuiG0lQXudeFRPjGil0p6dBb5dVHM6sDa+2bhTnT5Xrs6ALFkSOC2eT01f34o0LD\/iYJpYUBbRpunp7qdsCEujVxZR8n0k581k760zp6eOKdldSwGD2zCkU49qbfX71ampz0Sa7apdvaSE3KDX92BVUqVgQf0FXIZml2UETl7GkuJ7ywmJNZy\/VBh5fwF2G5tkeqqgUFl6Pz5ffSKavNMdYdiF0oJdwf95BiDLfhWMFAZ\/Az1Qj25O939c39zHdQmU2Gk65JAtVnlAhmcxyqDVZJv7WCLyYv8x3gCNb27V5dMzb8gu1mMtVqxF0t9OtLhe0ZVbT57TWBzaMHvBs\/e9XYiw9V9PDcm\/ctwDNyy0pJxMD8+96LUABbgwggW0MIIEnKADAgECAhAIuHpQG76c2i0WTT45Ub9VMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MTI4WhcNMjQwNTIwMTI1MTI4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCO8\/GEdXe8vsmk"}
+01136{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":451,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682792228,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041682792228,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+01959{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":467,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682803345,"flow_dst_last_pkt_time":1587041682803309,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":20291,"flow_dst_tot_l4_payload_len":4254,"midstream":0,"thread_ts_usec":1587041682803345,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":27969.4,"max":152917,"stddev":40324.3,"var":1626047232.0,"ent":3.6,"data": [50532,50647,291,64604,72036,210,136507,124,96,1421,68048,86231,152917,2268,6,3,46387,44112,4,2,3,23630,23615,4,20861,20866,7,7,3,845,765]},"pktlen": {"min":52,"avg":819.7,"max":1492,"stddev":699.2,"var":488828.9,"ent":4.3,"data": [64,60,52,258,52,1492,1492,52,1375,52,145,52,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480]},"bins": {"c_to_s": [5,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0],"s_to_c": [7,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0],"entropies": [4.384982109,5.323234558,4.961856842,5.939832211,5.116507530,7.288343430,7.267649651,5.000318527,7.662917614,4.961856842,5.882802486,5.193430901,5.624773026,4.961856842,7.851280689,7.841383457,7.873037815,5.154969692,7.851320267,7.856824398,7.856104374,7.863511562,5.154969215,7.862011433,7.862949848,5.154969215,7.888728619,7.861488342,7.847744942,7.865393639,5.193430901,7.879679203]}}
+01759{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":467,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682803345,"flow_dst_last_pkt_time":1587041682803309,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":20291,"flow_dst_tot_l4_payload_len":4254,"midstream":0,"thread_ts_usec":1587041682803345,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
+00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682809173,"flow_dst_last_pkt_time":1587041682809173,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682809173,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682809173,"flow_dst_last_pkt_time":1587041682809173,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041682809173,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+gHAqAEGp2PXpOyCEVImrEWfAAAAALAC\/\/+rgAAAAgQFtAEDAwUBAQgKMISwIQAAAAAEAgAA"}
+00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682809173,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682862686,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7ILLfLe3JqxFoKAS\/ogNbwAAAgQFrAQCCAoTeRnVMISwIQEDAwc="}
+00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682862738,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682862738,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyCEVImrEWgy3y3uIAQECwqYQAAAQEICjCEsFATeRnV"}
+01202{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":3285032704,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1587041682863165,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG+AjAqAEGp2PXpOyCEVImrEWgy3y3uIAYECxutgAAAQEICjCEsFATeRnVFgMBAgABAAH8AwOllRwzFBLD2fGS0RdMQwmyeJX+rt9niSTc6LgefMaOGyDe8bvsDQaKZ\/SHTClTSUEpcKfm8tnRcB\/XxmDM4wjf0gByEwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAK0Aq8yuzK3MrACdAKnMqwCsAKoAnACoAD0APMA4wDYAtwCzAJUAkQA1AK8AjcA3wDUAtgCyAJQAkAAvAK4AjAD\/AQABQQAAABIAEAAADWRhdGkubnRvcC5vcmcACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgvrFq4xkMZjK7jeeGFDXjFBVctkvDk2bUa2GIO\/qlb3oAFQB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
+01291{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682863165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682917091,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682917091,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wZNAADQGRHqnY9ekwKgBBhFS7ILLfLe4JqxHpYAQAfo2WAAAAQEIChN5GgswhLBQ"}
+01379{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682917561,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041682917561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+02146{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":580,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041683063920,"flow_dst_last_pkt_time":1587041683109441,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2687,"flow_dst_tot_l4_payload_len":6860,"midstream":0,"thread_ts_usec":1587041683109441,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":25031.7,"max":201410,"stddev":47065.5,"var":2215158784.0,"ent":3.2,"data": [45653,45756,213,47886,30,47672,17,83,202,104,167,9896,9950,3499,10390,395,51386,37078,221,190,155,7115,7018,1251,1197,79250,201410,7,34,167536,222]},"pktlen": {"min":40,"avg":340.2,"max":1492,"stddev":510.3,"var":260451.7,"ent":3.8,"data": [64,52,40,259,1492,1492,52,40,40,1492,1492,40,453,40,198,133,503,91,40,109,40,78,78,40,479,40,46,1480,150,206,46,82]},"bins": {"c_to_s": [11,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [3,3,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,0,1,1],"entropies": [4.396777153,4.984685898,4.571928501,5.447037697,7.103639126,7.377305508,4.748330116,4.680641174,4.521928787,7.565583706,7.619148254,4.680641174,7.502402782,4.680641174,6.615381718,6.130319118,7.576011658,5.374610424,4.630640984,5.982717991,4.530641556,5.189125538,5.402576923,4.680641174,7.496559143,4.680641174,4.505983353,7.866451740,6.633583069,6.711987019,4.522393703,5.435414791]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":584,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041683142905,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683142905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683142905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683142905,"flow_idle_time":200000000,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1587041683142905,"pkt":"EBMx8Tl2KDc3AG3ICABFAABOVgkAAP8R4j3AqAEGwKgBAeCgADUAOmwyTTEBAAABAAAAAAAACmNoYXRzdmNhZ2cEc3ZjcwV0ZWFtcwZvZmZpY2UDY29tAAABAAE="}
+01053{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":584,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041683142905,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683142905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683142905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"chatsvcagg.svcs.teams.office.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683184989,"flow_idle_time":200000000,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1587041683184989,"pkt":"KDc3AG3IEBMx8Tl2CABFAADQTcNAADkRcALAqAEBwKgBBgA14KAAvAAATTGBgAABAAMAAAAACmNoYXRzdmNhZ2cEc3ZjcwV0ZWFtcwZvZmZpY2UDY29tAAABAAHADAAFAAEAAAAMACoVdGVhbXMtY2hhdHN2Y2FnZy1wcm9kDnRyYWZmaWNtYW5hZ2VyA25ldADAPgAFAAEAAAEsADAWbXNnLXVrc28tMDEtY2hhdHN2Y2FnZwd1a3NvdXRoCGNsb3VkYXBwBWF6dXJlwCnAdAABAAEAAAAFAAQ0clg7"}
+01070{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":587,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041683142905,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683184989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":180,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":180,"midstream":0,"thread_ts_usec":1587041683184989,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"chatsvcagg.svcs.teams.office.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.88.59"}}}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":588,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683186164,"flow_dst_last_pkt_time":1587041683186164,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683186164,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1587041683186164,"flow_dst_last_pkt_time":1587041683186164,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041683186164,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG7FzAqAEGNHJYO+yDAbslAEUuAAAAALAC\/\/+uKgAAAgQFtAEDAwUBAQgKMISxhQAAAAAEAgAA"}
+00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1587041683186164,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041683220355,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8HR9AAG0GokE0clg7wKgBBgG77INQlxoFJQBFL6ASIAAufwAAAgQFoAEDAwgEAggKAdQEQDCEsYU="}
+00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1587041683220462,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041683220462,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7GjAqAEGNHJYO+yDAbslAEUvUJcaBoAQEAltDgAAAQEICjCEsaYB1ARA"}
+00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":3285032704,"pkt_caplen":287,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":287,"pkt_l4_len":253,"thread_ts_usec":1587041683220741,"pkt":"EBMx8Tl2KDc3AG3ICABFAAERAABAAEAG64vAqAEGNHJYO+yDAbslAEUvUJcaBoAYEAkhLAAAAQEICjCEsaYB1ARAFgMBANgBAADUAwMl\/B1Vk9A1CXIA2wtxg6SSBUkcTlC\/1\/z0\/eteey4O7gAAHJqazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACP2toAAP8BAAEAAAAAIwAhAAAeY2hhdHN2Y2FnZy50ZWFtcy5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAICgoAHQAXABgAGwADAgACSkoAAQA="}
+01124{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683220741,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"chatsvcagg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+02438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683257226,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041683257226,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHSFAAG0GnKc0clg7wKgBBgG77INQlx+mJQBGDIAQBAUMBAAAAQEICgHUBF0whLGmFMuT5WpzTDiCSYT3xi9v6V14KwZXMAsGA1UdDwQEAwIEsDApBgNVHREEIjAggh5jaGF0c3ZjYWdnLnRlYW1zLm1pY3Jvc29mdC5jb20wgawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDEuY3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDEuY3JsME0GA1UdIARGMEQwQgYJKwYBBAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NwczAfBgNVHSMEGDAWgBRYiJ\/W3JxIIrcUPv+EiOjmhf\/6fTAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIBADlaSLft\/Il2mfNfS96UN1u6SRdI6uOdxV\/SghC34ek6RV73kkGH\/KgGm5Qpn7ZmjaE7sCW67DpV9CSox9Z3dhmyY3WubiTFoRkhvmI2ia7VsKC3uTVFKGfcG3LipFC\/23JDrzT7qcdgDJzOLWf3MLJd1Kyh6NVC9EjRBrGrjji8xmok7R0RS8CcrVoIMxOsb4aFIvlKHgOLGwrUEg+jJK1WekigAR\/pyb5Ve0qqD3wvtdis9OWT8zz+JfQQtYBGzTf3Zo2YdFfy+cLVdoneW08GcCeeO0e+2qhhnfoQYTUFxVDlSKesMCCZ19oghBpnMirb2zEgWNe+6hV0VBHo0qa0oI+8VxV0m5jsWGKpN5r0RSQeZVBFjmNPja7EWAv9BG0nDBvzPaTNS9lsRoXc1ue7UQ2fGyQcImPgttcAOrqAGM9U+s0UrVqPi9GRGdpB+ymstXnktW0UVXqemudrGvUxOJRKDRvwctjZP2On9XpkEuwYzeJ7edeTKIXaTMPr5bSi6KtPMv8scypPxl6auLwwuyW3phPvh3sr9vdYmG1LA+UpioWKxGVlTy3H5MrR\/a3CRRhXX1OZmYh1RDRwmACanys8duLXWdgmjDNNxzIBOXG7wiGPQfS3+9iG0JTdXjbTpu3jNtZbvAVXCu9kow13tCXvpYdCShakHGed8k9wAAW4MIIFtDCCBJygAwIBAgIQCLh6UBu+nNotFk0+OVG\/VTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE2MDUyMDEyNTEyOFoXDTI0MDUyMDEyNTEyOFowgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSAxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjvPxhHV3vL7JpPUWpVMrUGCZ3Nh92SS14XJJN0j+2oaTo30dmksQTXd5fmWpfG424kfUNknQzCQCJxTirnHN2Vd0PBBWGZJKh2L545CNXt7RQRsaph9AoiwejlXXJthoQqvsDd7dXmGVs6xsgc6o4K2vX8qm5FFoLif9VCpxpMy7fpLx9lNRBTHQGYKwymPQ8koAC830aUv0WpZWOSbJnUsKYzQy"}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683333389,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683333389,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683333389,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041683333389,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyEAbsX4foHAAAAALAC\/\/8Q\/AAAAgQFtAEDAwUBAQgKMISyEgAAAAAEAgAA"}
+00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041683378966,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VAJAAGwGd3g0ck0hwKgBBgG77IQbiSB\/F+H6CKASIABpjQAAAgQFoAEDAwgEAggKYR77TDCEshI="}
+00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1587041683379074,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041683379074,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyEAbsX4foIG4kggIAQEAmoEAAAAQEICjCEsj9hHvtM"}
+00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":3285032704,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041683379360,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyEAbsX4foIG4kggIAYEAle8wAAAQEICjCEsj9hHvtMFgMBAMkBAADFAwNQ2mjoGM5bceT+50qedBeC2QzxBSnWB8x+XpaOKMz6dSCjQgAAk2B6jpiMP4aNnNPzeGx44\/6X3U2RH3y64O03zgAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
+01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":616,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683379360,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+02444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683430778,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041683430778,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVANAAGwGcd80ck0hwKgBBgG77IQbiSCAF+H61oAQBAWFnQAAAQEICmEe+38whLI\/FgMDEGYCAABRAwNemFWT1kX8u9ATY\/YCwH831ucgt0juCj9cD9NieB4F3SDMFgAAPSmx1EB8rJYwgB6DDk65Ho1qqYZPmBoFpBpgkMAwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"}
+01754{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":624,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683430891,"flow_dst_last_pkt_time":1587041683431072,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041683431072,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
+02148{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":635,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683511604,"flow_dst_last_pkt_time":1587041683511700,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2582,"flow_dst_tot_l4_payload_len":7792,"midstream":0,"thread_ts_usec":1587041683511700,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":20999.2,"max":115070,"stddev":31123.6,"var":968681216.0,"ent":3.5,"data": [34191,34298,279,36871,33,36580,20,190,171,120,2,98,1011,12039,309,36028,22727,226,163,129,10387,10298,599,557,77127,91684,7,49137,80440,115070,185]},"pktlen": {"min":52,"avg":377.2,"max":1492,"stddev":521.7,"var":272149.2,"ent":3.9,"data": [64,60,52,273,1492,1492,64,52,1492,52,1492,302,52,178,145,533,103,52,121,52,90,90,52,414,52,52,1480,247,52,227,52,1139]},"bins": {"c_to_s": [11,1,1,1,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [3,2,1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,1,1,0,1],"entropies": [4.278468132,5.100120544,4.678913116,5.492300034,7.395298958,7.335471153,4.813810349,4.784870625,7.534573555,4.736229897,7.601704121,7.355720520,4.823332310,6.256767273,6.195283890,7.525622368,5.556344509,4.861793995,6.029422760,4.861793995,5.382391453,5.548377514,4.823332310,7.376307011,4.861793995,5.063529015,7.847518921,6.993651390,4.986605644,6.825597286,4.731892109,7.799232483]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041684291077,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684291077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684291077,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684291077,"flow_idle_time":200000000,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1587041684291077,"pkt":"EBMx8Tl2KDc3AG3ICABFAABC19sAAP8RYHfAqAEGwKgBAegLADUALnZLN+4BAAABAAAAAAAACXN1YnN0cmF0ZQZvZmZpY2UDY29tAAABAAE="}
+01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041684291077,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684291077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684291077,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","proto_id":"5.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"substrate.office.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684304618,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1587041684304618,"pkt":"KDc3AG3IEBMx8Tl2CABFAADIzNlAADkR8PPAqAEBwKgBBgA16AsAtAAAN+6BgAABAAUAAAAACXN1YnN0cmF0ZQZvZmZpY2UDY29tAAABAAHADAAFAAEAAABCABQJc3Vic3RyYXRlB21zLWFjZGPAFsAyAAUAAQAAABYACAVhZmQta8AWwFIABQABAAAAGQAoEm91dGxvb2stb2ZmaWNlLWNvbQZrLTAwMDIIay1tc2VkZ2UDbmV0AMBmAAUAAQAAAKAAAsB5wHkAAQABAAAAoQAEDWsSCw=="}
+01071{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":665,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041684291077,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684304618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":172,"midstream":0,"thread_ts_usec":1587041684304618,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","proto_id":"5.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"substrate.office.com","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.18.11"}}}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":666,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684306115,"flow_dst_last_pkt_time":1587041684306115,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684306115,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1587041684306115,"flow_dst_last_pkt_time":1587041684306115,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041684306115,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGWZTAqAEGDWsSC+yFAbvNnLiZAAAAALAC\/\/\/7GwAAAgQFtAEDAwUBAQgKMIS1wQAAAAAEAgAA"}
+00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1587041684306115,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041684317619,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0FJpAAHUGEAYNaxILwKgBBgG77IU13hw0zZy4moAS\/\/\/HZQAAAgQFoAEDAwgBAQQC"}
+00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1587041684317725,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041684317725,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGWazAqAEGDWsSC+yFAbvNnLiaNd4cNVAQIADoJAAA"}
+00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":3285032704,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1587041684317987,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGWNnAqAEGDWsSC+yFAbvNnLiaNd4cNVAYIAB7OAAAFgMBAM4BAADKAwNT9yhcRBpq6+zC6hAkiruFzkDB0iUODZ2vqxEjURraCwAAHGpqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACF2toAAP8BAAEAAAAAGQAXAAAUc3Vic3RyYXRlLm9mZmljZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAja2gAdABcAGAAbAAMCAAK6ugABAA=="}
+01128{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684317987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684329497,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041684329497,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoFJtAAHYGDxENaxILwKgBBgG77IU13hw1zZy5bVAQBAEDUQAAAAAAAAAA"}
+01975{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":677,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684362150,"flow_dst_last_pkt_time":1587041684362335,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":4396,"midstream":0,"thread_ts_usec":1587041684362335,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","tls": {"version":"TLSv1.2","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2"}}}
+01961{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":697,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041684314927,"flow_dst_last_pkt_time":1587041684501131,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1329,"flow_dst_tot_l4_payload_len":7087,"midstream":0,"thread_ts_usec":1587041684501131,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":146055.7,"max":2009785,"stddev":489503.9,"var":239614050304.0,"ent":1.7,"data": [12667,12766,154,12385,2459,251,14879,502,529,250,3,817,4854,17134,1376,20,13097,4,249,321,136,11841,14,11155,108,621,112917,113684,1998116,2009785,174632]},"pktlen": {"min":40,"avg":305.2,"max":1492,"stddev":468.1,"var":219152.8,"ent":3.8,"data": [64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345]},"bins": {"c_to_s": [9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1],"entropies": [4.396777153,4.984685421,4.571928501,5.492863178,4.462504387,7.269914627,7.475378990,4.630641460,7.477076530,4.571928501,7.667408466,6.767431736,4.680641174,6.542833328,4.505983353,7.221371651,5.957443714,4.630641460,4.630640984,6.221683502,5.214766979,7.578815937,4.414441109,5.396905422,4.571928501,4.457919598,4.522393703,7.482207775,4.680641174,7.242818356,4.478915691,7.266457558]}}
+01519{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":697,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041684314927,"flow_dst_last_pkt_time":1587041684501131,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1329,"flow_dst_tot_l4_payload_len":7087,"midstream":0,"thread_ts_usec":1587041684501131,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}}}
+01947{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":702,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684950374,"flow_dst_last_pkt_time":1587041684410372,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":3472,"flow_dst_tot_l4_payload_len":5797,"midstream":0,"thread_ts_usec":1587041684950374,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":24145.7,"max":539594,"stddev":94604.1,"var":8949939200.0,"ent":1.9,"data": [11504,11610,262,11878,32500,90,44163,247,1,223,3839,7741,325,72,14634,1492,13,4159,11,266,6513,474,6734,4309,9884,14215,10718,10725,539594,6,314]},"pktlen": {"min":40,"avg":331.5,"max":1492,"stddev":473.5,"var":224192.2,"ent":3.9,"data": [64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248]},"bins": {"c_to_s": [9,1,1,0,2,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [5,2,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,0,0,0,0],"entropies": [4.428027153,4.893245220,4.521928310,5.397158146,4.505983353,6.671830177,7.464404583,4.630641460,7.577803612,5.737496376,4.680641174,6.516131401,6.154890537,7.647973537,6.500202656,4.505983353,7.196300030,5.817581654,4.611769199,4.561769485,5.250086308,4.457919598,5.392898560,4.630641460,4.522393227,7.690679073,4.680641174,7.335716724,4.680641174,7.846065521,7.720572472,6.957527637]}}
+01979{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":702,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684950374,"flow_dst_last_pkt_time":1587041684410372,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":3472,"flow_dst_tot_l4_payload_len":5797,"midstream":0,"thread_ts_usec":1587041684950374,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","tls": {"version":"TLSv1.2","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2"}}}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":714,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685090830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685090830,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685090830,"flow_idle_time":200000000,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1587041685090830,"pkt":"EBMx8Tl2KDc3AG3ICABFAABJHhYAAP8RGjbAqAEGwKgBAe89ADUANcKVVKoBAAABAAAAAAAABGV1YXoCdHIFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQAB"}
+01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685090830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685090830,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"euaz.tr.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":715,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685091534,"flow_src_last_pkt_time":1587041685091534,"flow_dst_last_pkt_time":1587041685091534,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685091534,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":715,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685091534,"flow_dst_last_pkt_time":1587041685091534,"flow_idle_time":200000000,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1587041685091534,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZE40AAP8RJK\/AqAEGwKgBAdGuADUARafs9AEBAAABAAAAAAAAD3Ryb3V0ZXIyLWFzc2UtYQd0cm91dGVyBXRlYW1zCW1pY3Jvc29mdANjb20AABwAAQ=="}
+01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":715,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685091534,"flow_src_last_pkt_time":1587041685091534,"flow_dst_last_pkt_time":1587041685091534,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685091534,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685092516,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685092516,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685092516,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685092516,"flow_idle_time":200000000,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1587041685092516,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZD5kAAP8RKKPAqAEGwKgBAf7OADUARYKEB0oBAAABAAAAAAAAD3Ryb3V0ZXIyLWFzc2UtYQd0cm91dGVyBXRlYW1zCW1pY3Jvc29mdANjb20AAAEAAQ=="}
+01064{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685092516,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685092516,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685092516,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":717,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685093044,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685093044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685093044,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":717,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685093044,"flow_idle_time":200000000,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1587041685093044,"pkt":"EBMx8Tl2KDc3AG3ICABFAABRstMAAP8RhXDAqAEGwKgBAcXdADUAPUwYqlcBAAABAAAAAAAAA2FwaQtmbGlnaHRwcm94eQV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="}
+01056{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":717,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685093044,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685093044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685093044,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"api.flightproxy.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":720,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685091534,"flow_dst_last_pkt_time":1587041685104871,"flow_idle_time":200000000,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"thread_ts_usec":1587041685104871,"pkt":"KDc3AG3IEBMx8Tl2CABFAACfqZ9AADkRFFfAqAEBwKgBBgA10a4AiwAA9AGBgAABAAIAAAAAD3Ryb3V0ZXIyLWFzc2UtYQd0cm91dGVyBXRlYW1zCW1pY3Jvc29mdANjb20AABwAAcAMAAUAAQAADYsAHg90cm91dGVyMi1hc3NlLWEIY2xvdWRhcHADbmV0AMBJABwAAQAAAAUAECoBARHxAHAAAAAAAG\/dVKE="}
+01080{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":720,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685091534,"flow_src_last_pkt_time":1587041685091534,"flow_dst_last_pkt_time":1587041685104871,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":131,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":131,"midstream":0,"thread_ts_usec":1587041685104871,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"42.1.1.17"}}}
+00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685105349,"flow_idle_time":200000000,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_usec":1587041685105349,"pkt":"KDc3AG3IEBMx8Tl2CABFAACTMl9AADkRi6PAqAEBwKgBBgA1\/s4AfwAAB0qBgAABAAIAAAAAD3Ryb3V0ZXIyLWFzc2UtYQd0cm91dGVyBXRlYW1zCW1pY3Jvc29mdANjb20AAAEAAcAMAAUAAQAADNUAHg90cm91dGVyMi1hc3NlLWEIY2xvdWRhcHADbmV0AMBJAAEAAQAAAAgABDRyDy0="}
+01081{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":721,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685092516,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685105349,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":119,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1587041685105349,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.15.45"}}}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":722,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685106192,"flow_dst_last_pkt_time":1587041685106192,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685106192,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685106192,"flow_dst_last_pkt_time":1587041685106192,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685106192,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGNWvAqAEGNHIPLeyHAbsC\/Q6WAAAAALAC\/\/9IhwAAAgQFtAEDAwUBAQgKMIS4zgAAAAAEAgAA"}
+00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685127636,"flow_idle_time":200000000,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1587041685127636,"pkt":"KDc3AG3IEBMx8Tl2CABFAADKzTRAADkR8JbAqAEBwKgBBgA1xd0AtgAAqleBgAABAAMAAAAAA2FwaQtmbGlnaHRwcm94eQV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAA4OACoDYXBpC2ZsaWdodHByb3h5BXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAQQAFAAEAAAEsACcbYy1mbGlnaHRwcm94eS1ldW5vLTAxLXRlYW1zCGNsb3VkYXBwwGbAdwABAAEAAAAGAAQ0ck2I"}
+01074{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":723,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685093044,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685127636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":174,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":174,"midstream":0,"thread_ts_usec":1587041685127636,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"api.flightproxy.teams.microsoft.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.136"}}}
+00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685136892,"flow_idle_time":200000000,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_usec":1587041685136892,"pkt":"KDc3AG3IEBMx8Tl2CABFAADDZa9AADkRWCPAqAEBwKgBBgA17z0ArwAAVKqBgAABAAMAAAAABGV1YXoCdHIFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQABwAwABQABAAALoAAiBGV1YXoCdHIFdGVhbXMOdHJhZmZpY21hbmFnZXIDbmV0AMA5AAUAAQAAAAAAMBJiLXRyLXRlYW1zLWV1bm8tMDULbm9ydGhldXJvcGUIY2xvdWRhcHAFYXp1cmXAJMBnAAEAAQAAAAoABDRy+ns="}
+01067{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":728,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685136892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":167,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":167,"midstream":0,"thread_ts_usec":1587041685136892,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"euaz.tr.teams.microsoft.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.250.123"}}}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":729,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685171649,"flow_src_last_pkt_time":1587041685171649,"flow_dst_last_pkt_time":1587041685171649,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685171649,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685171649,"flow_dst_last_pkt_time":1587041685171649,"flow_idle_time":200000000,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685171649,"pkt":"EBMx8Tl2KDc3AG3ICABFAABADGUAAP8RK\/DAqAEGwKgBAeRZADUALJr8l0UBAAABAAAAAAAAB291dGxvb2sGb2ZmaWNlA2NvbQAAAQAB"}
+01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":729,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685171649,"flow_src_last_pkt_time":1587041685171649,"flow_dst_last_pkt_time":1587041685171649,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685171649,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","proto_id":"5.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"outlook.office.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00733{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":730,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685171649,"flow_dst_last_pkt_time":1587041685185131,"flow_idle_time":200000000,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1587041685185131,"pkt":"KDc3AG3IEBMx8Tl2CABFAADeqaxAADkRFAvAqAEBwKgBBgA15FkAygAAl0WBgAABAAYAAAAAB291dGxvb2sGb2ZmaWNlA2NvbQAAAQABwAwABQABAAAANQAMCXN1YnN0cmF0ZcAUwDAABQABAAAAxQAUCXN1YnN0cmF0ZQdtcy1hY2RjwBTASAAFAAEAAAAmAAgFYWZkLWvAFMBoAAUAAQAAACYAKBJvdXRsb29rLW9mZmljZS1jb20Gay0wMDAyCGstbXNlZGdlA25ldADAfAAFAAEAAACgAALAj8CPAAEAAQAAAJ8ABA1rEgs="}
+01069{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":730,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685171649,"flow_src_last_pkt_time":1587041685171649,"flow_dst_last_pkt_time":1587041685185131,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":194,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":194,"midstream":0,"thread_ts_usec":1587041685185131,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","proto_id":"5.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"outlook.office.com","dns": {"num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.18.11"}}}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685232231,"flow_dst_last_pkt_time":1587041685232231,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685232231,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685232231,"flow_dst_last_pkt_time":1587041685232231,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685232231,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyIAbtyjZOTAAAAALAC\/\/8ViAAAAgQFtAEDAwUBAQgKMIS5SgAAAAAEAgAA"}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685240465,"flow_dst_last_pkt_time":1587041685240465,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685240465,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685240465,"flow_dst_last_pkt_time":1587041685240465,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685240465,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyKAbtGGzTNAAAAALAC\/\/8rVAAAAgQFtAEDAwUBAQgKMIS5UgAAAAAEAgAA"}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":738,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685243104,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685243104,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685243104,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685243104,"flow_idle_time":200000000,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1587041685243104,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPU3QAAP8R5NHAqAEGwKgBAchtADUAO5eNyGMBAAABAAAAAAAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAHAAB"}
+01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":738,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685243104,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685243104,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685243104,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skypedataprdcolneu04.cloudapp.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":739,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685248604,"flow_dst_last_pkt_time":1587041685248604,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685248604,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685248604,"flow_dst_last_pkt_time":1587041685248604,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685248604,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyLAbsws\/klAAAAALAC\/\/\/xvAAAAgQFtAEDAwUBAQgKMIS5WgAAAAAEAgAA"}
+00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685251950,"flow_dst_last_pkt_time":1587041685251950,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685251950,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685251950,"flow_dst_last_pkt_time":1587041685251950,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685251950,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR4XAqAEGKH4JB+yMAbvF6IfFAAAAALAC\/\/8d8gAAAgQFtAEDAwUBAQgKMIS5XQAAAAAEAgAA"}
+00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685240465,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685253368,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0w5JAAHUGiY00ccKEwKgBBgG77IqoHlkCRhs0zoAS\/\/9MIAAAAgQFoAEDAwgBAQQC"}
+00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685253460,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685253460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyKAbtGGzTOqB5ZA1AQIABs3wAA"}
+00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":3285032704,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_usec":1587041685253933,"pkt":"EBMx8Tl2KDc3AG3ICABFAADiAABAAEAGgXLAqAEGNHHChOyKAbtGGzTOqB5ZA1AYIAAZhwAAFgMBALUBAACxAwNemFWVZrT7WTFXDzKTJwgyjyi4pczPS4OaStHQgrmy6wAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXAAAAB8AHQAAGmNvbmZpZy50ZWFtcy5taWNyb3NvZnQuY29tAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"}
+01230{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685253933,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_usec":1587041685256108,"pkt":"KDc3AG3IEBMx8Tl2CABFAACb\/nFAADkRv4jAqAEBwKgBBgA1yG0AhwAAyGOBgAABAAAAAQAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAHAABwCEABgABAAAADgBABHByZDEOYXp1cmVkbnMtY2xvdWTAKgZtc25oc3QJbWljcm9zb2Z0A2NvbQB9o\/w8AAADhAAAASwACTqAAAAAPA=="}
+01063{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":744,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685243104,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1587041685256108,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skypedataprdcolneu04.cloudapp.net","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685106192,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685261856,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0jN1AAG0Ge5k0cg8twKgBBgG77IfA1AaRAv0Ol4AS\/\/+iigAAAgQFoAEDAwgBAQQC"}
+00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685261955,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685261955,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGNYPAqAEGNHIPLeyHAbsC\/Q6XwNQGklAQIADDSQAA"}
+00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":3285032704,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"thread_ts_usec":1587041685262299,"pkt":"EBMx8Tl2KDc3AG3ICABFAADzAABAAEAGNLjAqAEGNHIPLeyHAbsC\/Q6XwNQGklAYIAAraAAAFgMBAMYBAADCAwNemFWVnmpu5iBYzDA0OwyTFl3gYWrTqQBuMzMR9X7FRwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAbQAAADAALgAAK3Ryb3V0ZXIyLWFzc2UtYS50cm91dGVyLnRlYW1zLm1pY3Jvc29mdC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="}
+01239{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685262299,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685265739,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041685265739,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAow5NAAHYGiJg0ccKEwKgBBgG77IqoHlkDRhs1iFAQBAGIJAAAAAAAAAAA"}
+01595{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":755,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685269429,"flow_dst_last_pkt_time":1587041685269476,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":5936,"midstream":0,"thread_ts_usec":1587041685269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}}}
+00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685232231,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685278616,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8aa1AAGwGYc00ck0hwKgBBgG77IgacWa+co2TlKASIABIJQAAAgQFoAEDAwgEAggKYR7cGTCEuUo="}
+00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685278702,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685278702,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyIAbtyjZOUGnFmv4AQEAmGrAAAAQEICjCEuXNhHtwZ"}
+00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":761,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":3285032704,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041685278900,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyIAbtyjZOUGnFmv4AYEAk6ggAAAQEICjCEuXNhHtwZFgMBAMkBAADFAwO15W+8jaHI2sAcvPxYu3fOurYjru\/fmNz9T6MzJf3JQCDMFgAAPSmx1EB8rJYwgB6DDk65Ho1qqYZPmBoFpBpgkAAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
+01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":761,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685278900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":764,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685251950,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685280598,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VD9AAGwGx0kofgkHwKgBBgG77IwJMzAcxeiHxqASIADLBQAAAgQFoAEDAwgEAggKUkq4VzCEuV0="}
+00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685280662,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685280662,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5HAqAEGKH4JB+yMAbvF6IfGCTMwHYAQEAkJnwAAAQEICjCEuXRSSrhX"}
+00837{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":3285032704,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1587041685281210,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRpvAqAEGKH4JB+yMAbvF6IfGCTMwHYAYEAl4\/QAAAQEICjCEuXVSSrhXFgMBAPEBAADtAwMO1aNpNC\/DfNA+zTgvlq4OTJH4Eaani+1AUzQaqTtdmgAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"}
+01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":766,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685281210,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
+00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685248604,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685294102,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VA1AAGwGd200ck0hwKgBBgG77IvHJo2qMLP5JqASIAAqDQAAAgQFoAEDAwgEAggKYR8CxDCEuVo="}
+00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685294163,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685294163,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyLAbsws\/kmxyaNq4AQEAlolwAAAQEICjCEuYBhHwLE"}
+00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":3285032704,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041685294436,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyAABAAEAG9sTAqAEGNHJNIeyLAbsws\/kmxyaNq4AYEAkImQAAAQEICjCEuYFhHwLEFgMBALkBAAC1AwNemFWVha04P4CUw6CKshmFd7ZG0fMDUFnrEIuMFFDaDAAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAYAAAACMAIQAAHm1vYmlsZS5waXBlLmFyaWEubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="}
+01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685294436,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+02438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685312634,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685312634,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVEFAAGwGwa8ofgkHwKgBBgG77IwJMzW9xeiIvIAQBAWJ5wAAAQEIClJKuHcwhLl1i+Wbrav3bQpcZNAwCwYDVR0PBAQDAgSwMIIBJgYDVR0RBIIBHTCCARmCGWxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb22CG2xvZ2luLm1pY3Jvc29mdG9ubGluZS1wLmNvbYIbbG9naW5leC5taWNyb3NvZnRvbmxpbmUuY29tghpsb2dpbjIubWljcm9zb2Z0b25saW5lLmNvbYIkc3RhbXAyLmxvZ2luLm1pY3Jvc29mdG9ubGluZS1pbnQuY29tgh1sb2dpbi5taWNyb3NvZnRvbmxpbmUtaW50LmNvbYIfbG9naW5leC5taWNyb3NvZnRvbmxpbmUtaW50LmNvbYIebG9naW4yLm1pY3Jvc29mdG9ubGluZS1pbnQuY29tgiBzdGFtcDIubG9naW4ubWljcm9zb2Z0b25saW5lLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEARVCFDXaNOijZYnNGoRWvtuOpazT+6a5NhffPDEd8mw13I5P2ZjdjuwO0BCuAa0rcrb9Xsv2qMoirtQ46ssv7U4RUbJ2q644olWDdoDLw3u2IwAi4+it8uqFANVWf479pYNzQSRACICWvLYyZOXoCzSVgryqqt6S9JYKLV\/5cOCwnLGXIMXunQZDJ9OLbjk3hV+y1gACDA7qTWXqQxmgI9aFpumAbRwTxqZV913sHD\/Cf4ut1VrXdDHEcgGroOgboavAnBPF1buLwyr8dsFVfenl1cv4K6OyxBhOa\/qPQC3E1A4UNtSz4dz0swsNbngQZDrl3H9MqpMRswrpJ9jUAZ4uzcbjmByMFT7UrO5NyfE2e754OXgg0kzSG7F0aYPVW64WQaAN5alS554Apkxzpnhy4dbLpcc+qDxw4uZRbEMvvqiGy3Tzvw2N2ZlLhpfCA79zVH3D9QcugIgQY75KsamAAzOcbXq0zT0xKgmRKBpdzG5DeC2KsBbrTTak1bUSSPLjvYpHhgabRiV7OEik97n1Dth5jNj0APlNTe65xy1gwKh4ItrHo4sQMKfxY9NyTKSBVKN3poUeJpe9p2ArtCr\/ZmVWqTui7XFpZPfiQUHWHxyvx0VTPR40NEp\/NGn3Uw7Bd\/MS5F6AKZAjGFEeyvsfA2p3QKRyzfNkfQWM3fP8ABbgwggW0MIIEnKADAgECAhAIuHpQG76c2i0WTT45Ub9VMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MTI4WhcNMjQwNTIwMTI1MTI4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE"}
+01180{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":777,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685312634,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041685312634,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
+02446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685327366,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685327366,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUaa5AAGwGXDQ0ck0hwKgBBgG77IgacWa\/co2UYoAQBAV+ZwAAAQEICmEe3EYwhLlzFgMDEGYCAABRAwNemFWVd4ONVISrGBzenOh1wz59KlhffXpAp\/SRVzeitiAuDwAAZ8HaIUQ\/TUKOJyzDpeZ2C6OXN9Z66nmD08\/sf8AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"}
+01754{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":795,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685327559,"flow_dst_last_pkt_time":1587041685327736,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041685327736,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
+02446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685350456,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685350456,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVA5AAGwGcdQ0ck0hwKgBBgG77IvHJo2rMLP55IAQBAVq\/gAAAQEICmEfAvowhLmBFgMDF7oCAABVAwNemFWVkv8HhgEBqRl7J096sK\/AcfyJkv6Je+CA9SLGGCApBQAAsHV\/DAKaYivrrDw\/3qGp42fGJ7afmMuMlyPWksAwAAANAAUAAAAXAAD\/AQABAAsADt0ADtoACRwwggkYMIIHAKADAgECAhMWAAq9oyiKJqzr8XheAAAACr2jMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDAeFw0xOTEwMTAyMTU1MzhaFw0yMTEwMTAyMTU1MzhaMCYxJDAiBgNVBAMMGyouZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKvCd9UicgkwpI8bSwvCRO2lOesvtPd+z3GH6xRllv8Ei9b8VelLW2PuVMgau2FL6GVCPmGFiOhTMrB6Z5IhkEeYdzS19ordJYDNCTCV4CGHzvr3YSWpcXIsFnyRznGOPnlEMKU5qRnjk8yv7HdVvlTmG5IFjydJQBIE3EVy\/zWWQLcnHvkr+Pm+Ix8GPacEMThyVrZ57NGyt4w\/0XALYy3lIrBrwRrbdUiLTzkL4A+otgHb4wpI6lV59J8U\/8irhpL7YotYvOZ643jEuaSoC\/jdiOIKCF3kQGitPPXXdCq5zTupCxIYUh4B8CR5z8H6nlx9UNqdWcNq9d5jrCXcj+0CAwEAAaOCBNcwggTTMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAW23tMw9AAAEAwBHMEUCIF1LvMGCv0Kl+bp5C3GlL+E\/KEFrucmW+jN0WG1BTye7AiEAlb84qvncp6SV0hcgJPmaG243TJvGYrss3NJol6FvYZkAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAW23tM08AAAEAwBHMEUCIDiK+zbmA9fB\/F+jlf2HQYINB6AsuO6IJw9RLZW6d2VYAiEAgFQKKr4w6oc+CLe9pgqJVTk\/xWbnsVo3VT1pL7gD2NQAdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAW23tMxBAAAEAwBIMEYCIQDC8ilwFdB7z4rC1+bZS4g04LUlLUYH350FnOYfD3Y\/DwIhAKOhDWx9PqjkWoW1QpLAVveNHTmUFKE125bJ\/m64vRMUMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUGvpD1lPIMLQZUxjL0t3R6SFpb+0wCwYDVR0PBAQDAgSwMIHyBgNVHREEgeowgeeCGyouZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIZZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIZKi5waXBlLmFyaWEubWljcm9zb2Z0LmNvbYIO"}
+01754{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":805,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685350807,"flow_dst_last_pkt_time":1587041685350857,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":6079,"midstream":0,"thread_ts_usec":1587041685350857,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
+02445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685419490,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685419490,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUjN5AAG0Gdfg0cg8twKgBBgG77IfA1AaSAv0PYlAQCARVFQAAFgMDF0UCAABVAwNemFWVsa3S0qCCJCKRvR5FvfRm4ku4Wp9dZjR4sGYcKSB2HAAAgvc9nFx0wNSQ+kfvV9B0Mq9ipN+Lt19U\/tPHHsAwAAANAAUAAAAXAAD\/AQABAAsADkgADkUACIcwggiDMIIGa6ADAgECAhMgAA1\/5iyI2CMUD4FHAAAADX\/mMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMjAeFw0xOTExMjkxNzU3NThaFw0yMTExMjkxNzU3NThaMCgxJjAkBgNVBAMMHSoudHJvdXRlci50ZWFtcy5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKcimDO37qOiITdGLLSgRk4SNqeQiChf5fToMO+7e1Qw4j4NVAURrkRlqOSwosi6x2ool0Qjlt5bANU2A7E0ubHR6fs+J4y2vgrsv41S7Ao\/UxdKklkG0wgp+paNcl2enqs+JFcPVtFPe+T+pnY6IZUpOziGi8NLx\/K2NG5xSvrdawVpY5vXRxXKsvLFIAdaJQozyWf9lCNbt+4C0IVl2Ep7N5bp06LVMZktn1YAjolqeEl3RQ6hM3GKceom5l4hpyP43E\/dTe3eLNBfmO8cDd9p8HlGVSrgjhKz1wuJWFoWgHTgDnVBSZVB7t78lIFlze4qLsPX90PfKUlmjF\/zIQIDAQABo4IEQDCCBDwwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbrhZJv4AAAQDAEcwRQIhALfHXTClbVL1ZG3BQH+fsd9EVlnIhlrRTh9b\/BWQkqOPAiArDlgg99bYekywwY8T40DyNspZOTZKKrpABVWSIcE7CwB3AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABbrhZJyYAAAQDAEgwRgIhAJuNw4ivK3DXIXmUE+m57QEHF+rXHdB72ZviRwQ9s+0GAiEA9kNgaFnkw8l1xiyZdSGjaIfmqNZ4qpxCiXwbbmlDWu4AdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAW64WScNAAAEAwBIMEYCIQDmc93n7UJEyvvIddsbJMxC7aPmS7n2Z\/C8vjlA2j\/H8AIhAP0Hy\/4XLfkD3pYHuzfG85l40mxoPZVRGXbh3zqAj+miMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAyLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUdTnCFCgplfnCaQOBNT9YTfK9XfMwCwYDVR0PBAQDAgSwMFsGA1UdEQRUMFKCHSoudHJvdXRlci50ZWFtcy5taWNyb3NvZnQuY29tgg1nby50cm91dGVyLmlvghEqLmRyaXAudHJvdXRlci5pb4IPKi5kYy50cm91dGVyLmlvMIGsBgNVHR8EgaQwgaEw"}
+01629{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":830,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685420065,"flow_dst_last_pkt_time":1587041685420103,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":5962,"midstream":0,"thread_ts_usec":1587041685420103,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","subjectDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4"}}}
+01963{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":855,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685469669,"flow_dst_last_pkt_time":1587041685469973,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":15976,"midstream":0,"thread_ts_usec":1587041685469973,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":14797.2,"max":153955,"stddev":35697.7,"var":1274323968.0,"ent":2.8,"data": [12903,12995,473,12371,1988,1502,15362,129,134,115,3,85,21608,33026,11480,11732,109,11784,570,13396,140399,715,153955,248,230,250,250,503,25,129,243]},"pktlen": {"min":40,"avg":585.7,"max":1492,"stddev":671.4,"var":450756.0,"ent":4.0,"data": [64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492]},"bins": {"c_to_s": [10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1],"entropies": [4.365527153,4.878727913,4.471928596,5.502106190,4.402616024,7.277978420,7.489027023,4.630640984,7.478912354,4.521928310,7.663036823,6.686788082,4.630640984,6.493359089,4.462505341,5.681205750,4.462504864,5.560394764,4.580641270,7.802004814,4.565872192,7.879904747,7.863986492,4.580641270,7.860152721,4.580640793,7.874552727,7.850657463,4.580641270,4.471928596,7.869473934,7.878328800]}}
+01600{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":855,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685469669,"flow_dst_last_pkt_time":1587041685469973,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":15976,"midstream":0,"thread_ts_usec":1587041685469973,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}}}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":920,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685984732,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685984732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":920,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685984732,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685984732,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyNAbtKVk3bAAAAALAC\/\/8LQAAAAgQFtAEDAwUBAQgKMIS8GgAAAAAEAgAA"}
+00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":921,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685996890,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0TQBAAHUGACA0ccKEwKgBBgG77I3LqgPISlZN3IAS\/\/9gggAAAgQFoAEDAwgBAQQC"}
+00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":922,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685996986,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685996986,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyNAbtKVk3cy6oDyVAQIACBQQAA"}
+00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":923,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":3285032704,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1587041685997296,"pkt":"EBMx8Tl2KDc3AG3ICABFAADbAABAAEAGgXnAqAEGNHHChOyNAbtKVk3cy6oDyVAYIAAs2QAAFgMBAK4BAACqAwNemFWVDIT9d4HngeJpG5mlHm9Rt958WOVPiGzzmIF3agAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAVQAAABgAFgAAE3RlYW1zLm1pY3Jvc29mdC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="}
+01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":923,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685997296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041686008515,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041686008515,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoTQFAAHYG\/yo0ccKEwKgBBgG77I3LqgPJSlZOj1AQCASYigAAAAAAAAAA"}
+01545{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":931,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686010918,"flow_dst_last_pkt_time":1587041686010988,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":6012,"midstream":0,"thread_ts_usec":1587041686010988,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}}}
+00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":945,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686239545,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686239545,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":945,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686239545,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041686239545,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyPAbtgh2e9AAAAALAC\/\/9PlwAAAgQFtAEDAwUBAQgKMIS9EAAAAAAEAgAA"}
+00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":946,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041686288146,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8YwZAAGwGaHQ0ck0hwKgBBgG77I9T9FE0YIdnvqASIADemAAAAgQFoAEDAwgEAggKYR9buzCEvRA="}
+00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":947,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_src_last_pkt_time":1587041686288255,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041686288255,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyPAbtgh2e+U\/RRNYAQEAkdGQAAAQEICjCEvUBhH1u7"}
+00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":948,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":3285032704,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041686288562,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyPAbtgh2e+U\/RRNYAYEAniuwAAAQEICjCEvUBhH1u7FgMBAMkBAADFAwPWvyUszXyGVwTdfXyAsIQo65lWnkpPMHo57lR912BOzSAuDwAAZ8HaIUQ\/TUKOJyzDpeZ2C6OXN9Z66nmD08\/sfwAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
+01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686288562,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+02439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":949,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686339149,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041686339149,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUYwhAAGwGYto0ck0hwKgBBgG77I9T9FbVYIdojIAQBAWA4QAAAQEICmEfW+0whL1ALnNreXBlLmNvbYIQKi5waXBlLnNreXBlLmNvbYIiKi5tb2JpbGUuZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIgbW9iaWxlLmV2ZW50cy5kYXRhLm1pY3Jvc29mdC5jb22CFSouZXZlbnRzLmRhdGEubXNuLmNvbYITZXZlbnRzLmRhdGEubXNuLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFHp7jMHP56DKHNRr+vvhM8MPGqKdMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAUxCmyVHd3H7BNm7xrFDWc0lUKQfFfvZJj7fGm702yYNfNb17H3sDMMybFW0xvlL9Ezzab9UkH29uzppLcvgSPbaskyoVw+2aUUDOWU9BNPXX55faad2R1I6KtC+PfV7YLtmbicvSGz4AqzYw9ZreqUymbtwFHx+mEj1q7bV3EnUB\/tkVGJLU4rtEsbNOyNY0rT1MPRe2qZ6z8OTI\/Ubwew2S+CzQq6NSEinFnoQ24d33L9+Q2VR7IJxgZJZ0JLJRb2EkmyBTG1bJPbFiADdV1t9YSY2ps7oVekv29d\/XDIODAnQFR1IHqlMXtC77TWoRsh1X4rC3iStLm+7YDXNcZ\/4Mj9IuoDmWavbkJCD0d5pvrPILAZtuXahuvQzQtAY2n0vu1+AhHxMbk9e2L2iJYbk++P\/GCSsH0E3MwFuGBx2aD8kcD\/GasOSgJ2hX1PemGbx7\/Y9FGQudVhN6gkjLviiZxZQGDI3hc4aNkSo6HFXMcwVO63+RLd5FmQcXxQ4wQgOa8gPG9Z+WsefaydUjjPdFmpvxlC8L\/\/hy5Vj29oZ7skaSNpSCyBSNkBskAzSt9el50ZVrhM5J4i3BG1jJVGu2oqjlyxlbfhoa6VdObxpgGXjYRrBKCYMJOGSIW1HBsVpPOHiO3HTRTWSc3nsno7KhTt65NB2bdGHaIXFW18cABbgwggW0MIIEnKADAgECAhALarOwPrGp9sRgkmqozf6zMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MjM4WhcNMjQwNTIwMTI1MjM4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCr5etdo2s5nvU0iBK7HVImXX0JC8Z5jqu3Dt8Zst3uD\/bu9FbkRuKSD+JnC+MccaTUQXO0y5kWjr93fbCvHmztcS7DCHdKXpKu7FrQSIHQxemg9XqPHo1e062SwNrGkTUxILk5"}
+01236{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":949,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686339149,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041686339149,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+02281{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":976,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686542441,"flow_dst_last_pkt_time":1587041686541501,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":14115,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041686542441,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":19511.4,"max":52987,"stddev":22191.7,"var":492470496.0,"ent":3.9,"data": [48601,48710,307,51003,89,50699,16,253,253,1686,49778,48144,1391,5,2,50498,49101,4,2,3,37233,37219,5,11525,11515,965,36039,15972,52987,736,111]},"pktlen": {"min":52,"avg":640.9,"max":1492,"stddev":667.9,"var":446080.7,"ent":4.1,"data": [64,60,52,258,1492,1492,64,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,985,52,52,497,52,83,52]},"bins": {"c_to_s": [9,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,1,1,1,0,0,0],"entropies": [4.396777153,5.256567955,4.923395157,6.033491611,7.275527000,7.277948856,5.071470261,4.945419312,7.645617962,4.976373672,5.915142536,5.707202435,4.976374149,7.861220360,7.878036976,7.850315571,5.131024837,7.877380371,7.857055187,7.886486053,7.876827240,5.169486523,7.849795818,7.874622822,5.078045845,7.791067600,5.131024837,5.207948208,7.563468933,5.053297043,5.290699482,4.969671726]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
+00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":979,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686659283,"flow_src_last_pkt_time":1587041686659283,"flow_dst_last_pkt_time":1587041686659283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686659283,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1587041686659283,"flow_dst_last_pkt_time":1587041686659283,"flow_idle_time":200000000,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1587041686659283,"pkt":"\/\/\/\/\/\/\/\/jP5XIzfkCABFAABE9p0AAEAR\/0vAqAFwwKgB\/+EV4RUAME6OU3BvdFVkcDBE2bWZ25IvowABAADKIN8ICP0NzlEBuCwq6R7jWIhweQ=="}
+00902{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":979,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686659283,"flow_src_last_pkt_time":1587041686659283,"flow_dst_last_pkt_time":1587041686659283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686659283,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}}
+00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":982,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686889381,"flow_dst_last_pkt_time":1587041686889381,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686889381,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":982,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1587041686889381,"flow_dst_last_pkt_time":1587041686889381,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041686889381,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR0nAqAEGKH4JQ+yQAbuMpd1iAAAAALAC\/\/\/7KQAAAgQFtAEDAwUBAQgKMIS\/iwAAAAAEAgAA"}
+00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1587041686889381,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041686918390,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PdhAAGwG3XQofglDwKgBBgG77JCDb8\/fjKXdY6ASIAC\/qwAAAgQFoAEDAwgEAggKUkSG7zCEv4s="}
+00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1587041686918473,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041686918473,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR1XAqAEGKH4JQ+yQAbuMpd1jg2\/P4IAQEAn+PwAAAQEICjCEv6dSRIbv"}
+00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":988,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":3285032704,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1587041686919156,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRl\/AqAEGKH4JQ+yQAbuMpd1jg2\/P4IAYEAngnQAAAQEICjCEv6dSRIbvFgMBAPEBAADtAwMbmcXPy8rEyjOH5t3NVXkoUGCRZxMGyIKbY0co\/wunRQAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"}
+01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":988,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686919156,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
+02451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686950659,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041686950659,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPdlAAGwG19sofglDwKgBBgG77JCDb8\/gjKXeWYAQBAUYLAAAAQEIClJEhw4whL+nFgMDETsCAABVAwNemFWW7R35oy+pDouxbKQc3ZxSE0RLhoRWbTV6NPlktSB6OAAARuc6MTC1YmpF4SmrzBdvOs6F07smAuHCwru2ycAwAAANABcAAP8BAAEAAAAAAAsAD40AD4oACcwwggnIMIIHsKADAgECAhN7AAL0+uu8c4DySSOTAAAAAvT6MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMTAeFw0xODA5MjQyMTQ5MzBaFw0yMDA5MjQyMTQ5MzBaMCsxKTAnBgNVBAMTIHN0YW1wMi5sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9uMC7tn8RKm9hx1Q+vclCmv2FS5644lZCwDqwzCYb8L0QUXObmurDTp9z7imH\/68rvf0\/+KpPvZzn8n+A1ECu6H51tc4jh4cund1rKWCEvaClslKP1O5XZfDppym7WFQSIHQp9LXW26FaTqarCYkxKrkm\/lTdJtaXF5\/C7ZRJIFVaL9dmL\/uMiooAbDLhN56zmBjGeB2V01oJAQhD\/q\/lznyyirBK2V2vQ7WyyX4O7R5ox9CbJ7fjHmVfu5B\/IGhKzckLb+kPv4Ou1DFiJ+VjXUg8+HNiqYybm516lzAMR9GTpDm\/EaK\/DoNiRmeP+V6xIxpVOXNmdtJ2yXkhn+AQIDAQABo4IFgjCCBX4wggH1BgorBgEEAdZ5AgQCBIIB5QSCAeEB3wB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZg2YTSEAAAQDAEYwRAIgNf1dCr\/A\/68iTF44ctzG4dfYj5k8kwrcMxb+OAftshACIEOFf1L8DyVWvGmp2q28iEZd5RDO6L\/3eE60TQKPTKibAHcAVhQGmi\/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFmDZhK0AAABAMASDBGAiEA6k0qgGOQ2\/4vWshsmYpY7DSpdiwLlTeFqoSnh81\/2Y4CIQDv1+L779lV6U+goVXZN5Lr8mJnM2dtvY1ZqBBLJZkaOwB1AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABZg2YSsoAAAQDAEYwRAIgWKBW8MG0XWRpOFEy6yhRlkRMXWMvZwn2MMfc6oSrj0gCIBftriorxFHUNkLYAHoFWkhm8hNqcHO+KKiAs49boZzUAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFmDZhLTgAABAMARzBFAiAA3dU0fJfG9tq5Rc4+sUUH+XraMuPYSatYD6LC\/2\/zTAIhAJWqprUivm3Ca3RKEfcrJtar2nlcdcqed0u5OIHS\/4PYMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAxLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUiTQV2m224F\/j"}
+01754{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":995,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686950934,"flow_dst_last_pkt_time":1587041686950999,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":4416,"midstream":0,"thread_ts_usec":1587041686950999,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","tls": {"version":"TLSv1.2","server_names":"login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"678aeaf909676262acfb913ccb78a126","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=stamp2.login.microsoftonline.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63"}}}
+00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1010,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687245112,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687245112,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687245112,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041687245112,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyRAbt4yq\/kAAAAALAC\/\/\/rWgAAAgQFtAEDAwUBAQgKMITA4AAAAAAEAgAA"}
+00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1014,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687293530,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8EaVAAGwGudU0ck0hwKgBBgG77JHMBk4keMqv5aASIADnTgAAAgQFoAEDAwgEAggKYPR58TCEwOA="}
+00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687293639,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687293639,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyRAbt4yq\/lzAZOJYAQEAkl0AAAAQEICjCEwQ9g9Hnx"}
+00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687294098,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":3285032704,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041687294098,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyRAbt4yq\/lzAZOJYAYEAmZKwAAAQEICjCEwQ9g9HnxFgMBAMkBAADFAwOyv9PSQv\/SmdcPkRjuFnJs95jqk9PvclXpwloDxRoWsCDkPAAAKbM0d7f12FXyaEAA7qD+P9kwtx+HS3tAUpaW7wAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
+01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1016,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687294098,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687294098,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1017,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687370480,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1017,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1587041687370480,"pkt":"EBMx8Tl2KDc3AG3ICABFAABF06EAAP8RZK7AqAEGwKgBAdM1ADUAMUK+cAQBAAABAAAAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAE="}
+01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1017,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687370480,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.microsoftstream.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1587041687382278,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":3285032704,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041687382278,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyRAbt4yq\/lzAZOJYAYEAmY0wAAAQEICjCEwWdg9HnxFgMBAMkBAADFAwOyv9PSQv\/SmdcPkRjuFnJs95jqk9PvclXpwloDxRoWsCDkPAAAKbM0d7f12FXyaEAA7qD+P9kwtx+HS3tAUpaW7wAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
+00859{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1020,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687427043,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041687427043,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzETBAAEARZ+HAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAJGRMVEAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
+00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687435320,"flow_idle_time":200000000,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1587041687435320,"pkt":"KDc3AG3IEBMx8Tl2CABFAAD6rblAADkRD+LAqAEBwKgBBgA10zUA5gAAcASBgAABAAYAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAHADAAFAAEAAAe+AB8DYXBpBnN0cmVhbQ50cmFmZmljbWFuYWdlcgNuZXQAwDUABQABAAAAPAAJBmV1d2UtMcAMwGAABQABAAAEVQANCmV1d2UtMS1hcGnAQMB1AAUAAQAAACkACwhldXdlLTEtMcAMwI4ABQABAAAAwQApHWFtcy1ldXdlLTEtaG9zLWFwaWdhdGV3YXktMS0xCGNsb3VkYXBwwE\/ApQABAAEAAAANAARoKLuX"}
+01060{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1022,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687435320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1587041687435320,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.microsoftstream.com","dns": {"num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.40.187.151"}}}
+00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1023,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687436782,"flow_dst_last_pkt_time":1587041687436782,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687436782,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1023,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687436782,"flow_dst_last_pkt_time":1587041687436782,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041687436782,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGVUrAqAEGaCi7l+ySAbtvi5oIAAAAALAC\/\/9njAAAAgQFtAEDAwUBAQgKMITBnAAAAAAEAgAA"}
+00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1024,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687436782,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687466298,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8OsBAAGwG7o1oKLuXwKgBBgG77JKBluUGb4uaCaASIADVGwAAAgQFoAEDAwgEAggKAbkbHzCEwZw="}
+00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1025,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687466398,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687466398,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVVbAqAEGaCi7l+ySAbtvi5oJgZblB4AQEAkTrwAAAQEICjCEwbkBuRsf"}
+00796{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":3285032704,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_usec":1587041687466635,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEKAABAAEAGVIDAqAEGaCi7l+ySAbtvi5oJgZblB4AYEAl2MwAAAQEICjCEwbkBuRsfFgMBANEBAADNAwNcYEYY9r+P9DTmk4+ghvjGxbgXLamZQ7BCvuLi0gzQzQAAHMrKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACI2toAAP8BAAEAAAAAHAAaAAAXYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAgqKgAdABcAGAAbAAMCAAIaGgABAA=="}
+01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1026,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687466635,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+02445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687512045,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041687512045,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUOsFAAGwG6PRoKLuXwKgBBgG77JKBluUHb4ua34AQBAUPSwAAAQEICgG5Gz4whMG5FgMDF2ACAABeAwNemFWXWoznNEDG0nqSFdxS15urfQPAW1Ki15lKX+AAtiAKRAAA667wWoqa+vDiRfvp7swmXkbxWCktv+PyIN9JCMAwAAAWAAUAAAAQAAUAAwJoMgAXAAD\/AQABAAsADpsADpgACNowggjWMIIGvqADAgECAhMtAAcUzkF9hlrqvm6yAAAABxTOMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA3MTYwMDAyMzBaFw0yMTA3MTYwMDAyMzBaMCQxIjAgBgNVBAMMGSouYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYCLN53Kexlrvsr+3rXZR74UHw5zlzegNiM6ErPRT\/txn4iFY2zFTqC+sWY7W7Oz4G1tsBCxRCqDiWTxn5SoBhxDmnlpMqOtTTpv5IM4kd\/8Guw\/818ANBFltXQet6T9XZsisGK5x9lUCYcHW8ynBG3v5uNf0Z6m2VB67+wzZ2C3iG0UAM447HUmbA40yblclmVBneenfOna+w64hv1nSyt5YNMGiattt3RBLqQ25FUDZwDSm6\/Xrxs5bFSfj0HMxAb5EpzZ2SxfSP+UgsmRV0Oq\/HfZsAL9LwqbT3aESBPoyba7n926l2qjVJiyrcjkPpm+NqXC8ligQT0pRVDCcpAgMBAAGjggSXMIIEkzCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFr+B+sPAAABAMARjBEAiBx6hq9wYK8lGTp3u5E7AFX+BkbRLRZ5Lup8OuEt\/B0tQIgGypwFVlROzmTzUQqtoWQp2MHW1EriZKLwX2GVgWat5wAdgBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWv4H61YAAAEAwBHMEUCIBBA4jXntmRWzvCXbsrMW4W1hyQue\/vS7Ncn0z5ewGEwAiEAln3ydSWKxMs1mek8BuU+Pp\/Ar72loNB67Ntve4Q85KAAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWv4H62XAAAEAwBHMEUCIQDLjQfYXTzdnrjIDBYNPqxZrBUDuC2VVPJNvuwXJuHkoAIgHkqG2mwJ4b5UFgxZl8\/iCIL8mYENQc4ZRdEfVujQdbMAdgBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWv4H6xWAAAEAwBHMEUCIDM4gWIHlpsWZA++c4q0XblHDWvH710R4c4I0Xek5jDJAiEAoovM291ZXguFtfeLFlqPtsBXmuKsHbLob14668lLPKIwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBRaFtJxTHeO"}
+01755{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1047,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687544052,"flow_dst_last_pkt_time":1587041687544137,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":412,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041687544137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
+02127{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1079,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041687725655,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":18634.2,"max":125561,"stddev":31723.1,"var":1006353792.0,"ent":3.4,"data": [29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561]},"pktlen": {"min":52,"avg":345.2,"max":1492,"stddev":499.9,"var":249913.2,"ent":3.9,"data": [64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52]},"bins": {"c_to_s": [12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0],"s_to_c": [2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0],"entropies": [4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687731296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1587041687731296,"pkt":"EBMx8Tl2KDc3AG3ICABFAABM83AAAP8RRNjAqAEGwKgBAfUPADUAOAAFY+UBAAABAAAAAAAABmV1bm8tMQNhcGkPbWljcm9zb2Z0c3RyZWFtA2NvbQAAAQAB"}
+01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1080,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687731296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"euno-1.api.microsoftstream.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1081,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687745080,"flow_idle_time":200000000,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_usec":1587041687745080,"pkt":"KDc3AG3IEBMx8Tl2CABFAADTPBBAADkRgbLAqAEBwKgBBgA19Q8AvwAAY+WBgAABAAQAAAAABmV1bm8tMQNhcGkPbWljcm9zb2Z0c3RyZWFtA2NvbQAAAQABwAwABQABAAAGxQAfCmV1bm8tMS1hcGkOdHJhZmZpY21hbmFnZXIDbmV0AMA8AAUAAQAAABUACwhldW5vLTEtMcATwGcABQABAAAAOgApHWFtcy1ldW5vLTEtaG9zLWFwaWdhdGV3YXktMS0xCGNsb3VkYXBwwFbAfgABAAEAAAAVAAQ0qbp3"}
+01067{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1081,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687745080,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1587041687745080,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"euno-1.api.microsoftstream.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.169.186.119"}}}
+00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1082,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687745932,"flow_dst_last_pkt_time":1587041687745932,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687745932,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1082,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687745932,"flow_dst_last_pkt_time":1587041687745932,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041687745932,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGienAqAEGNKm6d+yTAbth0wzHAAAAALAC\/\/81+QAAAgQFtAEDAwUBAQgKMITCxwAAAAAEAgAA"}
+01965{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1085,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687718851,"flow_dst_last_pkt_time":1587041687768506,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":17623,"flow_dst_tot_l4_payload_len":4254,"midstream":0,"thread_ts_usec":1587041687768506,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":32165.6,"max":161774,"stddev":44327.4,"var":1964919296.0,"ent":3.6,"data": [48418,48527,459,88180,136486,113743,249,161774,129,117,1072,74551,73518,1076,4,2,50124,49022,3,3,12,48400,48413,4,15,2,1599,1536,46881,1065,1749]},"pktlen": {"min":52,"avg":736.7,"max":1492,"stddev":694.0,"var":481656.1,"ent":4.2,"data": [64,60,52,258,258,64,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480,1480,52,1462,52,52,52]},"bins": {"c_to_s": [5,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0],"s_to_c": [8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,0,1,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,1,1,1],"entropies": [4.396777153,5.256567478,4.923395157,5.966666698,5.971492767,5.091578960,7.290405750,7.275161743,4.961856842,7.668800354,5.000318527,6.002202988,5.583368301,4.961856842,7.860765934,7.857263088,7.894361019,5.193430901,7.864349842,7.853641510,7.869278908,7.874048233,5.054101944,7.853607655,7.866478443,7.865472317,7.878810406,5.154969692,7.853725433,5.193431377,5.154969692,5.154969692]}}
+01760{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1085,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687718851,"flow_dst_last_pkt_time":1587041687768506,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":17623,"flow_dst_tot_l4_payload_len":4254,"midstream":0,"thread_ts_usec":1587041687768506,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
+00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1086,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687745932,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687789261,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GLFAAGwGRTw0qbp3wKgBBgG77JMQ1B2QYdMMyKASIACACgAAAgQFoAEDAwgEAggKASJ3bTCEwsc="}
+00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687789367,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687789367,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGifXAqAEGNKm6d+yTAbth0wzIENQdkYAQEAm+kQAAAQEICjCEwvABIndt"}
+00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":3285032704,"pkt_caplen":287,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":287,"pkt_l4_len":253,"thread_ts_usec":1587041687789561,"pkt":"EBMx8Tl2KDc3AG3ICABFAAERAABAAEAGiRjAqAEGNKm6d+yTAbth0wzIENQdkYAYEAmMqgAAAQEICjCEwvABIndtFgMBANgBAADUAwN1hCAWlzZVXD7TCb6igB3LJP9WVkluJUaJIbsmWjvyJAAAHCoqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACP6uoAAP8BAAEAAAAAIwAhAAAeZXVuby0xLmFwaS5taWNyb3NvZnRzdHJlYW0uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAI2toAHQAXABgAGwADAgACOjoAAQA="}
+01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1088,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687789561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"euno-1.api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+02455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687835274,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041687835274,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGLJAAGwGP6M0qbp3wKgBBgG77JMQ1B2RYdMNpYAQBAV+GwAAAQEICgEid5owhMLwFgMDF2ICAABeAwNemFWXh6zC4\/H\/NtqCN0bOMCauIHEB+mzTfOs8euglHiDdOQAAbpqWXnIoaFoz5CwjBIm\/uwJeUgS1lb4+XjBSWMAwAAAWAAUAAAAQAAUAAwJoMgAXAAD\/AQABAAsADp0ADpoACNwwggjYMIIGwKADAgECAhMWAAXWDX37jaDzNM+RAAAABdYNMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDAeFw0xOTA3MTYwMDAyMzVaFw0yMTA3MTYwMDAyMzVaMCQxIjAgBgNVBAMMGSouYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3WyrqhMwneHn3ldwh\/L7UvhOaeyJEw9wAAoXcE2xoCmqN4VQ5dbEJYH2mvnyhH\/q6XQPMuv5SvOYFeFvBsXU42c+cX\/k7ETSWOHymPaiIe9DTakXAw15b1zeAID1a\/qtYq5SKoRqlJOmhP2W2Kj0sGRH9wfU0k6ZKAWCfTCOD3TUKn+kY2\/mFqcxx163RyO5fuue9HjLSPUcK\/XG71pH60ASR2HaDJ53frCURseRASs3N8sp\/lXPNSJpmTy7XzZlvWnjNXBXoGazR\/Ok20dcDNsKQLrS\/5IQoN1eesCyt1n77jwW\/wlDvDN1w4lyx8ZJ\/cWIxkLDRUfkhCN5r674PAgMBAAGjggSZMIIElTCCAfcGCisGAQQB1nkCBAIEggHnBIIB4wHhAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFr+B+\/gwAABAMARjBEAiBFAIuj2Tc26ezbEtOORf3erX84s94DFwS362RUQnwe7QIgOIGvV6+3NbZm4ZuetunBQ10P6vIaYP3f6rBpFmv0R+kAdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWv4H7+HAAAEAwBIMEYCIQDNJZUV9kVpum734SuFZbu\/+8d+lBfpKXnRWlVnv4VBQAIhAOB8l0UtbGxz+O5oUYg0D5KcrYbc2wZN7ZDiNmBXUAj6AHYAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFr+B\/ArgAABAMARzBFAiEAuBvGi+GOETS1WKJJY5hLjgoB7c051zHr2NZg0TjxMOsCIDxZ4sYqPPwpfAkKARkELM5\/901w8Rli7y0l6JyGidHOAHcAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFr+B+\/jQAABAMASDBGAiEA+MKOXA0Ondu3DQFnrt75yf8KubCg3tehYpwWY4vXmlsCIQD\/nRJiTBIbc8ubEEHt73izO3Lpmnq\/6a3pOruDbMUQaDAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF9OtggV2E0t9CgueTegIBZAIBHTCBhQYIKwYBBQUHAQEEeTB3MFEGCCsGAQUFBzAChkVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcnQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLm1zb2NzcC5jb20wHQYDVR0OBBYEFBqManmr"}
+00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1138,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041690880711,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690880711,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690880711,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690880711,"flow_idle_time":200000000,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1587041690880711,"pkt":"EBMx8Tl2KDc3AG3ICABFAABSJv0AAP8REUbAqAEGwKgBAfm6ADUAPoc2eGoBAAABAAAAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQAB"}
+01062{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1138,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041690880711,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690880711,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690880711,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"dc.applicationinsights.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1139,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690915102,"flow_idle_time":200000000,"pkt_caplen":301,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":301,"pkt_l4_len":267,"thread_ts_usec":1587041690915102,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEfVLxAADkRaLrAqAEBwKgBBgA1+boBCwAAeGqBgAABAAUAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQABwAwABQABAAAACgAuHWFwcGxpY2F0aW9uaW5zaWdodHNfaW5nZXN0aW9uB21vbml0b3IFYXp1cmXALcBCAAUAAQAAAJEALB1hcHBsaWNhdGlvbmluc2lnaHRzX2luZ2VzdGlvbgtwcml2YXRlbGlua8BgwHwABQABAAAAXwAXAmRjDnRyYWZmaWNtYW5hZ2VyA25ldADAtAAFAAEAAAAeABwQY2ZyLWJyZWV6aWVzdC1pbghjbG91ZGFwcMDGwNcAAQABAAAABwAEKE+KKQ=="}
+01079{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1139,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041690880711,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690915102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":259,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":259,"midstream":0,"thread_ts_usec":1587041690915102,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"dc.applicationinsights.microsoft.com","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.79.138.41"}}}
+00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1140,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041690916341,"flow_dst_last_pkt_time":1587041690916341,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690916341,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1140,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1587041690916341,"flow_dst_last_pkt_time":1587041690916341,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041690916341,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxpHAqAEGKE+KKeyUAbup7MP+AAAAALAC\/\/9nAwAAAgQFtAEDAwUBAQgKMITPEwAAAAAEAgAA"}
+00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1141,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1587041690916341,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041690946470,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GwdAAG4GfY4oT4opwKgBBgG77JSCI5UvqezD\/6ASIAArFwAAAgQFoAEDAwgEAggKUvjCpTCEzxM="}
+00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1587041690946579,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041690946579,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyUAbup7MP\/giOVMIAQEAlpqQAAAQEICjCEzzFS+MKl"}
+00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1143,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":3285032704,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"thread_ts_usec":1587041690946965,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEjAABAAEAGxa7AqAEGKE+KKeyUAbup7MP\/giOVMIAYEAnoKAAAAQEICjCEzzFS+MKlFgMBAOoBAADmAwMbIQaP+rFGCYsreMCv9lvxK9Aj9uBCbNOtF1CHIeISyAAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACV\/wEAAQAAAAAXABUAABJnYXRlLmhvY2tleWFwcC5uZXQAFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACgAIAB0AFwAYABk="}
+01128{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1143,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690946965,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
+02431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1144,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690980253,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041690980253,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGwlAAG4Gd\/QoT4opwKgBBgG77JSCI5rQqezE7oAQBAU0IQAAAQEIClL4wsUwhM8xdGlvbmluc2lnaHRzLmF6dXJlLmNvbYISZ2F0ZS5ob2NrZXlhcHAubmV0ghVkYy50cmFmZmljbWFuYWdlci5uZXSCH2F1c3NlLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHmJyenMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2NhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWNmci1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1jaW4tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2tvLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWN1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh9jdXMwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1lYXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdZWF1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWVqcC1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1ldXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDItYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDQtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDUtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIeZXVzMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5uY3VzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHW5ldS1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5zYWZuLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHnNjdXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdc2VhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXN1ay1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1zd24tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdd2V1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXd1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh53dXMyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCIHd1czIwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0MIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAJWTZzx1MK5GdVXHHDNo4UfZmpqNSZyuP+i0NBu9AKrV3sQoq5pmeYJ7vP+oV2p39mLTb2oqM52AGvlnpmoTNJwN7XVFBPYI8jrT6ZwWv1hAZa"}
+01142{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1144,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690980253,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041690980253,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
+00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1159,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041691075869,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691075869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691075869,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691075869,"flow_idle_time":200000000,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1587041691075869,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZLy0AAP8RCQ\/AqAEGwKgBAfWPADUARdrUdPIBAAABAAAAAAAABGVtZWECbmcDbXNnDHRlYW1zLW1zZ2FwaQ50cmFmZmljbWFuYWdlcgNuZXQAAAEAAQ=="}
+01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1159,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041691075869,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691075869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691075869,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"emea.ng.msg.teams-msgapi.trafficmanager.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1162,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691148968,"flow_idle_time":200000000,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1587041691148968,"pkt":"KDc3AG3IEBMx8Tl2CABFAACQrGdAADkREZ7AqAEBwKgBBgA19Y8AfAAAdPKBgAABAAIAAAAABGVtZWECbmcDbXNnDHRlYW1zLW1zZ2FwaQ50cmFmZmljbWFuYWdlcgNuZXQAAAEAAcAMAAUAAQAAADwAGw9tc2dhcGktcHJvZC1zZnIIY2xvdWRhcHDANMBJAAEAAQAAAAoABDRybAg="}
+01082{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1162,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041691075869,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691148968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":116,"midstream":0,"thread_ts_usec":1587041691148968,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"emea.ng.msg.teams-msgapi.trafficmanager.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.108.8"}}}
+00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1163,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691149774,"flow_dst_last_pkt_time":1587041691149774,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691149774,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1163,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1587041691149774,"flow_dst_last_pkt_time":1587041691149774,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041691149774,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG2I\/AqAEGNHJsCOyVAbumbhw9AAAAALAC\/\/8jXgAAAgQFtAEDAwUBAQgKMITP9QAAAAAEAgAA"}
+00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1164,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1587041691149774,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041691168973,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PCRAAHEGa280cmwIwKgBBgG77JWud4Fgpm4cPqASIABnNAAAAgQFoAEDAwgEAggKUqoqrDCEz\/U="}
+00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1165,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_src_last_pkt_time":1587041691169076,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041691169076,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2JvAqAEGNHJsCOyVAbumbhw+rneBYYAQEAml0QAAAQEICjCE0AhSqiqs"}
+00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1166,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":3285032704,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"thread_ts_usec":1587041691169247,"pkt":"EBMx8Tl2KDc3AG3ICABFAAESAABAAEAG173AqAEGNHJsCOyVAbumbhw+rneBYYAYEAkjHAAAAQEICjCE0AhSqiqsFgMBANkBAADVAwNwlpHiXHB3s5dLKatTLHHCd3zPHP62TkNPLWHwExyS1QAAHAoKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACQysoAAP8BAAEAAAAAJAAiAAAfZW1lYS5uZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACMrKAB0AFwAYABsAAwIAAhoaAAEA"}
+01126{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1166,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691169247,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+02444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1167,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":5,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691190981,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041691190981,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPCZAAHEGZdU0cmwIwKgBBgG77JWud4cBpm4dHIAQBAU1egAAAQEIClKqKsEwhNAIOSG3N+pypQO63Wiq+lXA9TALBgNVHQ8EBAMCBLAwgdYGA1UdEQSBzjCBy4IabXNnYXBpLnRlYW1zLm1pY3Jvc29mdC5jb22CHCoubXNnYXBpLnRlYW1zLm1pY3Jvc29mdC5jb22CIHBnLm1zZy5pbmZyYS50ZWFtcy5taWNyb3NvZnQuY29tgiIqLnBnLm1zZy5pbmZyYS50ZWFtcy5taWNyb3NvZnQuY29tghpuZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbYIcKi5uZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbYIPKi5tc2cuc2t5cGUuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAL6k2g2YNYubaMQKNE1HOCJsRU+ocKgoaCUntNxasdyLm3sRjtpRjulwsmHOrGDRgisqGVKYPLOcPDYZIMeHJRyVC9lP7rDFU4mwEdob9bYoVAdPJ2aPEkM0RXDf2sxO3K11UvhIdAETfgAyN9OClLnbVRlD+uqcSQfdbt9NgeCozGT3uA8rW\/bT\/D+YBI2NyvjucwOF4fAmlb69iaENpHzKyKPP3gChGWXwPlsCAHcWT5DWYPJpL\/3DLl81bF7tO5zY3zxJMB1OeVgvUKXeAS+CwfpLrKG0C\/eU6XUXAM17Wou3AdZL8ESxq7zdQlPlfLXcrxTWn\/9yqOyE2Dy4v0AC0DldAOOVuaP1Qw\/jkncKrZHy6CBjd4i6SlAvV9SXMMji3v+3tCPq3NDcYwEwIaLF7pK3asugmSWv+kUpt0b\/7nszZggDVjiXOaXQXGxlI76wm\/oQiScQLHdORY8mAIDxrFvAZJI7K5Yvpy\/uFT0TJ1pbtUzx0WkkWUFI1ibsaySDvxZ5PLRRf\/b+CTj2DeuAhuHN0bB0Jvlf\/geQ+McX36gP8ZJv4hZskP2p2eU4LlDvKZxVbJkUfzIhrbjoxfdlKOwkktqzdS57vVoeibk02\/OS8fdv79ZBLOsYxfdKaSWNDVEN1Q82426XhaggJ7kscl3nnmFp\/\/6iCwQwe+4wAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC"}
+01140{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1167,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691190981,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041691190981,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+02148{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1195,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691305451,"flow_dst_last_pkt_time":1587041691582252,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":994,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2028,"flow_dst_tot_l4_payload_len":8121,"midstream":0,"thread_ts_usec":1587041691582252,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":18972.7,"max":276869,"stddev":49493.9,"var":2449644032.0,"ent":2.9,"data": [19199,19302,171,22008,34,21827,18,184,203,246,14,193,1070,12295,280,19893,29,6313,3,603,11971,11399,1472,1415,54998,62106,42,25528,33,18437,276869]},"pktlen": {"min":52,"avg":370.2,"max":1492,"stddev":512.1,"var":262257.7,"ent":3.9,"data": [64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335]},"bins": {"c_to_s": [11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1],"entropies": [4.396777153,5.256567478,4.923395634,5.577177048,7.100010395,7.346216679,4.975505829,4.976374149,7.520713806,4.854287148,7.591184139,7.492725372,4.937912464,6.281796932,6.325607300,7.565563679,5.628156662,5.942033768,4.976374149,4.937912464,5.421134472,5.660066128,5.014835358,7.536164761,4.976373672,5.169486523,7.784315586,6.192806721,5.169486523,5.596017838,5.014835358,7.848025322]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+02149{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1208,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682938651,"flow_dst_last_pkt_time":1587041692001418,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1060,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2113,"flow_dst_tot_l4_payload_len":7396,"midstream":0,"thread_ts_usec":1587041692001418,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":328636.7,"max":8978171,"stddev":1582353.1,"var":2503841415168.0,"ent":0.8,"data": [47150,47228,506,44398,29,43913,16,46,186,124,2,213,4,4433,9743,291,46519,32116,477,409,98,18910,1378,20235,62883,403234,424977,8978171,32,9,7]},"pktlen": {"min":40,"avg":339.2,"max":1492,"stddev":486.1,"var":236250.5,"ent":3.9,"data": [64,52,40,276,1492,1492,52,40,40,1492,1492,309,40,40,198,133,568,91,40,109,40,78,46,409,40,46,1100,46,411,415,86,78]},"bins": {"c_to_s": [10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1],"entropies": [4.334277153,4.946223736,4.571928501,5.576080799,7.377434731,7.334023952,4.748329639,4.630640984,4.571928501,7.530410290,7.590536594,7.109602451,4.680641174,4.630641460,6.484649181,6.111595631,7.563093662,5.442209721,4.630641460,5.902398109,4.630641460,5.214766979,4.462505341,7.402733803,4.680641174,4.505983353,7.828750610,4.609350681,7.428915024,7.453095436,5.564571857,5.463537216]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+00859{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1215,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1587041692419649,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041692419649,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzETFAAEARZ+DAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAPmTDokAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
+00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1216,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692528594,"flow_dst_last_pkt_time":1587041692528594,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041692528594,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1216,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1587041692528594,"flow_dst_last_pkt_time":1587041692528594,"flow_idle_time":3285032704,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1587041692528594,"pkt":"KDc3AG3IEBMx8Tl2CABFAACscMtAADIGTDyXCzKLwKgBBgiu1d6yibcLw8sjj4AYAfWSMAAAAQEICnMgXuAwhCbwdBDZH1X2LNSHenV0XPT5UOuNQPq3DAtDODIIsZ4L3xE8W9ceOtMh\/taRn1i3oYCG\/lk5DiXu3JH7RFT8gb0ANFHp9LfVVHPD+A0sB0\/WJaUdO\/QQPvH9sYa9nCylNS5SUfWnuhHHtKPL+2Ql1DSrQI\/KjFfe6Sr3"}
+00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1217,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_src_last_pkt_time":1587041692528594,"flow_dst_last_pkt_time":1587041692528684,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692528684,"pkt":"EBMx8Tl2KDc3AG3ICABFSAA0AABAAEAGrzfAqAEGlwsyi9XeCK7DyyOPsom3g4AQD\/zTvAAAAQEICjCE1UVzIF7g"}
+00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_src_last_pkt_time":1587041692528594,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":3285032704,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1587041692528752,"pkt":"EBMx8Tl2KDc3AG3ICABFSAB8AABAAEAGru\/AqAEGlwsyi9XeCK7DyyOPsom3g4AYEADukgAAAQEICjCE1UVzIF7g5AplDBJ5jEkO1U2Mpra9\/PbG6UC\/FVXGQ5pEnr4zSbP3LnLXhdyZOGgH9qsJLTZHLgDXKr5t+q9K3Mvbm5JFapBhK16BH5zD"}
+00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1219,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":4,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692578366,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0cMxAADIGTLOXCzKLwKgBBgiu1d6yibeDw8sj14AQAfXhSgAAAQEICnMgXxEwhNVF"}
+00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1221,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692808980,"flow_dst_last_pkt_time":1587041692808980,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041692808980,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1221,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1587041692808980,"flow_dst_last_pkt_time":1587041692808980,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041692808980,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+gHAqAEGp2PXpOyWEVIVrX6QAAAAALAC\/\/9dQAAAAgQFtAEDAwUBAQgKMITWWwAAAAAEAgAA"}
+00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1587041692808980,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041692880898,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7JY0lYWJFa1+kaAS\/ohhIwAAAgQFrAQCCAoTeUD2MITWWwEDAwc="}
+00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_src_last_pkt_time":1587041692880999,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692880999,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyWEVIVrX6RNJWFioAQECx9\/QAAAQEICjCE1qITeUD2"}
+01203{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":3285032704,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1587041692881339,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG+AjAqAEGp2PXpOyWEVIVrX6RNJWFioAYECynDgAAAQEICjCE1qITeUD2FgMBAgABAAH8AwNIwmNvYpaxx4YaNkM5UOMBu+\/rhWm5ROKLkUQ+n9+bqCDe8bvsDQaKZ\/SHTClTSUEpcKfm8tnRcB\/XxmDM4wjf0gByEwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAK0Aq8yuzK3MrACdAKnMqwCsAKoAnACoAD0APMA4wDYAtwCzAJUAkQA1AK8AjcA3wDUAtgCyAJQAkAAvAK4AjAD\/AQABQQAAABIAEAAADWRhdGkubnRvcC5vcmcACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgqeitnlzPDiYBqjP3nyoLl6FANLUWPuCFiHYla5PeYScAFQB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
+01292{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041692881339,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1225,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":5,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692951911,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692951911,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HBJAADQG6funY9ekwKgBBhFS7JY0lYWKFa2AloAQAfqJ4wAAAQEIChN5QT0whNai"}
+01380{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1226,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692953141,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041692953141,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1235,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693428391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":977,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":977,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":977,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693428391,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+01801{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693428391,"flow_idle_time":200000000,"pkt_caplen":1019,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1019,"pkt_l4_len":985,"thread_ts_usec":1587041693428391,"pkt":"EBMx8Tl2KDc3AG3ICABFAAPt48gAAEART4\/AqAEGNHJNiMnhDZYD2eNwBl3+t6o2WT+OKw\/oTFMopoursiGTBsvvLvg3wuBfZT1pBB1vO2396s1T+U1VujmCqj4L5tMtU2F\/1TQzFXSUlw7M8VMfNQQRkYM68GVjRmInITISf9xExqdFNNQs5RQE95Yd7wUQ0WB34xO5EY6WIo8x\/N\/uDXPR3dWPSffY9Pjxt3AuIhSE\/33TPi9IZfwvBkn0Ytl+OD1doGxH0KzkYpDzBS9hB1dBsT+zr8uYQ4OitShMofb6WewMwiNNfNExsV6iWN3hyOrqzEPoHJ8xMa7bW1q9BLkbd5BDoIOv\/MoJUwfM2rHFjSZuGzr\/wQ6fSJlA+ga+XWQ5cCOxemM862mQg5uhFhBag2VuzDKpysLY0ZCqnKz91R2yhrxoXReoN9yIxCUIquc7SAW\/92cRId8y07O6L1X8x\/aDl3FC0Al6caV7h\/r8ddpLTlDH6yLNlYfOWE7QuJLs4lty891N9hHky+P7SbB6VN0+eXLlpdIKbixmAmCZ1p6\/DFecrkQrfBusU7fCQ0m5UtC7A9xyYw8qrbidfp8KJduef6Xu3BA4D0YD6FFqNyrfEvkjpJ+3rNXlm\/vqN6+pA7Pyjrxbc8hNlLHZHBWyirKyjtN28dUXzlP+LsRPGNdQvqJFK3pV96V25LmYF5yiAGBc2dVjL3CV3I8BZIc1iv9PSXq8u5cmF3NAvFW+ejj0aUJys0KqSuB+SsBchm0XJNdD1T31o3cnzHzdRkPqsYgQxN+TMH4xz2ipnYwRm5mpiVbDbtght4DZhZkINSjZm+P+w6KJ1sJkRZyTcItShxjipY0pc0YcI\/iPO8Kihnfm0h7aZYr8JbNTXfrRfggxMyqgTWxlobhHKsiboGB5nz9mqNXgN5f2w6aCT8Ygr4J\/d\/M8CNiCRT+CKMTqRpDBqIcnsL3KBgSmI2li51fHmCYLknW2Aw3F82bIDyzOvtteFfeZxum8+GIS5JvJh64JDL9hUaT9FEJ6txlWLszG+bg1use4IiVMiF2jfKWFA1eFZRDjiQXrMStv0vPT1Ma73OvVsZAHSptss39ti+ltbCNxC0S+MDiB1jQrFVUZ5nHLM44PsanYQ\/0cpyVO6zbbzjzXTUfs+tAIMkUNPFZtCs1rFpKhkI3NcGs+yvSb4SV1GxhoDHVRpRNuKqFbFinCHp\/37lAaE9HGUTnfhxGhnCIfOfHIUUAT3eHul9H3b0Z8OnLYIK1ZDLQGkd0pzOUxUVHtQtXMulhXsHz7fr\/A21yG\/8b8NgTEX+gU6e+h1l0XisCpHYMfVCMz3mHn3ia\/HdLRjG51YnI="}
+00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693474528,"flow_idle_time":200000000,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1587041693474528,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJIAAGwR1nE0ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="}
+00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693475613,"flow_idle_time":200000000,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":1587041693475613,"pkt":"KDc3AG3IEBMx8Tl2CABFAADdNJMAAGwR1dQ0ck2IwKgBBg2WyeEAyV65B51cqyKYlOqfHC4eUj71t0+3OzD2kNc2OfFPQNt7fwvuOZltdCnrcr0l94iSgE3VeMj4bdDb+vZ+CObqTNO+QGlUnkV8bcknbNvGUx42nvxp8mhw\/srnkVApKnhDe\/uy29skE82ON2NOubAQd6VBKyo6DT6MaE1A1qjybrSe5XwDrj8OJ1EA\/FUFx\/b063Ar395Oi1sw+DBTZ16KUXaymVRCSFNXRrfz6yWlsSmdtxTLQfpVrW5dlejTUGgaSVxvSg=="}
+00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1238,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693515047,"pkt":"EBMx8Tl2KDc3AG3ICABFAABg5p0AAEARo1PAqAEGNHL6e8NgDZYATAKlAAMAMCESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
+00992{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1238,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}}
+00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1239,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693516414,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693516414,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693516414,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693516414,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NiAbvwxDFFAAAAALAC\/\/9VoQAAAgQFtAEDAwUBAQgKMITZEwAAAAAEAgAA"}
+00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1240,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693517336,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693517336,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693517336,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693517336,"flow_idle_time":200000000,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1587041693517336,"pkt":"EBMx8Tl2KDc3AG3ICABFAABfDxsAAP8RKRvAqAEGwKgBAdnVADUASzsZd8IBAAABAAAAAAAAEmItdHItdGVhbXMtZXVuby0wNQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AABwAAQ=="}
+01078{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1240,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693517336,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693517336,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693517336,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Azure","proto_id":"5.276","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"b-tr-teams-euno-05.northeurope.cloudapp.azure.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1241,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693530810,"flow_idle_time":200000000,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_usec":1587041693530810,"pkt":"KDc3AG3IEBMx8Tl2CABFAACrU5xAADkRak7AqAEBwKgBBgA12dUAlwAAd8KBgAABAAAAAQAAEmItdHItdGVhbXMtZXVuby0wNQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AABwAAcAfAAYAAQAAAAUAQARwcmQxDmF6dXJlZG5zLWNsb3VkA25ldAAGbXNuaHN0CW1pY3Jvc29mdMA6AAAnEQAAA4QAAAEsAAk6gAAAADw="}
+01090{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1241,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041693517336,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693530810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":143,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1587041693530810,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Azure","proto_id":"5.276","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"b-tr-teams-euno-05.northeurope.cloudapp.azure.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1242,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693561382,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZBAAGwGgJc0cvp7wKgBBgG7w2KOQNor8MQxRoAS\/\/8u4wAAAgQFoAEDAwgBAQQC"}
+00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693561493,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693561493,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NiAbvwxDFGjkDaLFAQIABPogAA"}
+00747{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1244,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":3285032704,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1587041693561676,"pkt":"EBMx8Tl2KDc3AG3ICABFAADjAABAAEAGSXnAqAEGNHL6e8NiAbvwxDFGjkDaLFAYIADs+gAAFgMBALYBAACyAwNemFWdM\/wbLFSI3dPgZpkO7ysDE3\/GJlDQM9ZmaeyX\/AAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXQAAACAAHgAAG2V1YXoudHIudGVhbXMubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="}
+01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1244,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693561676,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1245,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693572678,"flow_idle_time":200000000,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693572678,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJQAAGwR4OU0cvp7wKgBBg2Ww2AAw6emARMApyESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAh\/IMTdT4SN+oAgAAgAAcHVcadqCg=="}
+00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1246,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693576546,"flow_idle_time":200000000,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":1587041693576546,"pkt":"KDc3AG3IEBMx8Tl2CABFAADdNJQAAGwR1dM0ck2IwKgBBg2WyeEAyV65B51cqyKYlOqfHC4eUj71t0+3OzD2kNc2OfFPQNt7fwvuOZltdCnrcr0l94iSgE3VeMj4bdDb+vZ+CObqTNO+QGlUnkV8bcknbNvGUx42nvxp8mhw\/srnkVApKnhDe\/uy29skE82ON2NOubAQd6VBKyo6DT6MaE1A1qjybrSe5XwDrj8OJ1EA\/FUFx\/b063Ar395Oi1sw+DBTZ16KUXaymVRCSFNXRrfz6yWlsSmdtxTLQfpVrW5dlejTUGgaSVxvSg=="}
+00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693576566,"flow_idle_time":200000000,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1587041693576566,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJUAAGwR1m40ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="}
+00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693582165,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgF74AAEARcjPAqAEGNHL6e8N0DZYATEppAAMAMCESpEI9x0RmdejywONbcT4ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
+00992{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
+00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693582610,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582610,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693582610,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693582610,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NlAbtcWVYoAAAAALAC\/\/\/E5AAAAgQFtAEDAwUBAQgKMITZVQAAAAAEAgAA"}
+00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1250,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693597783,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyLLYAAEARXJfAqAEGNHL6jcNgDZYA3iTJAAMAwiESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIfyDE3U+EjfoAFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACB+ROZSH0cQpVQPYpCmfWn5X6jy8HHHqFihd3XDn9tzDQ=="}
+00995{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
+02447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693608822,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693608822,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZVAAGwGevI0cvp7wKgBBgG7w2KOQOnM8MQyAVAQCARhxAAANjIwWjCBmzCBmDBMMAkGBSsOAwIaBQAEFCmF\/GE9vi+wEg9eQg5MnsPVnv18BBQI\/iWfdOqHBMK8u46oOF8zxtFsZQITLQAGXpgoyD\/NFydgrgAAAAZemIAAGA8yMDIwMDQxNTE5MDYyMFqgERgPMjAyMDA0MTkxOTA2MjBaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTA2MjBaMA0GCSqGSIb3DQEBCwUAA4IBAQAaQYaDpwd6DNwyOUeit6mUOBXgoV06pe6ThWCURamS0COPur719YO54pzaWQ\/wQiNdRfJ+6IxdL624Y9ECjW7h0i3GVY5McK\/JE0+t8QKiDyIrzja2mdM3dr87glc0ghsX25i5Wq+uovmAq2y0kIR5ZDxPkSCewMHChNQBpgB6w7ldXqSVgO6mMxOPGIUJeCKP7XKb6HxICQ+KDOclyTMlRvOfgXDsfJ+qgS\/\/Xx69gdsXVVKuxxVgmTXKPjwc6+0PAhk7AM38T+1uvkyY+cnLoNXnWfuXwei6nw4U+wy7NBkdjTNfderi681shWsjrz7QTveMgXHXa8hDzke10XqeoIIFIzCCBR8wggUbMIIDA6ADAgECAhNuABXTTwZmllgRJK\/RAAAAFdNPMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0yMDA0MDIxNjU4MDlaFw0yMTA0MDIxNjU4MDlaMCsxKTAnBgNVBAMMIE1pY3Jvc29mdF9JVF9UTFNfQ0FfNV9LZXlCaW5kaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt72xRWYGvzznDDT8NXYL9rp9+Ya3b0Z6P2wS3akQ58NdGCNNqh5bkYWl59MsBDUHv9Ef+w2CazdUk3Nynho4E8vpdECh67pX0G62DZBOiFmluBNKbuC5wy0qFpuDZifuCaL\/JIioH+qZxw1n9T+IlPYbhUIt9LEWbIcz3NKvVAjL22uCbIe4fgQeiRQY6CQMOOiKJvbVG0ji+rtc86+Mxhhl4WT\/oA0rEF\/rkByMk2VOShPm7OYdkPB4JadSsYxElQdJQqZtZ7Dx1QoI7ppuYvpwizs9bk5\/qpPbZOX2ffENmbYPX8IEIoHImvw+d5OCujhcH8ND8y2D3AEt3YOySwIDAQABo4HWMIHTMB0GA1UdDgQWBBQodwHOZZ6LuFUo+CvPI9\/FvHYaTDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAfBgNVHSMEGDAWgBQI\/iWfdOqHBMK8u46oOF8zxtFsZTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdgcybR4HI6RYCAWQCAQcwGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAgEAZeWmp3UPfRLZIyUkIOP3qzADvvJHesY63Dc2ynSZnVwywgjceFf+k+yQAXU4qttDwcVbl8RAxZ3TRxOK\/tx9uYmaavtEm3swh9h5B7DCvmIXfqsJJlRpK\/OFGfcf49BNBZXJky59f8YfJ49hsiJiWchclECz2p04IejlY2rjzCMngCMT2bpAzYBsJXomAbKsVRl07LYT4CLhdIIHrd+syTeudyjkMfJb34y+qxxeDCvdd+fLKHcrxUao3ZXsd7wz3mk1EWQVaTo+Md3\/ECUv"}
+01240{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1251,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693608822,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041693608822,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693611913,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgfyMAAEARCrzAqAEGNHL6jcNhDZYATBjuAAMAMCESpELalY8VcoE3uJ+0vVMADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
+00992{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}}
+00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693625394,"flow_idle_time":200000000,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693625394,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxUAAGwRBmU0cvp7wKgBBg2Ww3QAwyhaARMApyESpEI9x0RmdejywONbcT4ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAhb5VsGDC2J+oAgAAgAAc5scadqCg=="}
+00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693628354,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Nx9AAGwG5wg0cvp7wKgBBgG7w2XeqFvwXFlWKYAS\/\/\/MOwAAAgQFoAEDAwgBAQQC"}
+00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693628427,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693628427,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NlAbtcWVYp3qhb8VAQIADs+gAA"}
+00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1274,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":3285032704,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1587041693628756,"pkt":"EBMx8Tl2KDc3AG3ICABFAADjAABAAEAGSXnAqAEGNHL6e8NlAbtcWVYp3qhb8VAYIADHIgAAFgMBALYBAACyAwNemFWdJel+38T72uo9XNMIcFrJVaaQNKpU+a+Uq8VSQwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXQAAACAAHgAAG2V1YXoudHIudGVhbXMubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="}
+01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693628756,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693640777,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJUAAGwR4QY0cvp7wKgBBg2Ww2AAoaFUAQMAhSESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHB1XGnagqAUAAYm3E8YjrBv7v21SN1g6+m0xjhRrQAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIK\/9w8VcH20Bp+o9r1mX6tB+MRypEJNYTX2DO\/tetQep"}
+00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1276,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1276,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693654732,"pkt":"EBMx8Tl2KDc3AG3ICABFAADySXIAAEARP9\/AqAEGNHL6icN0DZYA3q9FAAMAwiESpELOvwn047sA+HEU4bYADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIW+VbBgwtifoAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACCU7UyKuDgKSJKUvk8SSs9ovhsGMp06Kok2oE1dFOuKzQ=="}
+00995{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}}
+00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1277,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693658468,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJYAAGwR4NE0cvqNwKgBBg2Ww2EAw+F\/ARMApyESpELalY8VcoE3uJ+0vVMADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAiQUL8kDsWN+oAgAAgAAcwTcadqCg=="}
+00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1281,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1281,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693668523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgYKIAAEARKUHAqAEGNHL6icN1DZYATE9EAAMAMCESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
+00992{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1281,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
+02450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693675117,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693675117,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNyJAAGwG4WU0cvp7wKgBBgG7w2XeqGPBXFlW5FAQCASBlQAAW6sdwoMA3bRkqxv5VpjyajDfFXWqL4G9QZfl841dfR9SjQLMnRDtMHjHLLEHhJCKLU2ikazGCdNZMqtfaxeWquCIWw56s0bCKwmin9Y3DIsAdEejps5dwVGPEJfdlpEbIxcuBzCIRY0C23wA8SsmAke7nyJfwnrDoCjE4H7m3XXod08er9hfv0q4nITSnedP3o61Oc42o6ZTtprTcb83jeNHnfqPTx\/r7JoPcNdqLrU2S9F5B\/3\/72kY0IJW8GVz3JfVywG\/oGQZf4DtR+N9iCPyVunnsxwatk5VQeVSeoKWofbhmm5\/59\/eJyGGKNh6xcOod+zQ\/yRc87f6tHNG2YoyFngY2b4iSL5cKDGkUG4HW8AD3tnSSMB+eS+kUxAHQWzl9sk8GGj5SN\/h6yZsZx0M8Cajppy8O10hsA4MnuDtB3uK64JLD12Do4vw3+8vrlcfGCUgqrNGgRVPtSVulxGnCvWOq0JhUVItmI195Is0h3MiJgXc2KNuZpMfbIcuyiiUJx2zdkFT81nL1PidcMdiaFVUoMih7rr4UtgVbmkgKemK\/Z7z3no4iLWFOB0NszihbN+mXEPfve7ERdipQf9N4gAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4UEla9xB7d\/jmSpBKVVLelK10CaBkVyzNB5CfFq2Vw9EGuvHvbAW1BKyp3Bsxmw4tGZUET95my601cq8ZggiyFDoWX7A8m9uNDLAC1iYf6BVxxO\/5YzlDjOnCki6hwqAwJQ6WJ1+eoyuC1hC9PBkepof+VSE6XEH8AZjML5L\/Zji0uGacDxJoS0qshrtemP+eppxTbDMRpNCuUkfXi4\/xlqy5KZqPLPGtZBjDJrsAZN5QcMC77MZrrtOg78DxXA3yzHpZ2hgzL1kQrWcULF8iQ0pE4ejd4OdVFk4J7wNMDEhQWvAD347vY8pbZ4dDQCwGth8PPlPAZj\/XFBXmCGKYSH6D5ae1XVEtVC1h\/TRd1LeAzdJ9zrEkO\/OXbGwT3ooXyYr1SJVC9xKQ4xAX9qEAxTYqZZGeBexCLlq4mRv\/1E61+mZV2YOOvwgpjfoLAgMBAAGjggFCMIIBPjAdBgNVHQ4EFgQUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHwYDVR0jBBgwFoAU5Z1ZMIJHWMys+ghUNoZ7OrUETfAwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwJwYDVR0lBCAwHgYIKwYBBQUHAwEGCCsGAQUF"}
+01240{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1282,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693675117,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041693675117,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693698272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxYAAGwRBoY0cvp7wKgBBg2Ww3QAoWPcAQMAhSESpELOvwn047sA+HEU4bYADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHObHGnagqAUAAYmiULR7BQSjV7GJ7mOy6WXuQ5anUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIJWLEhTAIKUMzT0EuyGZ9cU94RPVJanGef0JixSMSj4H"}
+00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1299,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693711026,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyfgoAAEARC0PAqAEGNHL6jcNhDZYA3rEpAAMAwiESpEJLDXUDhL3sfvdJg10ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIkFC\/JA7FjfoAFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACBfcijkK3I1E6fsjRiPsKvs33Xfpf\/cKnDyh7VrIY168g=="}
+00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1301,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693714142,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxcAAGwRBlU0cvqJwKgBBg2Ww3UAwwtKARMApyESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAjDwJ1K7o6J+oAgAAgAAcBocadqCg=="}
+00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1307,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693756239,"flow_idle_time":200000000,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693756239,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJcAAGwR4PI0cvqNwKgBBg2Ww2EAoTssAQMAhSESpEJLDXUDhL3sfvdJg10ADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHME3GnagqAUAAYLOxJmLF8a9P8QJMpg69OprVoITMAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIMhO7y5FcPLOAgpkLIJifRx7Dv8ek2QLf5zo\/BiwDhB4"}
+00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1308,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693763689,"pkt":"EBMx8Tl2KDc3AG3ICABFAADy1jgAAEARsxjAqAEGNHL6icN1DZYA3qn\/AAMAwiESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIw8CdSu6OifoAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACAOMJjC3yWHP2a8uRvQ6tdNq4Cf2VvwjY\/Ply+68rS7wg=="}
+00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1312,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693808734,"flow_idle_time":200000000,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693808734,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxgAAGwRBnY0cvqJwKgBBg2Ww3UAoXQEAQMAhSESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHAaHGnagqAUAAYaOUMdiD0+ug9lexVR\/3YR6\/W6KUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIL4g0LfB18yA2q\/RVWXcDhE8D9XtCMo2nCqOglxViaD8"}
+00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693828302,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693828302,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693828302,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693828302,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSf\/AqAEGNHL6mMNeAbvdNMkXAAAAALAC\/\/\/QFQAAAgQFtAEDAwUBAQgKMITaQwAAAAAEAgAA"}
+00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1318,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693849498,"flow_dst_last_pkt_time":1587041693849498,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693849498,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693849498,"flow_dst_last_pkt_time":1587041693849498,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693849498,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSf7AqAEGNHL6mcN0AbuMksvlAAAAALAC\/\/8dvwAAAgQFtAEDAwUBAQgKMITaVwAAAAAEAgAA"}
+00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1320,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693869354,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZxAAGwGgG40cvqYwKgBBgG7w17cXACa3TTJGIAS\/\/81\/QAAAgQFoAEDAwgBAQQC"}
+00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693869423,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693869423,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShfAqAEGNHL6mMNeAbvdNMkY3FwAm1AQIABWvAAA"}
+00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":3285032704,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041693869663,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWAABAAEAGSWnAqAEGNHL6mMNeAbvdNMkY3FwAm1AYIACuOQAAFgMBAKkBAAClAwNemFWd9sBVDmqpQ1JOmTf85+s9vRwXDIKd7RSpfqD9hwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAUAAAABMAEQAADjUyLjExNC4yNTAuMTUyAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"}
+01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693869663,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"52.114.250.152","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693849498,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693893017,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NypAAGwG5t80cvqZwKgBBgG7w3QJhgXYjJLL5oAS\/\/9RUwAAAgQFoAEDAwgBAQQC"}
+00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1324,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693893121,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693893121,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShbAqAEGNHL6mcN0AbuMksvmCYYF2VAQIAByEgAA"}
+00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":3285032704,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041693893319,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWAABAAEAGSWjAqAEGNHL6mcN0AbuMksvmCYYF2VAYIAA4UQAAFgMBAKkBAAClAwNemFWd\/1XCA+79geTWEWiWwTsvTSnBi9NExcEsdrOoSgAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAUAAAABMAEQAADjUyLjExNC4yNTAuMTUzAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"}
+01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693893319,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"52.114.250.153","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+02439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1327,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693912361,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693912361,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZ1AAGwGes00cvqYwKgBBgG7w17cXACb3TTJxlAQCARdzwAAFgMDF+kCAABVAwNemFWdM9zHzxbjC7QANdHz8AfaCDM7kl4CH3iC8m+C5SA8HQAAdg+4AWMXjI8CbVJCHoa9vuL+BAQY6d2I21i7H8AwAAANAAUAAAAXAAD\/AQABAAsADuwADukACSswggknMIIHD6ADAgECAhMtAAZemCjIP80XJ2CuAAAABl6YMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA1MjQxNDEwMjZaFw0yMTA1MjQxNDEwMjZaMCExHzAdBgNVBAMTFnRyLnRlYW1zLm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLTNHPfgLoOgUfyR4c2CDg+CoBg7bwaQp6OOdTLjN80e6165bdZW8ryNWADQBv\/\/6Ld1H5eQQNetSDwVifHVU+CteBiHg6T9F1rA96B1Fk1nARcGhMPsZbgvGxJ+NR6ygkRK7GWC6KFZyOiZ0MvWyxQTJBlsBwklHTiX9D0fiSz06Q+tVkIHpWWHGkJRO+Tm3UUtCMr7e1K4eQloaVRg1AeMGEhZEaGXyKum9VwAP15maK0zwKMiUymx8uWFHW4J0+7wZd9kZyUeJvDO2QDZvxPl5w9NBzvGZUQFIkRD+XvUanlt9AtvhnDy5BiPzueeQgaJbyvyJl4Af8nIo8gppfAgMBAAGjggTrMIIE5zCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFq6jb0ngAABAMARzBFAiEA+SbPYnNZBq5NAa+KJuZcLJF6Cs7c51vg2wno92Y73cQCIFui0LePG9Yu0H+TqmpdeWJeVlJ0KiyWWMKI6D92L\/K3AHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFq6jb1LQAABAMARjBEAiAZDnc3oPi8LaNBy6Df89WOlPch018jWvYNKaDO2U51nQIgYZuZffTHCtDDZ3lWVJgiVsjUCTGqki0p6MIBuSQoIfUAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWrqNvNaAAAEAwBIMEYCIQChq4nHPM4twtbxyAgrDLE3a797eV+6L2EiO6pBrFmrUAIhANBHWXnY9HAcs6WqVRp9r8q8wlaSY9pBfB7vJlbCShQPAHUARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFq6jb0QQAABAMARjBEAiAzKKpy8ELEm5AO\/Cl8weRDML0CJ7IOPZ2GbRbx\/8vxWgIgDCW1c1pNKCE9DA2mbQwKGa4Z2H7dNtIRrzU4ZJcZOr8wJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBSC313bBDWiwUMAeq0EgFmCSqbJVzALBgNVHQ8EBAMC"}
+01752{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1336,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":8,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693913259,"flow_dst_last_pkt_time":1587041693913604,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693913604,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.152","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75"}}}
+02440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1342,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693937910,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693937910,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNyxAAGwG4T00cvqZwKgBBgG7w3QJhgXZjJLMlFAQCAT\/SwAAFgMDF+kCAABVAwNemFWdlZ1o0K1pDuc31o7KbeFA6zW0UoTj74rN53YU1yAVNwAAZbPmUJGFDDA3baQ8RQ+flEqSYPNJweq+ysirz8AwAAANAAUAAAAXAAD\/AQABAAsADuwADukACSswggknMIIHD6ADAgECAhMtAAZemCjIP80XJ2CuAAAABl6YMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA1MjQxNDEwMjZaFw0yMTA1MjQxNDEwMjZaMCExHzAdBgNVBAMTFnRyLnRlYW1zLm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLTNHPfgLoOgUfyR4c2CDg+CoBg7bwaQp6OOdTLjN80e6165bdZW8ryNWADQBv\/\/6Ld1H5eQQNetSDwVifHVU+CteBiHg6T9F1rA96B1Fk1nARcGhMPsZbgvGxJ+NR6ygkRK7GWC6KFZyOiZ0MvWyxQTJBlsBwklHTiX9D0fiSz06Q+tVkIHpWWHGkJRO+Tm3UUtCMr7e1K4eQloaVRg1AeMGEhZEaGXyKum9VwAP15maK0zwKMiUymx8uWFHW4J0+7wZd9kZyUeJvDO2QDZvxPl5w9NBzvGZUQFIkRD+XvUanlt9AtvhnDy5BiPzueeQgaJbyvyJl4Af8nIo8gppfAgMBAAGjggTrMIIE5zCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFq6jb0ngAABAMARzBFAiEA+SbPYnNZBq5NAa+KJuZcLJF6Cs7c51vg2wno92Y73cQCIFui0LePG9Yu0H+TqmpdeWJeVlJ0KiyWWMKI6D92L\/K3AHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFq6jb1LQAABAMARjBEAiAZDnc3oPi8LaNBy6Df89WOlPch018jWvYNKaDO2U51nQIgYZuZffTHCtDDZ3lWVJgiVsjUCTGqki0p6MIBuSQoIfUAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWrqNvNaAAAEAwBIMEYCIQChq4nHPM4twtbxyAgrDLE3a797eV+6L2EiO6pBrFmrUAIhANBHWXnY9HAcs6WqVRp9r8q8wlaSY9pBfB7vJlbCShQPAHUARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFq6jb0QQAABAMARjBEAiAzKKpy8ELEm5AO\/Cl8weRDML0CJ7IOPZ2GbRbx\/8vxWgIgDCW1c1pNKCE9DA2mbQwKGa4Z2H7dNtIRrzU4ZJcZOr8wJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBSC313bBDWiwUMAeq0EgFmCSqbJVzALBgNVHQ8EBAMC"}
+01752{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1350,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693938156,"flow_dst_last_pkt_time":1587041693938382,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693938382,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.153","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75"}}}
+00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1371,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694219802,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694219802,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1371,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694219802,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041694219802,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9w\/AqAEGNHJNiOyXAbs8mpamAAAAALAC\/\/8lfgAAAgQFtAEDAwUBAQgKMITbvgAAAAAEAgAA"}
+00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1372,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694221137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694221137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1372,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694221137,"flow_idle_time":200000000,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_usec":1587041694221137,"pkt":"EBMx8Tl2KDc3AG3ICABFAABWS5cAAP8R7KfAqAEGwKgBAe2lADUAQpDJn88BAAABAAAAAAAAG2MtZmxpZ2h0cHJveHktZXVuby0wMS10ZWFtcwhjbG91ZGFwcANuZXQAABwAAQ=="}
+01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1372,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694221137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694221137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"c-flightproxy-euno-01-teams.cloudapp.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694234511,"flow_idle_time":200000000,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"thread_ts_usec":1587041694234511,"pkt":"KDc3AG3IEBMx8Tl2CABFAACixyFAADkR9tHAqAEBwKgBBgA17aUAjgAAn8+BgAABAAAAAQAAG2MtZmxpZ2h0cHJveHktZXVuby0wMS10ZWFtcwhjbG91ZGFwcANuZXQAABwAAcAoAAYAAQAAAA4AQARwcmQxDmF6dXJlZG5zLWNsb3VkwDEGbXNuaHN0CW1pY3Jvc29mdANjb20AfaP8PAAAA4QAAAEsAAk6gAAAADw="}
+01075{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1373,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694234511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1587041694234511,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"c-flightproxy-euno-01-teams.cloudapp.net","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1376,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041694262764,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0VplAAGwGdII0ck2IwKgBBgG77Jdw4z8APJqWp4AS\/\/+58wAAAgQFoAEDAwgBAQQC"}
+00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1377,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_src_last_pkt_time":1587041694262870,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041694262870,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG9yfAqAEGNHJNiOyXAbs8mpancOM\/AVAQIADasgAA"}
+00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1378,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":3285032704,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_usec":1587041694263191,"pkt":"EBMx8Tl2KDc3AG3ICABFAADrAABAAEAG9mTAqAEGNHJNiOyXAbs8mpancOM\/AVAYIADbZQAAFgMBAL4BAAC6AwNemFWex6L93KvTNrWWS\/8PQ2rao\/9bFvV0yUUyu2nlvwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAZQAAACgAJgAAI2FwaS5mbGlnaHRwcm94eS50ZWFtcy5taWNyb3NvZnQuY29tAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"}
+01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1378,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694263191,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+02449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1380,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":5,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694308351,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041694308351,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVptAAGwGbuA0ck2IwKgBBgG77Jdw40StPJqXalAQCAQlEAAAcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUenuMwc\/noMoc1Gv6++Ezww8aop0wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQCGBg8ckx9UDTW7UZXC+1At9FP7A44gNWDP9CaNquKk0Ym4Hc6H0wUEGjC2TPH4ZMpVVvzoaDTGQwOYpaTTUvX3MEMOYKEG1Cvx9tqcsdP3yUB2L0u\/Y3lBDRRYTQjeuiKHInHCIKjjX\/QCOyzvB5\/C0exDQl9fWwS+qncho+mgAfK2IA8Fxzsv6+EtDoQ7Dvl6yGFB0IOq2h0mRJqrPawbpWi2DqNdE30PlqszN6KarfO3etdnYrpJGC2USn7nux+J+nU9mSFC0ZsLRlurcf+j5mIScxOoR1R1zgqZUwqnxhpp4P1IJVImICPzlelUrV+V7b3YppHp2Rgn\/+S4J10m17s2TbLTa97JGjEE\/3YQ7h5IdjwTnwuq1dP++rQhXt3FX3MOWAHLNAKjiWyKZFU6vIewI5Hi6y2fkjqSeRt4\/aWEgJvh20gdM0p+zqdmShg\/748CHucnl5Zm4aJe3RbjYEYoFcds8ex0ujMudADb\/QzGDXRU0vzS1rVbA4cYFxJP\/arXmxNmNaQws3ulhsztenPZhSi+YjcTSxMjLvyNTiFRWl6oPmD03juUR4abmC3Z6rh\/ORpnPJ\/Em03uuhRVjI2A+WVhItVGj\/kDERprkC2fKCqbcztcQMil\/Kk2WHT\/UliJtmxX7yjxKPFWCSC+MDNsBV3uBwoK+m\/VewoOUwAFuDCCBbQwggScoAMCAQICEAtqs7A+san2xGCSaqjN\/rMwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUyMzhaFw0yNDA1MjAxMjUyMzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKvl612jazme9TSIErsdUiZdfQkLxnmOq7cO3xmy3e4P9u70VuRG4pIP4mcL4xxxpNRBc7TLmRaOv3d9sK8ebO1xLsMId0pekq7sWtBIgdDF6aD1eo8ejV7TrZLA2saRNTEguTkEzRAqPJcdAJ6ZGBgJz0uX5Mn8APAMWp026LJAwUqshCiqPUYYK6eKrPSvS6h+SULHYiDA5qc7XeuQH7uK2JyQ4zqxbMKUzj4ya8txs0EuucXhXdhZJ4L74UgNfugE8fkBJ0H6lFp9xTC7trrXEZuI+gHMbkuSufh4PMucaJoWZojQk7Aqgy6XER1+gSBh5LC5m5xuU5WVIsbZvXUQutl1jDw\/HdCW+DNFe3sfVDPlSJenBSSi29Hcla4gKn2WiUh7knrQJLHeSBH3Zzy03\/hYYPVPezRo"}
+01247{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1380,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694308351,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041694308351,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1404,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1404,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695278787,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMhisAAEARcdvAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
+01125{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
+00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1405,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1405,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695278905,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZ7QAAEARkFLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
+01125{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1405,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
+00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1406,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695305290,"pkt":"KDc3AG3IEBMx8Tl2CABFAACMbOkAADURirVdR27NwKgBBj\/Mw2AAeJv\/AAEAXCESpEJpQfrkOEmJN4IqUAgABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUCA60OBRrDjRc1P+cP0BpsLC+QjmAKAAEPxxxZQ=="}
+01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1406,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
+00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1407,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695305879,"pkt":"KDc3AG3IEBMx8Tl2CABFAACM2aMAADURHftdR27NwKgBBj\/Nw3QAeFT\/AAEAXCESpEKjF0z2+O91Jw0PY1cABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUo4jart22gVLrHF0JHGaI64vA9HeAKAAEUHwvEg=="}
+01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
+00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695330085,"flow_idle_time":200000000,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695330085,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0TLUAAEARoAHAqAEGXUduzcNgP8wAYAttAQEARCESpEJpQfrkOEmJN4IqUAiAcAAEAAAABwAgAAgAAR7efFXKj4A3AAQAAAACgDYABAAAAAEACAAUlU+ROI4McMZBUuZSU8\/gWyGrdx6AKAAE+OcqVw=="}
+00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695330306,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695330306,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMkXkAAEARWyXAqAEGXUduzcNgP8wAeAk2AAEAXCESpEL9LF5WbGc54yQwO\/cABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAU1YbVJoGA61aUBne1Qcfqud7BOGOAKAAEmnK+Jw=="}
+00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330316,"flow_idle_time":200000000,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695330316,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0gkYAAEARanDAqAEGXUduzcN0P80AYEblAQEARCESpEKjF0z2+O91Jw0PY1eAcAAEAAAABwAgAAgAAR7ffFXKj4A3AAQAAAACgDYABAAAAAEACAAUNbjIzLk8Htcx5rlGPdUzB6Mtkf+AKAAECmy4uA=="}
+00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1412,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695330389,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMX9EAAEARjM3AqAEGXUduzcN0P80AeEAgAAEAXCESpEJvsFtMkRg8G\/ztdLwABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUIVL6+UU6k643kpe64\/MzitD9Q4eAKAAEwjOytg=="}
+00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695381451,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsaPwAAEARIBfAqAEGNHL6jcNgDZYBGBOdAAQA\/CESpEIsNFIeR67x\/KSTudUADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAfAABAGghEqRCH9y33u2t\/jYyT2+1AAYACW81L0k6RlkzMgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAh\/IMTdT4SN+oA3AAQAAAACAAgAFLkI9+jCSAoSd\/OOXciVMXiIrqbdgCgABLPHZEgACAAg7sRmb8sPDDsK8L9wIx7c4\/un3a7csABeHu5jm1wMzFk="}
+00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695381585,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsXTYAAEARK+HAqAEGNHL6icN0DZYBGMK2AAQA\/CESpEIeamDBSEqcaMKGtFYADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAguGTqGqFZLfExfohAPRW3NYW9D0LDg15vdpj82BiyuIs="}
+00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389155,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4fJgAAGwR4O40cvqNwKgBBg2Ww2AApNd+ARUAiMLWdk9T8dgTMFhVlH2+EmsADwAEcsZLxgASAAgAAT\/MXUduzQATAHAAAQBcIRKkQpOT7iqoT5owckEG1gAGAAlGWTMyOm81L0kAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQwsyB\/3AcVNGFmgIYtfHOO0Vm54oAoAAR90b9H"}
+00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389378,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4VxkAAGwRBnI0cvqJwKgBBg2Ww3QApCdjARUAiE\/LrilDXPJWtp6yDikzcPIADwAEcsZLxgASAAgAAT\/NXUduzQATAHAAAQBcIRKkQlPk9TFAsI2GK+OZoAAGAAkrbUl2OkpGd2oAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQqoNaJl5j6Qph3wmShySpejyG1ZYAoAAR\/OzfK"}
+00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695406639,"flow_dst_last_pkt_time":1587041695330306,"flow_idle_time":200000000,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695406639,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0Bd0AADUR8dldR27NwKgBBj\/Mw2AAYJiUAQEARCESpEL9LF5WbGc54yQwO\/eAcAAEAAAABwAgAAgAAcHVcadqCoA3AAQAAAACgDYABAAAAAEACAAUfLZK4Jp9GCnUwepSRXJ0QYfNKUiAKAAEeKXxaw=="}
+00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695407379,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695407379,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0iYEAADURbjVdR27NwKgBBj\/Nw3QAYAIVAQEARCESpEJvsFtMkRg8G\/ztdLyAcAAEAAAABwAgAAgAAc5scadqCoA3AAQAAAACgDYABAAAAAEACAAUt0fBakPBlSed9Q+UJ+6ZvN9VvN+AKAAELvJkIw=="}
+00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587041695421892,"pkt":"KDc3AG3IEBMx8Tl2CABFAACYUPwAAGwRCyM0cvwVwKgBBg2Yw3QAhCaSAAEAaCESpEK59F1PLtIJs2rQCYoABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACGUfNM4ueRX8gDcABAAAAAIACAAUDNg3puCxSSnyiCvs+zLb4wfWy9WAKAAEDuovdw=="}
+01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
+00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1422,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587041695422685,"pkt":"KDc3AG3IEBMx8Tl2CABFAACY4AMAAG0Reyg0cvwIwKgBBg2Xw2AAhBBVAAEAaCESpEKBJ1p+KLNk2I89FPkABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACN6qKWcI9wj8gDcABAAAAAIACAAUyAS6wVT6GpHQ1gnRXe5kbQ9LDuWAKAAEokvlFA=="}
+01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
+00795{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695432593,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1587041695432593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEIQwIAAEARRjXAqAEGNHL6jcNgDZYA9FdMAAQA2CESpEKfui7uErrywVVZDhwADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAWAEBAEQhEqRCk5PuKqhPmjByQQbWgHAABAAAAAcAIAAIAAEe3nxVyo+ANwAEAAAAAoA2AAQAAAABAAgAFFFp\/EIw9m0w0dRwmYyqML3\/iSKPgCgABN8vUt8ACAAgqGRf4o8r70c+bwbjLKjnyOxfHW\/RCLgda6bT0E3pUpo="}
+00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1587041695432665,"pkt":"EBMx8Tl2KDc3AG3ICABFAACA0aoAAEARtpnAqAEGNHL8CMNgDZcAbO2O\/xAAYN6qKWcI9wj8AQEARCESpEKBJ1p+KLNk2I89FPmAcAAEAAAABwAgAAgAASyFFWBYSoA3AAQAAAACgDYABAAAAAEACAAUmYtT\/sgffZE\/GPjMTGRSk5h1N+2AKAAEPqesNg=="}
+00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695432806,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsslcAAEAR1rvAqAEGNHL6jcNgDZYBGA46AAQA\/CESpEKGfpR3I6Wm38Zk7TUADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAfAABAGghEqRCH9y33u2t\/jYyT2+1AAYACW81L0k6RlkzMgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAh\/IMTdT4SN+oA3AAQAAAACAAgAFLkI9+jCSAoSd\/OOXciVMXiIrqbdgCgABLPHZEgACAAg4ni\/MyGpn0IPPfamZXcwXcyTP9hFKqNf3gjYqNKVXl0="}
+00793{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695433232,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1587041695433232,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEIB74AAEARgX3AqAEGNHL6icN0DZYA9JXXAAQA2CESpEJpchKVO4fonPIh+aAADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAWAEBAEQhEqRCU+T1MUCwjYYr45mggHAABAAAAAcAIAAIAAEe33xVyo+ANwAEAAAAAoA2AAQAAAABAAgAFKSOPm9ycNiS3mJyX4fapy4vEu1\/gCgABIqjvoYACAAg+pL5K0Lk7MyR0ZqbhlMFnDsKGKI3TTZKmRHPJasNnPQ="}
+00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1427,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695433333,"flow_idle_time":200000000,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1587041695433333,"pkt":"EBMx8Tl2KDc3AG3ICABFAACAFs8AAEARcWjAqAEGNHL8FcN0DZgAbMYz\/xAAYGUfNM4ueRX8AQEARCESpEK59F1PLtIJs2rQCYqAcAAEAAAABwAgAAgAASyKFWBYV4A3AAQAAAACgDYABAAAAAEACAAUb+d2GMvNHhGxBtT1sjJNLSVYAvSAKAAEqoFJXQ=="}
+00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695433459,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695433459,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsR2QAAEARQbPAqAEGNHL6icN0DZYBGOj5AAQA\/CESpELTjfKyZNTNUCzFgVAADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAgUB2ZPqsXXGYjBv8pRG+HEjCK6R8QdiEsnAYTs3tf1IE="}
+02272{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1429,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693824623,"flow_dst_last_pkt_time":1587041695435566,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041695435566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":71850.4,"max":1566873,"stddev":274680.6,"var":75449425920.0,"ent":1.9,"data": [44968,45079,183,47440,47249,164,13,124,2,107,17,104,3,107,2,120,2,1,8026,8,35,52434,1246,45626,48613,92238,43679,69083,272,113543,1566873]},"pktlen": {"min":40,"avg":256.9,"max":1492,"stddev":427.0,"var":182315.3,"ent":3.7,"data": [64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46]},"bins": {"c_to_s": [15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1],"entropies": [4.396777153,4.946223736,4.453056812,5.436062336,7.472877979,4.624014378,7.357961178,6.174726009,4.707639694,4.669178009,7.651301384,7.035131931,4.669178009,4.492897511,7.576755524,6.572272301,4.384184361,4.492897511,4.492897034,6.376044750,4.495644569,5.773638725,4.565871716,5.388861179,4.561769009,6.442826271,6.864662647,4.511769295,5.438062191,4.384184361,4.565872192,4.565872192]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1435,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586059,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZh4AAEARkejAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
+00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1436,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586146,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMyucAAEARLR\/AqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
+00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890424,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890424,"pkt":"EBMx8Tl2KDc3AG3ICABFAACM6boAAEARDkzAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
+00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1441,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890513,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890513,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMMbQAAEARxlLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
+00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1446,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":4,"flow_src_last_pkt_time":1587041696194345,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041696194345,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMXPIAAEARmxTAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
+00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1447,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":4,"flow_src_last_pkt_time":1587041696194432,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041696194432,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMFBgAAEAR4+7AqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
+00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1448,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":5,"flow_src_last_pkt_time":1587041696498337,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041696498337,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMrv0AAEARSQnAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
+00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1449,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695406639,"flow_dst_last_pkt_time":1587041696498551,"flow_idle_time":200000000,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1587041696498551,"pkt":"EBMx8Tl2KDc3AG3ICABFAACQu2oAAEARMTDAqAEGXUduzcNgP8wAfBKsAAEAYCESpEKyalJ26c+bCI1C0PUABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAlAAAAJAAEbv\/+\/4A3AAQAAAACAAgAFNd7wOvI0gzaWL0JHAJmvaCW1OcegCgABLiDaXI="}
+00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1450,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":5,"flow_src_last_pkt_time":1587041696498651,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041696498651,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMPIAAAEARu4bAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
+00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1451,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695407379,"flow_dst_last_pkt_time":1587041696498784,"flow_idle_time":200000000,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1587041696498784,"pkt":"EBMx8Tl2KDc3AG3ICABFAACQSB8AAEARpHvAqAEGXUduzcN0P80AfNVTAAEAYCESpEKDWwnX0gcAJk8k2boABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAlAAAAJAAEbv\/+\/4A3AAQAAAACAAgAFPLvVpmLRoXR+XSjZzwE+pIZjkn7gCgABO2z0lM="}
+00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1455,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697061972,"flow_dst_last_pkt_time":1587041697061972,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697061972,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1455,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_src_last_pkt_time":1587041697061972,"flow_dst_last_pkt_time":1587041697061972,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041697061972,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxpHAqAEGKE+KKeyYAbtVmTcwAAAAALAC\/\/8wcwAAAgQFtAEDAwUBAQgKMITmwQAAAAAEAgAA"}
+00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_src_last_pkt_time":1587041697061972,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041697091344,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8X+VAAG4GOLAoT4opwKgBBgG77Jhhqm+9VZk3MaASIADeAQAAAgQFoAEDAwgEAggKC\/ZmGDCE5sE="}
+00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1457,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_src_last_pkt_time":1587041697091452,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041697091452,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyYAbtVmTcxYapvvoAQEAkclQAAAQEICjCE5t4L9mYY"}
+00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":4,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":3285032704,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"thread_ts_usec":1587041697092026,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEjAABAAEAGxa7AqAEGKE+KKeyYAbtVmTcxYapvvoAYEAlljAAAAQEICjCE5t4L9mYYFgMBAOoBAADmAwMvt9\/l19PgHHhBJ7fePZ9nkIIpM9PqvMR3RuXFQQr78gAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACV\/wEAAQAAAAAXABUAABJnYXRlLmhvY2tleWFwcC5uZXQAFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACgAIAB0AFwAYABk="}
+01128{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1458,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697092026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
+02430{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1459,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697123566,"flow_idle_time":3285032704,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041697123566,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUX+dAAG4GMxYoT4opwKgBBgG77JhhqnVeVZk4IIAQBAXnDAAAAQEICgv2ZjgwhObedGlvbmluc2lnaHRzLmF6dXJlLmNvbYISZ2F0ZS5ob2NrZXlhcHAubmV0ghVkYy50cmFmZmljbWFuYWdlci5uZXSCH2F1c3NlLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHmJyenMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2NhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWNmci1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1jaW4tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2tvLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWN1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh9jdXMwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1lYXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdZWF1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWVqcC1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1ldXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDItYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDQtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDUtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIeZXVzMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5uY3VzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHW5ldS1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5zYWZuLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHnNjdXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdc2VhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXN1ay1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1zd24tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdd2V1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXd1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh53dXMyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCIHd1czIwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0MIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAJWTZzx1MK5GdVXHHDNo4UfZmpqNSZyuP+i0NBu9AKrV3sQoq5pmeYJ7vP+oV2p39mLTb2oqM52AGvlnpmoTNJwN7XVFBPYI8jrT6ZwWv1hAZa"}
+01142{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1459,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697123566,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041697123566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
+00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1485,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041693756239,"flow_idle_time":200000000,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041697617344,"pkt":"EBMx8Tl2KDc3AG3ICABFAADW2xEAAEARrlfAqAEGNHL6jcNhDZYAwt8iAAMApiESpEINQAd8TvBOvXDWMxoADwAEcsZLxoAIAAQAAAAGAA0ABAAAAACAUAAEAAAAAQAUABQ+mj9JKfg8kAiQ47rNqp++2YC3UgAVAAoicnRjbWVkaWEiAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8AAgAILegjOD1prOmcIML6MAq3Q5voM\/8\/Vbx8\/OHsgTOe6Dx"}
+00724{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1490,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697660621,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697660621,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5}
+00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1490,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_src_last_pkt_time":1587041697660621,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1587041697660621,"pkt":"KDc3AG3IEBMx8Tl2CABFoAA40fgAADUBJWpdR27NwKgBBgMDcCsAAAAARQAASh2AAAAyEd1gwKgBBl1Hbs3DdD\/NADaJWQ=="}
+00892{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1490,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697660621,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697660621,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":4.321296}}
+00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041693808734,"flow_idle_time":200000000,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041697668978,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWXowAAEARKuHAqAEGNHL6icN1DZYAwtlEAAMApiESpEJ\/K8mw63L1SVFc8SkADwAEcsZLxoAIAAQAAAAGAA0ABAAAAACAUAAEAAAAAQAUABRzrT6HZUT09MBbGfgrZXo06YoDbQAVAAoicnRjbWVkaWEiAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8AAgAIBF1x2DO\/FnH+NItZ0DdGmNq9Qpo8WCUVFVIxiEnjM\/h"}
+00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1497,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_src_last_pkt_time":1587041697673040,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1587041697673040,"pkt":"KDc3AG3IEBMx8Tl2CABFoAA4akMAADUBjR9dR27NwKgBBgMDcBsAAAAARQAAWp4wAAAyEVygwKgBBl1Hbs3DdD\/NAEaJWQ=="}
+02324{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1528,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041697913583,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4324,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041697913583,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":160381.3,"max":1168245,"stddev":365653.3,"var":133702352896.0,"ent":2.7,"data": [24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257]},"pktlen": {"min":66,"avg":253.4,"max":1242,"stddev":374.4,"var":140199.2,"ent":4.0,"data": [140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102]},"bins": {"c_to_s": [0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00767{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041694047808,"flow_dst_last_pkt_time":1587041694047695,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":567,"flow_dst_tot_l4_payload_len":6363,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01098{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":13,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041695435668,"flow_dst_last_pkt_time":1587041695435566,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+01098{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":13,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041694243274,"flow_dst_last_pkt_time":1587041694243144,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+00912{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697673040,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00766{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041697722873,"flow_dst_last_pkt_time":1587041697765326,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":817,"flow_dst_tot_l4_payload_len":6541,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":20,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676536132,"flow_dst_last_pkt_time":1587041676536089,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":11864,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+00768{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677286941,"flow_dst_last_pkt_time":1587041677286365,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2950,"flow_dst_tot_l4_payload_len":6420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":19,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041685098215,"flow_dst_last_pkt_time":1587041685098126,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1754,"flow_dst_tot_l4_payload_len":7280,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":28,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685471822,"flow_dst_last_pkt_time":1587041685471619,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":28998,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+00768{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":13,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686156488,"flow_dst_last_pkt_time":1587041686156402,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":900,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1750,"flow_dst_tot_l4_payload_len":6374,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01079{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041696498337,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP"}}
+00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687963041,"flow_dst_last_pkt_time":1587041687962963,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1286,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2098,"flow_dst_tot_l4_payload_len":7352,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681744695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+01079{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041696498651,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP"}}
+00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685092516,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685105349,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":119,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+00940{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041680216814,"flow_src_last_pkt_time":1587041680216814,"flow_dst_last_pkt_time":1587041680216814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":355,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":355,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":355,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685136892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":167,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":167,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01094{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":28,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041677034491,"flow_dst_last_pkt_time":1587041677077119,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":55346,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
+01094{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":13,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677329010,"flow_dst_last_pkt_time":1587041677375849,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":15383,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
+00765{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":10,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678260705,"flow_dst_last_pkt_time":1587041678303901,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":7350,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681895434,"flow_dst_last_pkt_time":1587041681895339,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":623,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":975,"flow_dst_tot_l4_payload_len":6679,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681908691,"flow_dst_last_pkt_time":1587041681908585,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":608,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":945,"flow_dst_tot_l4_payload_len":6653,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00950{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682370931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":10,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682204478,"flow_dst_last_pkt_time":1587041682204431,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":4763,"flow_dst_tot_l4_payload_len":7425,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+00766{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682212323,"flow_dst_last_pkt_time":1587041682212216,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":7371,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01095{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":67,"flow_dst_packets_processed":40,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041683043372,"flow_dst_last_pkt_time":1587041683086074,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":81655,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
+00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":17,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041692020857,"flow_dst_last_pkt_time":1587041692106644,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1060,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2340,"flow_dst_tot_l4_payload_len":7396,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":34,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041691929361,"flow_dst_last_pkt_time":1587041691929326,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":4886,"flow_dst_tot_l4_payload_len":9530,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":15,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683511746,"flow_dst_last_pkt_time":1587041683511702,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2582,"flow_dst_tot_l4_payload_len":7830,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+00767{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":11,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683605577,"flow_dst_last_pkt_time":1587041683650246,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":10847,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00767{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685981024,"flow_dst_last_pkt_time":1587041685980991,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1339,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1700,"flow_dst_tot_l4_payload_len":7160,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00766{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685846969,"flow_dst_last_pkt_time":1587041685890013,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":4906,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00767{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":13,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041688035601,"flow_dst_last_pkt_time":1587041688035530,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":4661,"flow_dst_tot_l4_payload_len":7035,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01095{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":12,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686542441,"flow_dst_last_pkt_time":1587041686589907,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":14115,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
+01095{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":14,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041688014105,"flow_dst_last_pkt_time":1587041688061175,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":17654,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
+00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":14,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691582349,"flow_dst_last_pkt_time":1587041691582252,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":994,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2028,"flow_dst_tot_l4_payload_len":8121,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041695898012,"flow_dst_last_pkt_time":1587041695993731,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":649,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1651,"flow_dst_tot_l4_payload_len":6669,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041697427096,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1674,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00952{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280602,"flow_src_last_pkt_time":1587041679280602,"flow_dst_last_pkt_time":1587041679280602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+00902{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1587041673094451,"flow_src_last_pkt_time":1587041677380886,"flow_dst_last_pkt_time":1587041673094451,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00753{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1587041673094451,"flow_src_last_pkt_time":1587041677380886,"flow_dst_last_pkt_time":1587041673094451,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041684291077,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684304618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":172,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","proto_id":"5.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":26,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041685465859,"flow_dst_last_pkt_time":1587041685465767,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":6160,"flow_dst_tot_l4_payload_len":8327,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}}
+00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685243104,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01088{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041688135097,"flow_dst_last_pkt_time":1587041688190082,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":955,"flow_dst_max_l4_payload_len":1226,"flow_src_tot_l4_payload_len":1523,"flow_dst_tot_l4_payload_len":1409,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
+00950{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280885,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+01087{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041695538890,"flow_dst_last_pkt_time":1587041695538791,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":946,"flow_dst_max_l4_payload_len":1225,"flow_src_tot_l4_payload_len":2423,"flow_dst_tot_l4_payload_len":1677,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
+00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041683142905,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683184989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":180,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":180,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+01011{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"STUN","proto_id":"78","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
+00769{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00950{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682668456,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682697730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+00848{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":72,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
+00761{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":72,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":162,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+01104{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041698021081,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4692,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041696574201,"flow_dst_last_pkt_time":1587041697619539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":424,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685091534,"flow_src_last_pkt_time":1587041685091534,"flow_dst_last_pkt_time":1587041685104871,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":131,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":131,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+00950{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041690880711,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690915102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":259,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":259,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+00952{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041693517336,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693530810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":143,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Azure","proto_id":"5.276","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686659283,"flow_src_last_pkt_time":1587041686659283,"flow_dst_last_pkt_time":1587041686659283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}}
+00765{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1587041682740607,"flow_src_last_pkt_time":1587041682856432,"flow_dst_last_pkt_time":1587041682745518,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":8819,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041679059584,"flow_src_last_pkt_time":1587041680062816,"flow_dst_last_pkt_time":1587041680074798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":94,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":94,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+00953{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695591686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":994,"flow_dst_tot_l4_payload_len":420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP"}}
+00950{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP"}}
+01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00952{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041697663187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP"}}
+00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041697669056,"flow_dst_last_pkt_time":1587041697713165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":186,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1180,"flow_dst_tot_l4_payload_len":565,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP"}}
+00950{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP"}}
+00952{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041697714311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","proto_id":"78.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Safe","category_id":10,"category":"VoIP"}}
+01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695433333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687435320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":10,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676808147,"flow_dst_last_pkt_time":1587041676808041,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1405,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1808,"flow_dst_tot_l4_payload_len":6621,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}}
+00973{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685681752,"flow_dst_last_pkt_time":1587041685681659,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3164,"flow_dst_tot_l4_payload_len":6995,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}}
+00765{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041687253807,"flow_dst_last_pkt_time":1587041687253692,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3163,"flow_dst_tot_l4_payload_len":7012,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00760{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041680294054,"flow_src_last_pkt_time":1587041680294649,"flow_dst_last_pkt_time":1587041680294680,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1090,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1126,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685171649,"flow_src_last_pkt_time":1587041685171649,"flow_dst_last_pkt_time":1587041685185131,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":194,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":194,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","proto_id":"5.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00940{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041691089391,"flow_dst_last_pkt_time":1587041691089314,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1343,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00940{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697244908,"flow_dst_last_pkt_time":1587041697244816,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1359,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687745080,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681218709,"flow_src_last_pkt_time":1587041681218709,"flow_dst_last_pkt_time":1587041681248693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","proto_id":"5.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+00939{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041675997451,"flow_src_last_pkt_time":1587041675997451,"flow_dst_last_pkt_time":1587041676010607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":67,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":67,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041691075869,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691148968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":116,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694234511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685093044,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685127636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":174,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":174,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"teams.pcap","alias":"nDPId-test","packets-captured":1540,"packets-processed":1498,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":63,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":680,"global_ts_usec":1587041698021081}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
-~~ packets captured/processed: 2817/2775
+~~ packets captured/processed: 1540/1498
 ~~ skipped flows.............: 0
-~~ total layer4 data length..: 1327851 bytes
+~~ total layer4 data length..: 587095 bytes
 ~~ total detected protocols..: 80
 ~~ total active/idle flows...: 83/83
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 7552242 bytes
-~~ total memory freed........: 7552242 bytes
-~~ total allocations/frees...: 126511/126511
+~~ total memory allocated....: 7520770 bytes
+~~ total memory freed........: 7520770 bytes
+~~ total allocations/frees...: 125244/125244
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 287 chars
 ~~ json string max len.......: 2463 chars
diff --git a/test/results/teamspeak3.pcap.out b/test/results/teamspeak3.pcap.out
index 47ea263b8..c4d2ffcd6 100644
--- a/test/results/teamspeak3.pcap.out
+++ b/test/results/teamspeak3.pcap.out
@@ -7,20 +7,269 @@
 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":946745681306941,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":946745681306941,"pkt":"REREREREZmZmZmZmCABFAAA+yX1AAHgRng8KAAABCgAAAs\/DJwMAKptdVFMzSU5JVDEAZQAAiA3QV2YAX1kW4K3na2IAAAAAAAAAAA=="}
 00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":946745681306983,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":946745681306983,"pkt":"REREREREZmZmZmZmCABFAADYyX5AAHgRnXQKAAABCgAAAs\/DJwMAxJv3eXRj6JO6fmAAAAAAIp10i0Wqe++5nv6tCBm6z0HgFqIVc9rwk+JLXtHwnSIOS9qVPnECnykaLcJG8hX08WvnftBqcJmqRqZMetkjLRcZ56Qb0yr7w3DD9zi02VU5x7l+AWx+kCtuxsALbdDKU+g3u9+7M\/R0k3h6Cj2dgqVHMwYrJL8wicW8AZK\/KfPOtEoKiRpNuYkxO9WWvZSdqdAZVZGl4X6vDNBIwrDu7kll5TuFIGNHjpSa9tdfD6M="}
 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":946745682007760,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":946745682007760,"pkt":"REREREREZmZmZmZmCABFAAA+yf1AAHgRnY8KAAABCgAAAs\/DJwMAKptdVFMzSU5JVDEAZQAAiA3QV2YAX1kW4K3na2MAAAAAAAAAAA=="}
-00934{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":946745680740311,"flow_src_last_pkt_time":946745717746131,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1365,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946745717746131,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":13,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":1365,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":946745717746131}
+00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":14,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":1365,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1667856551682719}
+00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667856551682719,"flow_dst_last_pkt_time":1667856551682719,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1667856551682719,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1667856551682719,"flow_dst_last_pkt_time":1667856551682719,"flow_idle_time":200000000,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1667856551682719,"pkt":"AABeAAEK6qmpVXFVCABFAAAg6GhAAD8RkF7BHxlGM0S1XAfbB9oADMMjAYCEAQ=="}
+00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1667856551682719,"flow_dst_last_pkt_time":1667856551687540,"flow_idle_time":200000000,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":16,"thread_ts_usec":1667856551687540,"pkt":"6qmpVXFVEA5+JvHACABFAAAkwyxAADQRwJYzRLVcwR8ZRgfaB9sAEFGEAYCEAXxl2acAAAAAAAA="}
+00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1667856551688093,"flow_dst_last_pkt_time":1667856551687540,"flow_idle_time":200000000,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1667856551688093,"pkt":"AABeAAEK6qmpVXFVCABFAAAs6GlAAD8RkFHBHxlGM0S1XAfbB9oAGMMvAYGEAnxl2acDJyAAAAAAAA=="}
+00901{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667856551688093,"flow_dst_last_pkt_time":1667856551687540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1667856551688093,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1667856551688093,"flow_dst_last_pkt_time":1667856551693001,"flow_idle_time":200000000,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":13,"thread_ts_usec":1667856551693001,"pkt":"6qmpVXFVEA5+JvHACABFAAAhwy5AADQRwJczRLVcwR8ZRgfaB9sADaeVAYGEAgAAAAAAAAAAAAA="}
+00935{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":946745680740311,"flow_src_last_pkt_time":946745717746131,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1365,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1667856551693001,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1667857151661156,"flow_dst_last_pkt_time":1667856551693001,"flow_idle_time":200000000,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1667857151661156,"pkt":"AABeAAEK6qmpVXFVCABFAAAgFyVAAD8RYaLBHxlGM0S1XAfbB9oADMMjAYKEAQ=="}
+00943{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":22,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667857151666127,"flow_dst_last_pkt_time":1667857151670963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":26,"midstream":0,"thread_ts_usec":1667857151670963,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":22,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":1431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1667857751746605}
+00943{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":26,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667857751751776,"flow_dst_last_pkt_time":1667857751756665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":39,"midstream":0,"thread_ts_usec":1667857751756665,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":26,"packets-processed":25,"total-skipped-flows":0,"total-l4-payload-len":1464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1667858351841483}
+00943{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":30,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667858351846489,"flow_dst_last_pkt_time":1667858351851342,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1667858351851342,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00946{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":34,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667858951749360,"flow_dst_last_pkt_time":1667858951754177,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":65,"midstream":0,"thread_ts_usec":1667858951754177,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":34,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":1530,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":4,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1667859551930352}
+00946{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":38,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667859551935305,"flow_dst_last_pkt_time":1667859551940122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":78,"midstream":0,"thread_ts_usec":1667859551940122,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00946{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":42,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":14,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667860151925248,"flow_dst_last_pkt_time":1667860151930037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":91,"midstream":0,"thread_ts_usec":1667860151930037,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":42,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":42,"packets-processed":41,"total-skipped-flows":0,"total-l4-payload-len":1596,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1667860752077584}
+02202{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":45,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667860752082559,"flow_dst_last_pkt_time":1667860752087365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1667860752087365,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4821,"avg":132446368.0,"max":600180997,"stddev":380875840.0,"var":145066403072835584.0,"ent":3.8,"data": [4821,5374,5461,599973063,599972971,4971,4991,600080478,600080533,5171,5169,600089707,600089636,5006,5041,599897642,599897696,5229,5139,600180992,600180997,4953,4948,599984779,599984795,5164,5120,600152336,600152365,4975,4963]},"pktlen": {"min":32,"avg":40.0,"max":44,"stddev":4.7,"var":22.0,"ent":5.0,"data": [32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.625000000,4.458523273,4.765583038,4.075578690,4.625000000,4.506142139,4.765583038,4.075578690,4.500000000,4.345311642,4.674674511,4.009986401,4.625000000,4.458523273,4.720128536,4.075578690,4.562500000,4.458523273,4.720128536,3.980340719,4.625000000,4.315666676,4.720128536,3.980340719,4.562500000,4.458523273,4.629220009,4.075578690,4.562500000,4.506142139,4.720128536,4.027959824]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00947{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667860752082559,"flow_dst_last_pkt_time":1667860752087365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1667860752087365,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00947{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":50,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667861351993175,"flow_dst_last_pkt_time":1667861351998031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1667861351998031,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":50,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":50,"packets-processed":49,"total-skipped-flows":0,"total-l4-payload-len":1662,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":8,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1667861952155552}
+00947{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":54,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":20,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667861952160606,"flow_dst_last_pkt_time":1667861952165473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":130,"midstream":0,"thread_ts_usec":1667861952165473,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00947{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":58,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":22,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667862552075384,"flow_dst_last_pkt_time":1667862552080210,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1667862552080210,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-payload-len":1728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1667863152145991}
+00947{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":62,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":24,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667863152150938,"flow_dst_last_pkt_time":1667863152155777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1667863152155777,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00947{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":66,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":26,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667863752105541,"flow_dst_last_pkt_time":1667863752110395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":169,"midstream":0,"thread_ts_usec":1667863752110395,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":66,"packets-processed":65,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":12,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_usec":1667864352264298}
+00947{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":70,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":28,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667864352269395,"flow_dst_last_pkt_time":1667864352274267,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":1667864352274267,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":70,"packets-processed":69,"total-skipped-flows":0,"total-l4-payload-len":1827,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":13,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1667864952277211}
+00947{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":74,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":30,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667864952282201,"flow_dst_last_pkt_time":1667864952287024,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":195,"midstream":0,"thread_ts_usec":1667864952287024,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":1860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1667865552502273}
+00947{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":78,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":32,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667865552507391,"flow_dst_last_pkt_time":1667865552512264,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1667865552512264,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00947{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":82,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":34,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667866152387758,"flow_dst_last_pkt_time":1667866152392764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":221,"midstream":0,"thread_ts_usec":1667866152392764,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":82,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":82,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":1926,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_usec":1667866752540859}
+00947{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":86,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":36,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667866752545981,"flow_dst_last_pkt_time":1667866752550878,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":234,"midstream":0,"thread_ts_usec":1667866752550878,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00947{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":90,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":38,"flow_dst_packets_processed":38,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667867352498846,"flow_dst_last_pkt_time":1667867352503806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":380,"flow_dst_tot_l4_payload_len":247,"midstream":0,"thread_ts_usec":1667867352503806,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":90,"packets-processed":89,"total-skipped-flows":0,"total-l4-payload-len":1992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":18,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1667867952564843}
+00947{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":94,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":40,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667867952571449,"flow_dst_last_pkt_time":1667867952576449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":400,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1667867952576449,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":94,"packets-processed":93,"total-skipped-flows":0,"total-l4-payload-len":2025,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":19,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1667868552626724}
+00947{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":98,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":42,"flow_dst_packets_processed":42,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667868552631982,"flow_dst_last_pkt_time":1667868552644435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":273,"midstream":0,"thread_ts_usec":1667868552644435,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":98,"packets-processed":97,"total-skipped-flows":0,"total-l4-payload-len":2058,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1667869152831749}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":102,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":44,"flow_dst_packets_processed":44,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667869152836944,"flow_dst_last_pkt_time":1667869152841890,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":440,"flow_dst_tot_l4_payload_len":286,"midstream":0,"thread_ts_usec":1667869152841890,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":106,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":46,"flow_dst_packets_processed":46,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667869752718957,"flow_dst_last_pkt_time":1667869752723999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":460,"flow_dst_tot_l4_payload_len":299,"midstream":0,"thread_ts_usec":1667869752723999,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":2124,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":22,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1667870352860295}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":110,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":48,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667870352865541,"flow_dst_last_pkt_time":1667870352870527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":480,"flow_dst_tot_l4_payload_len":312,"midstream":0,"thread_ts_usec":1667870352870527,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":113,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":113,"packets-processed":112,"total-skipped-flows":0,"total-l4-payload-len":2185,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":23,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1667870952861879}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":114,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":50,"flow_dst_packets_processed":50,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667870952856962,"flow_dst_last_pkt_time":1667870952861879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":500,"flow_dst_tot_l4_payload_len":325,"midstream":0,"thread_ts_usec":1667870952861879,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":114,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":2190,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":24,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1667871552965002}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":52,"flow_dst_packets_processed":52,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667871552970090,"flow_dst_last_pkt_time":1667871552974984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":520,"flow_dst_tot_l4_payload_len":338,"midstream":0,"thread_ts_usec":1667871552974984,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":2251,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":61,"global_ts_usec":1667872152967383}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":54,"flow_dst_packets_processed":54,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667872152962414,"flow_dst_last_pkt_time":1667872152967383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":540,"flow_dst_tot_l4_payload_len":351,"midstream":0,"thread_ts_usec":1667872152967383,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":122,"packets-processed":121,"total-skipped-flows":0,"total-l4-payload-len":2256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1667872753004113}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":126,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":56,"flow_dst_packets_processed":56,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667872753009396,"flow_dst_last_pkt_time":1667872753014340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":364,"midstream":0,"thread_ts_usec":1667872753014340,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":126,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":126,"packets-processed":125,"total-skipped-flows":0,"total-l4-payload-len":2289,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":27,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_usec":1667873353144571}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":130,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":58,"flow_dst_packets_processed":58,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667873353149829,"flow_dst_last_pkt_time":1667873353154817,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":377,"midstream":0,"thread_ts_usec":1667873353154817,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":133,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":133,"packets-processed":132,"total-skipped-flows":0,"total-l4-payload-len":2350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_usec":1667873953146815}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":134,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":60,"flow_dst_packets_processed":60,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667873953141847,"flow_dst_last_pkt_time":1667873953146815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":600,"flow_dst_tot_l4_payload_len":390,"midstream":0,"thread_ts_usec":1667873953146815,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":134,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":134,"packets-processed":133,"total-skipped-flows":0,"total-l4-payload-len":2355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":29,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":69,"global_ts_usec":1667874553276670}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":138,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":62,"flow_dst_packets_processed":62,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667874553281783,"flow_dst_last_pkt_time":1667874553286698,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":620,"flow_dst_tot_l4_payload_len":403,"midstream":0,"thread_ts_usec":1667874553286698,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":142,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":64,"flow_dst_packets_processed":64,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667875153244452,"flow_dst_last_pkt_time":1667875153249351,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":640,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1667875153249351,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":142,"packets-processed":141,"total-skipped-flows":0,"total-l4-payload-len":2421,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":72,"global_ts_usec":1667875753342484}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":146,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":66,"flow_dst_packets_processed":66,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667875753347778,"flow_dst_last_pkt_time":1667875753352702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":429,"midstream":0,"thread_ts_usec":1667875753352702,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":146,"packets-processed":145,"total-skipped-flows":0,"total-l4-payload-len":2454,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":74,"global_ts_usec":1667876353408264}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":150,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":68,"flow_dst_packets_processed":68,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667876353413449,"flow_dst_last_pkt_time":1667876353418444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":442,"midstream":0,"thread_ts_usec":1667876353418444,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":150,"packets-processed":149,"total-skipped-flows":0,"total-l4-payload-len":2487,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":33,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":76,"global_ts_usec":1667876953587033}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":154,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":70,"flow_dst_packets_processed":70,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667876953592257,"flow_dst_last_pkt_time":1667876953597228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":700,"flow_dst_tot_l4_payload_len":455,"midstream":0,"thread_ts_usec":1667876953597228,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":158,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":72,"flow_dst_packets_processed":72,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667877553543097,"flow_dst_last_pkt_time":1667877553548159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":720,"flow_dst_tot_l4_payload_len":468,"midstream":0,"thread_ts_usec":1667877553548159,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":158,"packets-processed":157,"total-skipped-flows":0,"total-l4-payload-len":2553,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":35,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":79,"global_ts_usec":1667878153569226}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":162,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":74,"flow_dst_packets_processed":74,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667878153574404,"flow_dst_last_pkt_time":1667878153579443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":740,"flow_dst_tot_l4_payload_len":481,"midstream":0,"thread_ts_usec":1667878153579443,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":162,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":162,"packets-processed":161,"total-skipped-flows":0,"total-l4-payload-len":2586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":36,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":81,"global_ts_usec":1667878753632528}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":166,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":76,"flow_dst_packets_processed":76,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667878753638134,"flow_dst_last_pkt_time":1667878753643091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":760,"flow_dst_tot_l4_payload_len":494,"midstream":0,"thread_ts_usec":1667878753643091,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":166,"packets-processed":165,"total-skipped-flows":0,"total-l4-payload-len":2619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":83,"global_ts_usec":1667879353636120}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":170,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":78,"flow_dst_packets_processed":78,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667879353641506,"flow_dst_last_pkt_time":1667879353646439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":780,"flow_dst_tot_l4_payload_len":507,"midstream":0,"thread_ts_usec":1667879353646439,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":170,"packets-processed":169,"total-skipped-flows":0,"total-l4-payload-len":2652,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":38,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":85,"global_ts_usec":1667879953703352}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":174,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":80,"flow_dst_packets_processed":80,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667879953708739,"flow_dst_last_pkt_time":1667879953713725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":800,"flow_dst_tot_l4_payload_len":520,"midstream":0,"thread_ts_usec":1667879953713725,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":174,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":174,"packets-processed":173,"total-skipped-flows":0,"total-l4-payload-len":2685,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":87,"global_ts_usec":1667880553876737}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":178,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":82,"flow_dst_packets_processed":82,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667880553881895,"flow_dst_last_pkt_time":1667880553886879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":533,"midstream":0,"thread_ts_usec":1667880553886879,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":182,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":84,"flow_dst_packets_processed":84,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667881153859790,"flow_dst_last_pkt_time":1667881153864831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":840,"flow_dst_tot_l4_payload_len":546,"midstream":0,"thread_ts_usec":1667881153864831,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":182,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":182,"packets-processed":181,"total-skipped-flows":0,"total-l4-payload-len":2751,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":41,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":90,"global_ts_usec":1667881753952134}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":186,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":86,"flow_dst_packets_processed":86,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667881753957333,"flow_dst_last_pkt_time":1667881753962303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":860,"flow_dst_tot_l4_payload_len":559,"midstream":0,"thread_ts_usec":1667881753962303,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":190,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":88,"flow_dst_packets_processed":88,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667882353935191,"flow_dst_last_pkt_time":1667882353940184,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":572,"midstream":0,"thread_ts_usec":1667882353940184,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":190,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":190,"packets-processed":189,"total-skipped-flows":0,"total-l4-payload-len":2817,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":93,"global_ts_usec":1667882954166449}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":194,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":90,"flow_dst_packets_processed":90,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667882954171570,"flow_dst_last_pkt_time":1667882954176520,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":900,"flow_dst_tot_l4_payload_len":585,"midstream":0,"thread_ts_usec":1667882954176520,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":198,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":92,"flow_dst_packets_processed":92,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667883554074126,"flow_dst_last_pkt_time":1667883554079112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":920,"flow_dst_tot_l4_payload_len":598,"midstream":0,"thread_ts_usec":1667883554079112,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":198,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":198,"packets-processed":197,"total-skipped-flows":0,"total-l4-payload-len":2883,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":96,"global_ts_usec":1667884154200917}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":202,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":94,"flow_dst_packets_processed":94,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667884154206101,"flow_dst_last_pkt_time":1667884154211101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":611,"midstream":0,"thread_ts_usec":1667884154211101,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":206,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":96,"flow_dst_packets_processed":96,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667884754157900,"flow_dst_last_pkt_time":1667884754162909,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":960,"flow_dst_tot_l4_payload_len":624,"midstream":0,"thread_ts_usec":1667884754162909,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":206,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":206,"packets-processed":205,"total-skipped-flows":0,"total-l4-payload-len":2949,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":99,"global_ts_usec":1667885354328064}
+00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":210,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":98,"flow_dst_packets_processed":98,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667885354333244,"flow_dst_last_pkt_time":1667885354338234,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":980,"flow_dst_tot_l4_payload_len":637,"midstream":0,"thread_ts_usec":1667885354338234,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":210,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":210,"packets-processed":209,"total-skipped-flows":0,"total-l4-payload-len":2982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":48,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":101,"global_ts_usec":1667885954340552}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":214,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":100,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667885954345790,"flow_dst_last_pkt_time":1667885954350789,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1000,"flow_dst_tot_l4_payload_len":650,"midstream":0,"thread_ts_usec":1667885954350789,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":214,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":214,"packets-processed":213,"total-skipped-flows":0,"total-l4-payload-len":3015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":49,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":103,"global_ts_usec":1667886554547380}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":218,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":102,"flow_dst_packets_processed":102,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667886554552478,"flow_dst_last_pkt_time":1667886554557490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1020,"flow_dst_tot_l4_payload_len":663,"midstream":0,"thread_ts_usec":1667886554557490,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":222,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":104,"flow_dst_packets_processed":104,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667887154419061,"flow_dst_last_pkt_time":1667887154424032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":676,"midstream":0,"thread_ts_usec":1667887154424032,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":222,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":222,"packets-processed":221,"total-skipped-flows":0,"total-l4-payload-len":3081,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":51,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":106,"global_ts_usec":1667887754581847}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":226,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":106,"flow_dst_packets_processed":106,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667887754587099,"flow_dst_last_pkt_time":1667887754592084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1060,"flow_dst_tot_l4_payload_len":689,"midstream":0,"thread_ts_usec":1667887754592084,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":230,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":108,"flow_dst_packets_processed":108,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667888354542054,"flow_dst_last_pkt_time":1667888354546973,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1080,"flow_dst_tot_l4_payload_len":702,"midstream":0,"thread_ts_usec":1667888354546973,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":230,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":230,"packets-processed":229,"total-skipped-flows":0,"total-l4-payload-len":3147,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":53,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":109,"global_ts_usec":1667888954680644}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":234,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":110,"flow_dst_packets_processed":110,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667888954685885,"flow_dst_last_pkt_time":1667888954690939,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1100,"flow_dst_tot_l4_payload_len":715,"midstream":0,"thread_ts_usec":1667888954690939,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":234,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":234,"packets-processed":233,"total-skipped-flows":0,"total-l4-payload-len":3180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":111,"global_ts_usec":1667889554755560}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":238,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":112,"flow_dst_packets_processed":112,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667889554760836,"flow_dst_last_pkt_time":1667889554765828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1120,"flow_dst_tot_l4_payload_len":728,"midstream":0,"thread_ts_usec":1667889554765828,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":238,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":238,"packets-processed":237,"total-skipped-flows":0,"total-l4-payload-len":3213,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":113,"global_ts_usec":1667890154914103}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":242,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":114,"flow_dst_packets_processed":114,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667890154919389,"flow_dst_last_pkt_time":1667890154924380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1140,"flow_dst_tot_l4_payload_len":741,"midstream":0,"thread_ts_usec":1667890154924380,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":246,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":116,"flow_dst_packets_processed":116,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667890754878493,"flow_dst_last_pkt_time":1667890754883473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1160,"flow_dst_tot_l4_payload_len":754,"midstream":0,"thread_ts_usec":1667890754883473,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":246,"packets-processed":245,"total-skipped-flows":0,"total-l4-payload-len":3279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":116,"global_ts_usec":1667891355001091}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":250,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":118,"flow_dst_packets_processed":118,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667891355006788,"flow_dst_last_pkt_time":1667891355011838,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1180,"flow_dst_tot_l4_payload_len":767,"midstream":0,"thread_ts_usec":1667891355011838,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":254,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":120,"flow_dst_packets_processed":120,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667891954956914,"flow_dst_last_pkt_time":1667891954961842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":780,"midstream":0,"thread_ts_usec":1667891954961842,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":254,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":254,"packets-processed":253,"total-skipped-flows":0,"total-l4-payload-len":3345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":59,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":119,"global_ts_usec":1667892555167346}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":258,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":122,"flow_dst_packets_processed":122,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667892555172533,"flow_dst_last_pkt_time":1667892555177496,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1220,"flow_dst_tot_l4_payload_len":793,"midstream":0,"thread_ts_usec":1667892555177496,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":262,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":124,"flow_dst_packets_processed":124,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667893155127871,"flow_dst_last_pkt_time":1667893155132919,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":806,"midstream":0,"thread_ts_usec":1667893155132919,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":262,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":262,"packets-processed":261,"total-skipped-flows":0,"total-l4-payload-len":3411,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":61,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":122,"global_ts_usec":1667893755260179}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":266,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":126,"flow_dst_packets_processed":126,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667893755265342,"flow_dst_last_pkt_time":1667893755270276,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":819,"midstream":0,"thread_ts_usec":1667893755270276,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":266,"packets-processed":265,"total-skipped-flows":0,"total-l4-payload-len":3444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":62,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":124,"global_ts_usec":1667894355302105}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":270,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":128,"flow_dst_packets_processed":128,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667894355307414,"flow_dst_last_pkt_time":1667894355312359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":832,"midstream":0,"thread_ts_usec":1667894355312359,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":270,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":270,"packets-processed":269,"total-skipped-flows":0,"total-l4-payload-len":3477,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":63,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":126,"global_ts_usec":1667894955409230}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":274,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":130,"flow_dst_packets_processed":130,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667894955414396,"flow_dst_last_pkt_time":1667894955419371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1300,"flow_dst_tot_l4_payload_len":845,"midstream":0,"thread_ts_usec":1667894955419371,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":278,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":132,"flow_dst_packets_processed":132,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667895555356769,"flow_dst_last_pkt_time":1667895555361872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1320,"flow_dst_tot_l4_payload_len":858,"midstream":0,"thread_ts_usec":1667895555361872,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":278,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":278,"packets-processed":277,"total-skipped-flows":0,"total-l4-payload-len":3543,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":65,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":129,"global_ts_usec":1667896155512008}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":134,"flow_dst_packets_processed":134,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667896155517256,"flow_dst_last_pkt_time":1667896155522215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1340,"flow_dst_tot_l4_payload_len":871,"midstream":0,"thread_ts_usec":1667896155522215,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":286,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":136,"flow_dst_packets_processed":136,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667896755496441,"flow_dst_last_pkt_time":1667896755501407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":884,"midstream":0,"thread_ts_usec":1667896755501407,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":286,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":286,"packets-processed":285,"total-skipped-flows":0,"total-l4-payload-len":3609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":67,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":132,"global_ts_usec":1667897355721055}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":290,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":138,"flow_dst_packets_processed":138,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667897355726163,"flow_dst_last_pkt_time":1667897355731141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1380,"flow_dst_tot_l4_payload_len":897,"midstream":0,"thread_ts_usec":1667897355731141,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":294,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":140,"flow_dst_packets_processed":140,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667897955693161,"flow_dst_last_pkt_time":1667897955698197,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1400,"flow_dst_tot_l4_payload_len":910,"midstream":0,"thread_ts_usec":1667897955698197,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":294,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":294,"packets-processed":293,"total-skipped-flows":0,"total-l4-payload-len":3675,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":69,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":135,"global_ts_usec":1667898555812144}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":142,"flow_dst_packets_processed":142,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667898555817351,"flow_dst_last_pkt_time":1667898555822315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1420,"flow_dst_tot_l4_payload_len":923,"midstream":0,"thread_ts_usec":1667898555822315,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":302,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":144,"flow_dst_packets_processed":144,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667899155761861,"flow_dst_last_pkt_time":1667899155766839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":936,"midstream":0,"thread_ts_usec":1667899155766839,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":302,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":302,"packets-processed":301,"total-skipped-flows":0,"total-l4-payload-len":3741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":71,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":138,"global_ts_usec":1667899755907084}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":306,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":146,"flow_dst_packets_processed":146,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667899755912613,"flow_dst_last_pkt_time":1667899755917554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":949,"midstream":0,"thread_ts_usec":1667899755917554,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":310,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":148,"flow_dst_packets_processed":148,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667900355876128,"flow_dst_last_pkt_time":1667900355881101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1480,"flow_dst_tot_l4_payload_len":962,"midstream":0,"thread_ts_usec":1667900355881101,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":310,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":310,"packets-processed":309,"total-skipped-flows":0,"total-l4-payload-len":3807,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":73,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":141,"global_ts_usec":1667900956028384}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":314,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":150,"flow_dst_packets_processed":150,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667900956033514,"flow_dst_last_pkt_time":1667900956038487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1500,"flow_dst_tot_l4_payload_len":975,"midstream":0,"thread_ts_usec":1667900956038487,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":318,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":152,"flow_dst_packets_processed":152,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667901555988133,"flow_dst_last_pkt_time":1667901555993121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1520,"flow_dst_tot_l4_payload_len":988,"midstream":0,"thread_ts_usec":1667901555993121,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":318,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":318,"packets-processed":317,"total-skipped-flows":0,"total-l4-payload-len":3873,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":75,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":144,"global_ts_usec":1667902156041748}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":322,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":154,"flow_dst_packets_processed":154,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667902156047066,"flow_dst_last_pkt_time":1667902156052018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1540,"flow_dst_tot_l4_payload_len":1001,"midstream":0,"thread_ts_usec":1667902156052018,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":322,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":322,"packets-processed":321,"total-skipped-flows":0,"total-l4-payload-len":3906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":76,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":146,"global_ts_usec":1667902756106952}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":326,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":156,"flow_dst_packets_processed":156,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667902756112485,"flow_dst_last_pkt_time":1667902756117482,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1560,"flow_dst_tot_l4_payload_len":1014,"midstream":0,"thread_ts_usec":1667902756117482,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":326,"packets-processed":325,"total-skipped-flows":0,"total-l4-payload-len":3939,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":77,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":148,"global_ts_usec":1667903356166082}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":330,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":158,"flow_dst_packets_processed":158,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667903356171219,"flow_dst_last_pkt_time":1667903356176150,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1580,"flow_dst_tot_l4_payload_len":1027,"midstream":0,"thread_ts_usec":1667903356176150,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":330,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":330,"packets-processed":329,"total-skipped-flows":0,"total-l4-payload-len":3972,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":150,"global_ts_usec":1667903956205391}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":334,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":160,"flow_dst_packets_processed":160,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667903956210625,"flow_dst_last_pkt_time":1667903956215536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1600,"flow_dst_tot_l4_payload_len":1040,"midstream":0,"thread_ts_usec":1667903956215536,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":334,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":334,"packets-processed":333,"total-skipped-flows":0,"total-l4-payload-len":4005,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":152,"global_ts_usec":1667904556255353}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":338,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":162,"flow_dst_packets_processed":162,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667904556260623,"flow_dst_last_pkt_time":1667904556265561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1620,"flow_dst_tot_l4_payload_len":1053,"midstream":0,"thread_ts_usec":1667904556265561,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":338,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":338,"packets-processed":337,"total-skipped-flows":0,"total-l4-payload-len":4038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":80,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":154,"global_ts_usec":1667905156369162}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":342,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":164,"flow_dst_packets_processed":164,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667905156374273,"flow_dst_last_pkt_time":1667905156379254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1640,"flow_dst_tot_l4_payload_len":1066,"midstream":0,"thread_ts_usec":1667905156379254,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":346,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":166,"flow_dst_packets_processed":166,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667905756313488,"flow_dst_last_pkt_time":1667905756318378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1660,"flow_dst_tot_l4_payload_len":1079,"midstream":0,"thread_ts_usec":1667905756318378,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":346,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":346,"packets-processed":345,"total-skipped-flows":0,"total-l4-payload-len":4104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":157,"global_ts_usec":1667906356457980}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":350,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":168,"flow_dst_packets_processed":168,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667906356463124,"flow_dst_last_pkt_time":1667906356468031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1680,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1667906356468031,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":354,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":170,"flow_dst_packets_processed":170,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667906956410643,"flow_dst_last_pkt_time":1667906956415568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1700,"flow_dst_tot_l4_payload_len":1105,"midstream":0,"thread_ts_usec":1667906956415568,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":354,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":354,"packets-processed":353,"total-skipped-flows":0,"total-l4-payload-len":4170,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":84,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":160,"global_ts_usec":1667907556513484}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":358,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":172,"flow_dst_packets_processed":172,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667907556518677,"flow_dst_last_pkt_time":1667907556523620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1720,"flow_dst_tot_l4_payload_len":1118,"midstream":0,"thread_ts_usec":1667907556523620,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":361,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":361,"packets-processed":360,"total-skipped-flows":0,"total-l4-payload-len":4231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":85,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":162,"global_ts_usec":1667908156515424}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":362,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":174,"flow_dst_packets_processed":174,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667908156510528,"flow_dst_last_pkt_time":1667908156515424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1740,"flow_dst_tot_l4_payload_len":1131,"midstream":0,"thread_ts_usec":1667908156515424,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":362,"packets-processed":361,"total-skipped-flows":0,"total-l4-payload-len":4236,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":86,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":164,"global_ts_usec":1667908756689314}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":366,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":176,"flow_dst_packets_processed":176,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667908756694403,"flow_dst_last_pkt_time":1667908756699292,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":1144,"midstream":0,"thread_ts_usec":1667908756699292,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":370,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":178,"flow_dst_packets_processed":178,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667909356671590,"flow_dst_last_pkt_time":1667909356676397,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1780,"flow_dst_tot_l4_payload_len":1157,"midstream":0,"thread_ts_usec":1667909356676397,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":370,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":370,"packets-processed":369,"total-skipped-flows":0,"total-l4-payload-len":4302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":167,"global_ts_usec":1667909956810650}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":374,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":180,"flow_dst_packets_processed":180,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667909956815838,"flow_dst_last_pkt_time":1667909956820716,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1800,"flow_dst_tot_l4_payload_len":1170,"midstream":0,"thread_ts_usec":1667909956820716,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":378,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":182,"flow_dst_packets_processed":182,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667910556765092,"flow_dst_last_pkt_time":1667910556769939,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1820,"flow_dst_tot_l4_payload_len":1183,"midstream":0,"thread_ts_usec":1667910556769939,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":378,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":378,"packets-processed":377,"total-skipped-flows":0,"total-l4-payload-len":4368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":90,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":170,"global_ts_usec":1667911156952838}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":382,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":184,"flow_dst_packets_processed":184,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667911156957940,"flow_dst_last_pkt_time":1667911156962766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1840,"flow_dst_tot_l4_payload_len":1196,"midstream":0,"thread_ts_usec":1667911156962766,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":386,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":186,"flow_dst_packets_processed":186,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667911756928410,"flow_dst_last_pkt_time":1667911756933311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1860,"flow_dst_tot_l4_payload_len":1209,"midstream":0,"thread_ts_usec":1667911756933311,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":386,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":386,"packets-processed":385,"total-skipped-flows":0,"total-l4-payload-len":4434,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":92,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":173,"global_ts_usec":1667912357066553}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":390,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":188,"flow_dst_packets_processed":188,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667912357071592,"flow_dst_last_pkt_time":1667912357076394,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1880,"flow_dst_tot_l4_payload_len":1222,"midstream":0,"thread_ts_usec":1667912357076394,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":390,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":390,"packets-processed":389,"total-skipped-flows":0,"total-l4-payload-len":4467,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":175,"global_ts_usec":1667912957180917}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":394,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":190,"flow_dst_packets_processed":190,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667912957187835,"flow_dst_last_pkt_time":1667912957193306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1900,"flow_dst_tot_l4_payload_len":1235,"midstream":0,"thread_ts_usec":1667912957193306,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":398,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":192,"flow_dst_packets_processed":192,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667913557149355,"flow_dst_last_pkt_time":1667913557154138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1920,"flow_dst_tot_l4_payload_len":1248,"midstream":0,"thread_ts_usec":1667913557154138,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":398,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":398,"packets-processed":397,"total-skipped-flows":0,"total-l4-payload-len":4533,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":95,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":178,"global_ts_usec":1667914157284622}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":402,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":194,"flow_dst_packets_processed":194,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667914157289594,"flow_dst_last_pkt_time":1667914157294449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1940,"flow_dst_tot_l4_payload_len":1261,"midstream":0,"thread_ts_usec":1667914157294449,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":402,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":402,"packets-processed":401,"total-skipped-flows":0,"total-l4-payload-len":4566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":96,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":180,"global_ts_usec":1667914757354818}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":406,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":196,"flow_dst_packets_processed":196,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667914757360081,"flow_dst_last_pkt_time":1667914757364918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1960,"flow_dst_tot_l4_payload_len":1274,"midstream":0,"thread_ts_usec":1667914757364918,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":406,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":406,"packets-processed":405,"total-skipped-flows":0,"total-l4-payload-len":4599,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":182,"global_ts_usec":1667915357412080}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":410,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":198,"flow_dst_packets_processed":198,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667915357417116,"flow_dst_last_pkt_time":1667915357421996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1980,"flow_dst_tot_l4_payload_len":1287,"midstream":0,"thread_ts_usec":1667915357421996,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":410,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":410,"packets-processed":409,"total-skipped-flows":0,"total-l4-payload-len":4632,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":98,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":184,"global_ts_usec":1667915957427289}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":414,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":200,"flow_dst_packets_processed":200,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667915957432416,"flow_dst_last_pkt_time":1667915957437254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2000,"flow_dst_tot_l4_payload_len":1300,"midstream":0,"thread_ts_usec":1667915957437254,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":414,"packets-processed":413,"total-skipped-flows":0,"total-l4-payload-len":4665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":186,"global_ts_usec":1667916557456657}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":418,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":202,"flow_dst_packets_processed":202,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667916557461709,"flow_dst_last_pkt_time":1667916557466499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2020,"flow_dst_tot_l4_payload_len":1313,"midstream":0,"thread_ts_usec":1667916557466499,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":422,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":204,"flow_dst_packets_processed":204,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667917157423210,"flow_dst_last_pkt_time":1667917157428021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2040,"flow_dst_tot_l4_payload_len":1326,"midstream":0,"thread_ts_usec":1667917157428021,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":422,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":422,"packets-processed":421,"total-skipped-flows":0,"total-l4-payload-len":4731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":101,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":189,"global_ts_usec":1667917757547203}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":426,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":206,"flow_dst_packets_processed":206,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667917757552293,"flow_dst_last_pkt_time":1667917757557136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2060,"flow_dst_tot_l4_payload_len":1339,"midstream":0,"thread_ts_usec":1667917757557136,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":426,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":426,"packets-processed":425,"total-skipped-flows":0,"total-l4-payload-len":4764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":102,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":191,"global_ts_usec":1667918357617085}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":430,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":208,"flow_dst_packets_processed":208,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667918357622166,"flow_dst_last_pkt_time":1667918357626995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2080,"flow_dst_tot_l4_payload_len":1352,"midstream":0,"thread_ts_usec":1667918357626995,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":430,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":430,"packets-processed":429,"total-skipped-flows":0,"total-l4-payload-len":4797,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":193,"global_ts_usec":1667918957773708}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":434,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":210,"flow_dst_packets_processed":210,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667918957778810,"flow_dst_last_pkt_time":1667918957783659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2100,"flow_dst_tot_l4_payload_len":1365,"midstream":0,"thread_ts_usec":1667918957783659,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":438,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":212,"flow_dst_packets_processed":212,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667919557747659,"flow_dst_last_pkt_time":1667919557752579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2120,"flow_dst_tot_l4_payload_len":1378,"midstream":0,"thread_ts_usec":1667919557752579,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":438,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":438,"packets-processed":437,"total-skipped-flows":0,"total-l4-payload-len":4863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":105,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":196,"global_ts_usec":1667920157885500}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":442,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":214,"flow_dst_packets_processed":214,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667920157890541,"flow_dst_last_pkt_time":1667920157895403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2140,"flow_dst_tot_l4_payload_len":1391,"midstream":0,"thread_ts_usec":1667920157895403,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":446,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":216,"flow_dst_packets_processed":216,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667920757821189,"flow_dst_last_pkt_time":1667920757826024,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2160,"flow_dst_tot_l4_payload_len":1404,"midstream":0,"thread_ts_usec":1667920757826024,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":446,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":446,"packets-processed":445,"total-skipped-flows":0,"total-l4-payload-len":4929,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":107,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":199,"global_ts_usec":1667921357934789}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":450,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":218,"flow_dst_packets_processed":218,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667921357939819,"flow_dst_last_pkt_time":1667921357944657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2180,"flow_dst_tot_l4_payload_len":1417,"midstream":0,"thread_ts_usec":1667921357944657,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":450,"packets-processed":449,"total-skipped-flows":0,"total-l4-payload-len":4962,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":108,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":201,"global_ts_usec":1667921957936046}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":454,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":220,"flow_dst_packets_processed":220,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667921957941247,"flow_dst_last_pkt_time":1667921957946139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2200,"flow_dst_tot_l4_payload_len":1430,"midstream":0,"thread_ts_usec":1667921957946139,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":454,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":454,"packets-processed":453,"total-skipped-flows":0,"total-l4-payload-len":4995,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":109,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":203,"global_ts_usec":1667922558027247}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":222,"flow_dst_packets_processed":222,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667922558032278,"flow_dst_last_pkt_time":1667922558037152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2220,"flow_dst_tot_l4_payload_len":1443,"midstream":0,"thread_ts_usec":1667922558037152,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":462,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":224,"flow_dst_packets_processed":224,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667923157994247,"flow_dst_last_pkt_time":1667923157999099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2240,"flow_dst_tot_l4_payload_len":1456,"midstream":0,"thread_ts_usec":1667923157999099,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":462,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":462,"packets-processed":461,"total-skipped-flows":0,"total-l4-payload-len":5061,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":111,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":206,"global_ts_usec":1667923758140912}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":466,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":226,"flow_dst_packets_processed":226,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667923758145987,"flow_dst_last_pkt_time":1667923758150812,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2260,"flow_dst_tot_l4_payload_len":1469,"midstream":0,"thread_ts_usec":1667923758150812,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":466,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":466,"packets-processed":465,"total-skipped-flows":0,"total-l4-payload-len":5094,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":112,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":208,"global_ts_usec":1667924358195146}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":470,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":228,"flow_dst_packets_processed":228,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667924358200510,"flow_dst_last_pkt_time":1667924358205436,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2280,"flow_dst_tot_l4_payload_len":1482,"midstream":0,"thread_ts_usec":1667924358205436,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":470,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":470,"packets-processed":469,"total-skipped-flows":0,"total-l4-payload-len":5127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":113,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":210,"global_ts_usec":1667924958336024}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":474,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":230,"flow_dst_packets_processed":230,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667924958341359,"flow_dst_last_pkt_time":1667924958346268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2300,"flow_dst_tot_l4_payload_len":1495,"midstream":0,"thread_ts_usec":1667924958346268,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":478,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":232,"flow_dst_packets_processed":232,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667925558331107,"flow_dst_last_pkt_time":1667925558336001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2320,"flow_dst_tot_l4_payload_len":1508,"midstream":0,"thread_ts_usec":1667925558336001,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":478,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":478,"packets-processed":477,"total-skipped-flows":0,"total-l4-payload-len":5193,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":115,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":213,"global_ts_usec":1667926158477541}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":482,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":234,"flow_dst_packets_processed":234,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667926158482640,"flow_dst_last_pkt_time":1667926158487504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2340,"flow_dst_tot_l4_payload_len":1521,"midstream":0,"thread_ts_usec":1667926158487504,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":486,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":236,"flow_dst_packets_processed":236,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667926758424196,"flow_dst_last_pkt_time":1667926758429128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2360,"flow_dst_tot_l4_payload_len":1534,"midstream":0,"thread_ts_usec":1667926758429128,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":486,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":486,"packets-processed":485,"total-skipped-flows":0,"total-l4-payload-len":5259,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":117,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":216,"global_ts_usec":1667927358576852}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":238,"flow_dst_packets_processed":238,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667927358582077,"flow_dst_last_pkt_time":1667927358587005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2380,"flow_dst_tot_l4_payload_len":1547,"midstream":0,"thread_ts_usec":1667927358587005,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":494,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":240,"flow_dst_packets_processed":240,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667927958536913,"flow_dst_last_pkt_time":1667927958541805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2400,"flow_dst_tot_l4_payload_len":1560,"midstream":0,"thread_ts_usec":1667927958541805,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":494,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":494,"packets-processed":493,"total-skipped-flows":0,"total-l4-payload-len":5325,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":219,"global_ts_usec":1667928558676547}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":498,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":242,"flow_dst_packets_processed":242,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667928558681642,"flow_dst_last_pkt_time":1667928558686523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2420,"flow_dst_tot_l4_payload_len":1573,"midstream":0,"thread_ts_usec":1667928558686523,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":502,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":244,"flow_dst_packets_processed":244,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667929158637190,"flow_dst_last_pkt_time":1667929158642079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2440,"flow_dst_tot_l4_payload_len":1586,"midstream":0,"thread_ts_usec":1667929158642079,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":502,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":502,"packets-processed":501,"total-skipped-flows":0,"total-l4-payload-len":5391,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":121,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":222,"global_ts_usec":1667929758769940}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":506,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":246,"flow_dst_packets_processed":246,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667929758775023,"flow_dst_last_pkt_time":1667929758779865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2460,"flow_dst_tot_l4_payload_len":1599,"midstream":0,"thread_ts_usec":1667929758779865,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":510,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":248,"flow_dst_packets_processed":248,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667930358755038,"flow_dst_last_pkt_time":1667930358759853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2480,"flow_dst_tot_l4_payload_len":1612,"midstream":0,"thread_ts_usec":1667930358759853,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":510,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":510,"packets-processed":509,"total-skipped-flows":0,"total-l4-payload-len":5457,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":225,"global_ts_usec":1667930958886671}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":514,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":250,"flow_dst_packets_processed":250,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667930958891808,"flow_dst_last_pkt_time":1667930958896692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2500,"flow_dst_tot_l4_payload_len":1625,"midstream":0,"thread_ts_usec":1667930958896692,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":518,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":252,"flow_dst_packets_processed":252,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667931558871110,"flow_dst_last_pkt_time":1667931558875920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2520,"flow_dst_tot_l4_payload_len":1638,"midstream":0,"thread_ts_usec":1667931558875920,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":518,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":518,"packets-processed":517,"total-skipped-flows":0,"total-l4-payload-len":5523,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":125,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":228,"global_ts_usec":1667932159023314}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":522,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":254,"flow_dst_packets_processed":254,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667932159028303,"flow_dst_last_pkt_time":1667932159033132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2540,"flow_dst_tot_l4_payload_len":1651,"midstream":0,"thread_ts_usec":1667932159033132,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":522,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":522,"packets-processed":521,"total-skipped-flows":0,"total-l4-payload-len":5556,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":126,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":230,"global_ts_usec":1667932759077722}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":526,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":256,"flow_dst_packets_processed":256,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667932759082733,"flow_dst_last_pkt_time":1667932759087559,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2560,"flow_dst_tot_l4_payload_len":1664,"midstream":0,"thread_ts_usec":1667932759087559,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":530,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":258,"flow_dst_packets_processed":258,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667933358966393,"flow_dst_last_pkt_time":1667933358971321,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2580,"flow_dst_tot_l4_payload_len":1677,"midstream":0,"thread_ts_usec":1667933358971321,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":530,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":530,"packets-processed":529,"total-skipped-flows":0,"total-l4-payload-len":5622,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":128,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":233,"global_ts_usec":1667933959089706}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":534,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":260,"flow_dst_packets_processed":260,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667933959094917,"flow_dst_last_pkt_time":1667933959099748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2600,"flow_dst_tot_l4_payload_len":1690,"midstream":0,"thread_ts_usec":1667933959099748,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":534,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":534,"packets-processed":533,"total-skipped-flows":0,"total-l4-payload-len":5655,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":129,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":235,"global_ts_usec":1667934559114048}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":538,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":262,"flow_dst_packets_processed":262,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667934559119423,"flow_dst_last_pkt_time":1667934559124245,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2620,"flow_dst_tot_l4_payload_len":1703,"midstream":0,"thread_ts_usec":1667934559124245,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":538,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":538,"packets-processed":537,"total-skipped-flows":0,"total-l4-payload-len":5688,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":130,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":237,"global_ts_usec":1667935159188577}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":542,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":264,"flow_dst_packets_processed":264,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667935159193608,"flow_dst_last_pkt_time":1667935159198401,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2640,"flow_dst_tot_l4_payload_len":1716,"midstream":0,"thread_ts_usec":1667935159198401,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":546,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":266,"flow_dst_packets_processed":266,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667935759106386,"flow_dst_last_pkt_time":1667935759111237,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2660,"flow_dst_tot_l4_payload_len":1729,"midstream":0,"thread_ts_usec":1667935759111237,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":546,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":546,"packets-processed":545,"total-skipped-flows":0,"total-l4-payload-len":5754,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":132,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":240,"global_ts_usec":1667936359250805}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":550,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":268,"flow_dst_packets_processed":268,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667936359255952,"flow_dst_last_pkt_time":1667936359260802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2680,"flow_dst_tot_l4_payload_len":1742,"midstream":0,"thread_ts_usec":1667936359260802,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":550,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":550,"packets-processed":549,"total-skipped-flows":0,"total-l4-payload-len":5787,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":133,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":242,"global_ts_usec":1667936959271744}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":554,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":270,"flow_dst_packets_processed":270,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667936959276903,"flow_dst_last_pkt_time":1667936959281745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":1755,"midstream":0,"thread_ts_usec":1667936959281745,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":554,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":554,"packets-processed":553,"total-skipped-flows":0,"total-l4-payload-len":5820,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":134,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":244,"global_ts_usec":1667937559422166}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":558,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":272,"flow_dst_packets_processed":272,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667937559427332,"flow_dst_last_pkt_time":1667937559432171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":1768,"midstream":0,"thread_ts_usec":1667937559432171,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":562,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":274,"flow_dst_packets_processed":274,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667938159333625,"flow_dst_last_pkt_time":1667938159338503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2740,"flow_dst_tot_l4_payload_len":1781,"midstream":0,"thread_ts_usec":1667938159338503,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":562,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":562,"packets-processed":561,"total-skipped-flows":0,"total-l4-payload-len":5886,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":136,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":247,"global_ts_usec":1667938759434538}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":566,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":276,"flow_dst_packets_processed":276,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667938759439542,"flow_dst_last_pkt_time":1667938759444375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2760,"flow_dst_tot_l4_payload_len":1794,"midstream":0,"thread_ts_usec":1667938759444375,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":570,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":278,"flow_dst_packets_processed":278,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667939359421713,"flow_dst_last_pkt_time":1667939359426519,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2780,"flow_dst_tot_l4_payload_len":1807,"midstream":0,"thread_ts_usec":1667939359426519,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":570,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":570,"packets-processed":569,"total-skipped-flows":0,"total-l4-payload-len":5952,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":138,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":250,"global_ts_usec":1667939959475875}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":574,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":280,"flow_dst_packets_processed":280,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667939959480953,"flow_dst_last_pkt_time":1667939959485802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2800,"flow_dst_tot_l4_payload_len":1820,"midstream":0,"thread_ts_usec":1667939959485802,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":574,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":574,"packets-processed":573,"total-skipped-flows":0,"total-l4-payload-len":5985,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":139,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":252,"global_ts_usec":1667940559505023}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":578,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":282,"flow_dst_packets_processed":282,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667940559510206,"flow_dst_last_pkt_time":1667940559515036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2820,"flow_dst_tot_l4_payload_len":1833,"midstream":0,"thread_ts_usec":1667940559515036,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":578,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":578,"packets-processed":577,"total-skipped-flows":0,"total-l4-payload-len":6018,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":140,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":254,"global_ts_usec":1667941159559112}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":582,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":284,"flow_dst_packets_processed":284,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667941159564239,"flow_dst_last_pkt_time":1667941159569033,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2840,"flow_dst_tot_l4_payload_len":1846,"midstream":0,"thread_ts_usec":1667941159569033,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":582,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":582,"packets-processed":581,"total-skipped-flows":0,"total-l4-payload-len":6051,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":141,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":256,"global_ts_usec":1667941759635973}
+00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":586,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":286,"flow_dst_packets_processed":286,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667941759641101,"flow_dst_last_pkt_time":1667941759645959,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2860,"flow_dst_tot_l4_payload_len":1859,"midstream":0,"thread_ts_usec":1667941759645959,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":586,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":586,"packets-processed":585,"total-skipped-flows":0,"total-l4-payload-len":6084,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":142,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":258,"global_ts_usec":1667942359803826}
+00950{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":288,"flow_dst_packets_processed":288,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667942359808855,"flow_dst_last_pkt_time":1667942359813747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2880,"flow_dst_tot_l4_payload_len":1872,"midstream":0,"thread_ts_usec":1667942359813747,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
+00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":589,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":589,"packets-processed":589,"total-skipped-flows":0,"total-l4-payload-len":6117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":142,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":260,"global_ts_usec":1667942359813747}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
-~~ packets captured/processed: 13/13
+~~ packets captured/processed: 589/589
 ~~ skipped flows.............: 0
-~~ total layer4 data length..: 1365 bytes
-~~ total detected protocols..: 1
-~~ total active/idle flows...: 1/1
+~~ total layer4 data length..: 6117 bytes
+~~ total detected protocols..: 2
+~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412123 bytes
-~~ total memory freed........: 6412123 bytes
-~~ total allocations/frees...: 122449/122449
+~~ total memory allocated....: 6435540 bytes
+~~ total memory freed........: 6435540 bytes
+~~ total allocations/frees...: 123046/123046
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json string min len.......: 495 chars
-~~ json string max len.......: 939 chars
-~~ json string avg len.......: 710 chars
+~~ json string min len.......: 486 chars
+~~ json string max len.......: 2207 chars
+~~ json string avg len.......: 1346 chars
diff --git a/test/results/teamviewer.pcap.out b/test/results/teamviewer.pcap.out
index b51a6a7bd..15d825e51 100644
--- a/test/results/teamviewer.pcap.out
+++ b/test/results/teamviewer.pcap.out
@@ -29,9 +29,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6451205 bytes
-~~ total memory freed........: 6451205 bytes
-~~ total allocations/frees...: 123746/123746
+~~ total memory allocated....: 6456118 bytes
+~~ total memory freed........: 6456118 bytes
+~~ total allocations/frees...: 123756/123756
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 475 chars
 ~~ json string max len.......: 2368 chars
diff --git a/test/results/telegram.pcap.out b/test/results/telegram.pcap.out
index 57e0082f5..0ae399331 100644
--- a/test/results/telegram.pcap.out
+++ b/test/results/telegram.pcap.out
@@ -149,7 +149,7 @@
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1588779619914905,"flow_dst_last_pkt_time":1588779619914905,"flow_idle_time":200000000,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1588779619914905,"pkt":"EBMx8Tl2KDc3AG3ICABFAABHqTUAAEARTdLAqAFNwKgBAbgXADUAM25TALgBAAABAAAAAAAAA3d3dxFnb29nbGV0YWdzZXJ2aWNlcwNjb20AAAEAAQ=="}
 01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779619914905,"flow_src_last_pkt_time":1588779619914905,"flow_dst_last_pkt_time":1588779619914905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779619914905,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.googletagservices.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1588779619914905,"flow_dst_last_pkt_time":1588779619916408,"flow_idle_time":200000000,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1588779619916408,"pkt":"KDc3AG3IAICPmq69CABFAABXwqhAAEAR9E7AqAEBwKgBTQA1uBcAQ5UvALiBgAABAAEAAAAAA3d3dxFnb29nbGV0YWdzZXJ2aWNlcwNjb20AAAEAAcAMAAEAAQAAAAAABMCoAZ0="}
-01208{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":390,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1588779619914905,"flow_src_last_pkt_time":1588779619914905,"flow_dst_last_pkt_time":1588779619916408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":59,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":59,"midstream":0,"thread_ts_usec":1588779619916408,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.googletagservices.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"192.168.1.157"}}}
+01081{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":390,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1588779619914905,"flow_src_last_pkt_time":1588779619914905,"flow_dst_last_pkt_time":1588779619916408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":59,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":59,"midstream":0,"thread_ts_usec":1588779619916408,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.googletagservices.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"192.168.1.157"}}}
 02017{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":435,"source":"telegram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1588779617174153,"flow_src_last_pkt_time":1588779621221417,"flow_dst_last_pkt_time":1588779621214760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":192,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":2016,"flow_dst_tot_l4_payload_len":3216,"midstream":0,"thread_ts_usec":1588779621221417,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.52","src_port":23174,"dst_port":31480,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":42308,"avg":260899.1,"max":1998754,"stddev":472680.0,"var":223426379776.0,"ent":3.6,"data": [176557,505731,492773,1175336,327643,331901,1681273,64229,63452,64312,42308,63943,1998754,63768,58341,64131,69558,64360,57812,43094,58078,62201,58103,63786,58195,64166,58195,62003,69553,66619,57696]},"pktlen": {"min":76,"avg":191.5,"max":268,"stddev":54.5,"var":2971.8,"ent":4.9,"data": [108,108,108,76,92,76,92,220,252,268,252,252,236,204,220,220,220,204,188,220,204,204,204,220,204,204,204,204,220,204,220,220]},"bins": {"c_to_s": [0,1,2,0,0,6,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,3,0,0,5,6,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,1,0,0,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [6.355636597,6.144942760,6.288552284,5.822080135,6.003186226,5.769448280,5.982532501,6.929369450,7.114085197,7.222516537,7.114981174,7.110270023,7.085702419,6.970178127,6.995306969,7.109033108,6.973239422,6.927752018,6.818934441,7.038531780,6.999271870,7.012288094,6.925349712,6.947623730,6.895937443,6.919244766,6.867631435,6.885515690,7.022007465,6.852213383,7.018121719,7.103372574]}}
 00857{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":435,"source":"telegram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1588779617174153,"flow_src_last_pkt_time":1588779621221417,"flow_dst_last_pkt_time":1588779621214760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":192,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":2016,"flow_dst_tot_l4_payload_len":3216,"midstream":0,"thread_ts_usec":1588779621221417,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.52","src_port":23174,"dst_port":31480,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779625981468,"flow_src_last_pkt_time":1588779625981468,"flow_dst_last_pkt_time":1588779625981468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":355,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":355,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":355,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779625981468,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -172,7 +172,7 @@
 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1588779629044577,"flow_dst_last_pkt_time":1588779629044577,"flow_idle_time":200000000,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1588779629044577,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6m54AAEARW3bAqAFNwKgBARa0ADUAJpvbsPwBAAABAAAAAAAABXBpeGVsAndwA2NvbQAAAQAB"}
 01032{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779629044577,"flow_src_last_pkt_time":1588779629044577,"flow_dst_last_pkt_time":1588779629044577,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779629044577,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"pixel.wp.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1588779629044577,"flow_dst_last_pkt_time":1588779629045803,"flow_idle_time":200000000,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1588779629045803,"pkt":"KDc3AG3IAICPmq69CABFAABKxbFAAEAR8VLAqAEBwKgBTQA1FrQANpjhsPyBgAABAAEAAAAABXBpeGVsAndwA2NvbQAAAQABwAwAAQABAAAAAAAEwKgBnQ=="}
-01175{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":708,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1588779629044577,"flow_src_last_pkt_time":1588779629044577,"flow_dst_last_pkt_time":1588779629045803,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":1588779629045803,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"pixel.wp.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"192.168.1.157"}}}
+01048{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":708,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1588779629044577,"flow_src_last_pkt_time":1588779629044577,"flow_dst_last_pkt_time":1588779629045803,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":1588779629045803,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"pixel.wp.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"192.168.1.157"}}}
 00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779629079368,"flow_src_last_pkt_time":1588779629079368,"flow_dst_last_pkt_time":1588779629079368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779629079368,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1588779629079368,"flow_dst_last_pkt_time":1588779629079368,"flow_idle_time":200000000,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1588779629079368,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFpC4AAP8Rk9rAqAFNwKgBAdVDADUAMZzqakQBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="}
 01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":710,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779629079368,"flow_src_last_pkt_time":1588779629079368,"flow_dst_last_pkt_time":1588779629079368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779629079368,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"b._dns-sd._udp.ntop.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -287,7 +287,7 @@
 00893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1390,"source":"telegram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1588779650842643,"flow_dst_last_pkt_time":1588779596465053,"flow_idle_time":200000000,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_usec":1588779650842643,"pkt":"AQBeAAD7eCjKBfrMCABFAAFTivJAAAERSr\/AqAFF4AAA+xTpFOkBP9DmAACEAAAAAAEAAAADEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAABAAAAeAAvEXNvbm9zNzgyOENBMDVGQUNDEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MQX3Nwb3RpZnktY29ubmVjdARfdGNwBWxvY2FsAAAQgAEAABGUAB0LVkVSU0lPTj0xLjAQQ1BhdGg9L3Nwb3RpZnl6YxFzb25vczc4MjhDQTA1RkFDQxBfc3BvdGlmeS1jb25uZWN0BF90Y3AFbG9jYWwAACGAAQAAAHgAHwAAAAAFeBFzb25vczc4MjhDQTA1RkFDQwVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MFbG9jYWwAAAGAAQAAAHgABMCoAUU="}
 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1481,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1588779652844858,"flow_dst_last_pkt_time":1588779648840484,"flow_idle_time":200000000,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1588779652844858,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACajVgAAAEReiPAqAE17\/\/\/+txAB2wAhjvUTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1563,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1588779654853807,"flow_dst_last_pkt_time":1588779648840484,"flow_idle_time":200000000,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1588779654853807,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACa7R8AAAERGlzAqAE17\/\/\/+txAB2wAhjvUTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
-01070{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1588779629044577,"flow_src_last_pkt_time":1588779629044577,"flow_dst_last_pkt_time":1588779629045803,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00943{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1588779629044577,"flow_src_last_pkt_time":1588779629044577,"flow_dst_last_pkt_time":1588779629045803,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1588779615019709,"flow_src_last_pkt_time":1588779615019709,"flow_dst_last_pkt_time":1588779615032983,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":59,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":59,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61120,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00943{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779625981468,"flow_src_last_pkt_time":1588779625981468,"flow_dst_last_pkt_time":1588779625981468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":355,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":355,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":355,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00948{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1588779596451825,"flow_src_last_pkt_time":1588779651446598,"flow_dst_last_pkt_time":1588779596451825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -298,7 +298,7 @@
 00955{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":11,"flow_first_seen":1588779616036797,"flow_src_last_pkt_time":1588779618676887,"flow_dst_last_pkt_time":1588779618946350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":624,"flow_dst_tot_l4_payload_len":832,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.1","src_port":23174,"dst_port":536,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1588779616036955,"flow_src_last_pkt_time":1588779618677054,"flow_dst_last_pkt_time":1588779619007321,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":528,"flow_dst_tot_l4_payload_len":832,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.4","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00953{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1588779616036876,"flow_src_last_pkt_time":1588779618676959,"flow_dst_last_pkt_time":1588779618748857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":528,"flow_dst_tot_l4_payload_len":832,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1588779619914905,"flow_src_last_pkt_time":1588779619914905,"flow_dst_last_pkt_time":1588779619916408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":59,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":59,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1588779619914905,"flow_src_last_pkt_time":1588779619914905,"flow_dst_last_pkt_time":1588779619916408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":59,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":59,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00767{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779615962218,"flow_src_last_pkt_time":1588779615962218,"flow_dst_last_pkt_time":1588779615962218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip6","src_ip":"fe80::4dc:edec:5b0c:a661","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1588779601223133,"flow_src_last_pkt_time":1588779632305662,"flow_dst_last_pkt_time":1588779601223133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":464,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":464,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":928,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00952{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1588779611355675,"flow_src_last_pkt_time":1588779611657864,"flow_dst_last_pkt_time":1588779611355675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":125,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":375,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"239.255.255.250","src_port":57916,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
@@ -345,9 +345,9 @@
 ~~ total active/idle flows...: 48/48
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6541406 bytes
-~~ total memory freed........: 6541406 bytes
-~~ total allocations/frees...: 124505/124505
+~~ total memory allocated....: 6546687 bytes
+~~ total memory freed........: 6546687 bytes
+~~ total allocations/frees...: 124515/124515
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 493 chars
 ~~ json string max len.......: 2316 chars
diff --git a/test/results/telnet.pcap.out b/test/results/telnet.pcap.out
index 412d6dab4..235785daf 100644
--- a/test/results/telnet.pcap.out
+++ b/test/results/telnet.pcap.out
@@ -21,9 +21,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6416462 bytes
-~~ total memory freed........: 6416462 bytes
-~~ total allocations/frees...: 122529/122529
+~~ total memory allocated....: 6421367 bytes
+~~ total memory freed........: 6421367 bytes
+~~ total allocations/frees...: 122539/122539
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 1950 chars
diff --git a/test/results/teredo.pcap.out b/test/results/teredo.pcap.out
index d9a19c8d4..c9b74229a 100644
--- a/test/results/teredo.pcap.out
+++ b/test/results/teredo.pcap.out
@@ -39,9 +39,9 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6419642 bytes
-~~ total memory freed........: 6419642 bytes
-~~ total allocations/frees...: 122504/122504
+~~ total memory allocated....: 6424579 bytes
+~~ total memory freed........: 6424579 bytes
+~~ total allocations/frees...: 122514/122514
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 957 chars
diff --git a/test/results/tftp.pcap.out b/test/results/tftp.pcap.out
index 9ae76e4ee..f35fedf5c 100644
--- a/test/results/tftp.pcap.out
+++ b/test/results/tftp.pcap.out
@@ -47,9 +47,9 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6425767 bytes
-~~ total memory freed........: 6425767 bytes
-~~ total allocations/frees...: 122611/122611
+~~ total memory allocated....: 6430720 bytes
+~~ total memory freed........: 6430720 bytes
+~~ total allocations/frees...: 122621/122621
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 479 chars
 ~~ json string max len.......: 2158 chars
diff --git a/test/results/threema.pcap.out b/test/results/threema.pcap.out
index f856c67d7..a19b64ee9 100644
--- a/test/results/threema.pcap.out
+++ b/test/results/threema.pcap.out
@@ -60,9 +60,9 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6435441 bytes
-~~ total memory freed........: 6435441 bytes
-~~ total allocations/frees...: 122580/122580
+~~ total memory allocated....: 6440386 bytes
+~~ total memory freed........: 6440386 bytes
+~~ total allocations/frees...: 122590/122590
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 953 chars
diff --git a/test/results/tinc.pcap.out b/test/results/tinc.pcap.out
index 1ae5d2313..7dc44f272 100644
--- a/test/results/tinc.pcap.out
+++ b/test/results/tinc.pcap.out
@@ -43,9 +43,9 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6430663 bytes
-~~ total memory freed........: 6430663 bytes
-~~ total allocations/frees...: 122796/122796
+~~ total memory allocated....: 6435592 bytes
+~~ total memory freed........: 6435592 bytes
+~~ total allocations/frees...: 122806/122806
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 2443 chars
diff --git a/test/results/tk.pcap.out b/test/results/tk.pcap.out
index a3abd3b5e..7b9cf1a9e 100644
--- a/test/results/tk.pcap.out
+++ b/test/results/tk.pcap.out
@@ -27,9 +27,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6415520 bytes
-~~ total memory freed........: 6415520 bytes
-~~ total allocations/frees...: 122464/122464
+~~ total memory allocated....: 6420441 bytes
+~~ total memory freed........: 6420441 bytes
+~~ total allocations/frees...: 122474/122474
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 487 chars
 ~~ json string max len.......: 1047 chars
diff --git a/test/results/tls-appdata.pcap.out b/test/results/tls-appdata.pcap.out
index 0d5791ef6..461266cf7 100644
--- a/test/results/tls-appdata.pcap.out
+++ b/test/results/tls-appdata.pcap.out
@@ -31,9 +31,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6457949 bytes
-~~ total memory freed........: 6457949 bytes
-~~ total allocations/frees...: 122574/122574
+~~ total memory allocated....: 6462862 bytes
+~~ total memory freed........: 6462862 bytes
+~~ total allocations/frees...: 122584/122584
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 495 chars
 ~~ json string max len.......: 4430 chars
diff --git a/test/results/tls-esni-fuzzed.pcap.out b/test/results/tls-esni-fuzzed.pcap.out
index 1d329a8f9..5da57a4b6 100644
--- a/test/results/tls-esni-fuzzed.pcap.out
+++ b/test/results/tls-esni-fuzzed.pcap.out
@@ -21,9 +21,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6422873 bytes
-~~ total memory freed........: 6422873 bytes
-~~ total allocations/frees...: 122472/122472
+~~ total memory allocated....: 6427794 bytes
+~~ total memory freed........: 6427794 bytes
+~~ total allocations/frees...: 122482/122482
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 500 chars
 ~~ json string max len.......: 1471 chars
diff --git a/test/results/tls-rdn-extract.pcap.out b/test/results/tls-rdn-extract.pcap.out
index 3c71d3ba1..4f613b421 100644
--- a/test/results/tls-rdn-extract.pcap.out
+++ b/test/results/tls-rdn-extract.pcap.out
@@ -19,9 +19,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6455721 bytes
-~~ total memory freed........: 6455721 bytes
-~~ total allocations/frees...: 122495/122495
+~~ total memory allocated....: 6460626 bytes
+~~ total memory freed........: 6460626 bytes
+~~ total allocations/frees...: 122505/122505
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 500 chars
 ~~ json string max len.......: 3578 chars
diff --git a/test/results/tls_2_reasms.pcapng.out b/test/results/tls_2_reasms.pcapng.out
index 7fc403ef4..b56795a94 100644
--- a/test/results/tls_2_reasms.pcapng.out
+++ b/test/results/tls_2_reasms.pcapng.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6416289 bytes
-~~ total memory freed........: 6416289 bytes
-~~ total allocations/frees...: 122454/122454
+~~ total memory allocated....: 6421194 bytes
+~~ total memory freed........: 6421194 bytes
+~~ total allocations/frees...: 122464/122464
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 499 chars
 ~~ json string max len.......: 2348 chars
diff --git a/test/results/tls_2_reasms_b.pcapng.out b/test/results/tls_2_reasms_b.pcapng.out
index 61c5cbc2b..06c535cf0 100644
--- a/test/results/tls_2_reasms_b.pcapng.out
+++ b/test/results/tls_2_reasms_b.pcapng.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6452711 bytes
-~~ total memory freed........: 6452711 bytes
-~~ total allocations/frees...: 122461/122461
+~~ total memory allocated....: 6457616 bytes
+~~ total memory freed........: 6457616 bytes
+~~ total allocations/frees...: 122471/122471
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 501 chars
 ~~ json string max len.......: 2355 chars
diff --git a/test/results/tls_alert.pcap.out b/test/results/tls_alert.pcap.out
index 005563d2e..6f1aa4a8f 100644
--- a/test/results/tls_alert.pcap.out
+++ b/test/results/tls_alert.pcap.out
@@ -26,9 +26,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6420264 bytes
-~~ total memory freed........: 6420264 bytes
-~~ total allocations/frees...: 122470/122470
+~~ total memory allocated....: 6425177 bytes
+~~ total memory freed........: 6425177 bytes
+~~ total allocations/frees...: 122480/122480
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 494 chars
 ~~ json string max len.......: 1299 chars
diff --git a/test/results/tls_certificate_too_long.pcap.out b/test/results/tls_certificate_too_long.pcap.out
index b7314fbdc..a6c8cc753 100644
--- a/test/results/tls_certificate_too_long.pcap.out
+++ b/test/results/tls_certificate_too_long.pcap.out
@@ -256,9 +256,9 @@
 ~~ total active/idle flows...: 35/35
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6601645 bytes
-~~ total memory freed........: 6601645 bytes
-~~ total allocations/frees...: 123262/123262
+~~ total memory allocated....: 6606822 bytes
+~~ total memory freed........: 6606822 bytes
+~~ total allocations/frees...: 123272/123272
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 499 chars
 ~~ json string max len.......: 2491 chars
diff --git a/test/results/tls_cipher_lens.pcap.out b/test/results/tls_cipher_lens.pcap.out
index a1989a040..949e84a08 100644
--- a/test/results/tls_cipher_lens.pcap.out
+++ b/test/results/tls_cipher_lens.pcap.out
@@ -29,9 +29,9 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6429361 bytes
-~~ total memory freed........: 6429361 bytes
-~~ total allocations/frees...: 122495/122495
+~~ total memory allocated....: 6434298 bytes
+~~ total memory freed........: 6434298 bytes
+~~ total allocations/frees...: 122505/122505
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 500 chars
 ~~ json string max len.......: 1217 chars
diff --git a/test/results/tls_client_certificate_with_missing_server_one.pcapng.out b/test/results/tls_client_certificate_with_missing_server_one.pcapng.out
index e6d32d9d4..4436becf9 100644
--- a/test/results/tls_client_certificate_with_missing_server_one.pcapng.out
+++ b/test/results/tls_client_certificate_with_missing_server_one.pcapng.out
@@ -26,9 +26,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6420244 bytes
-~~ total memory freed........: 6420244 bytes
-~~ total allocations/frees...: 122471/122471
+~~ total memory allocated....: 6425157 bytes
+~~ total memory freed........: 6425157 bytes
+~~ total allocations/frees...: 122481/122481
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 533 chars
 ~~ json string max len.......: 2507 chars
diff --git a/test/results/tls_esni_sni_both.pcap.out b/test/results/tls_esni_sni_both.pcap.out
index 6aee3f69e..581a84760 100644
--- a/test/results/tls_esni_sni_both.pcap.out
+++ b/test/results/tls_esni_sni_both.pcap.out
@@ -27,9 +27,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6437298 bytes
-~~ total memory freed........: 6437298 bytes
-~~ total allocations/frees...: 122501/122501
+~~ total memory allocated....: 6442211 bytes
+~~ total memory freed........: 6442211 bytes
+~~ total allocations/frees...: 122511/122511
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 502 chars
 ~~ json string max len.......: 1450 chars
diff --git a/test/results/tls_false_positives.pcapng.out b/test/results/tls_false_positives.pcapng.out
index 0cfaaa99e..4756d7847 100644
--- a/test/results/tls_false_positives.pcapng.out
+++ b/test/results/tls_false_positives.pcapng.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414664 bytes
-~~ total memory freed........: 6414664 bytes
-~~ total allocations/frees...: 122467/122467
+~~ total memory allocated....: 6419569 bytes
+~~ total memory freed........: 6419569 bytes
+~~ total allocations/frees...: 122477/122477
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 506 chars
 ~~ json string max len.......: 2381 chars
diff --git a/test/results/tls_invalid_reads.pcap.out b/test/results/tls_invalid_reads.pcap.out
index 3c9b280f9..73fca6914 100644
--- a/test/results/tls_invalid_reads.pcap.out
+++ b/test/results/tls_invalid_reads.pcap.out
@@ -31,9 +31,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6419957 bytes
-~~ total memory freed........: 6419957 bytes
-~~ total allocations/frees...: 122460/122460
+~~ total memory allocated....: 6424870 bytes
+~~ total memory freed........: 6424870 bytes
+~~ total allocations/frees...: 122470/122470
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 303 chars
 ~~ json string max len.......: 1199 chars
diff --git a/test/results/tls_long_cert.pcap.out b/test/results/tls_long_cert.pcap.out
index 74c22e627..4d5b249ff 100644
--- a/test/results/tls_long_cert.pcap.out
+++ b/test/results/tls_long_cert.pcap.out
@@ -20,9 +20,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6459913 bytes
-~~ total memory freed........: 6459913 bytes
-~~ total allocations/frees...: 122682/122682
+~~ total memory allocated....: 6464818 bytes
+~~ total memory freed........: 6464818 bytes
+~~ total allocations/frees...: 122692/122692
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 498 chars
 ~~ json string max len.......: 2717 chars
diff --git a/test/results/tls_missing_ch_frag.pcap.out b/test/results/tls_missing_ch_frag.pcap.out
index 509139424..626ac3e60 100644
--- a/test/results/tls_missing_ch_frag.pcap.out
+++ b/test/results/tls_missing_ch_frag.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6423993 bytes
-~~ total memory freed........: 6423993 bytes
-~~ total allocations/frees...: 122454/122454
+~~ total memory allocated....: 6428898 bytes
+~~ total memory freed........: 6428898 bytes
+~~ total allocations/frees...: 122464/122464
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 504 chars
 ~~ json string max len.......: 2408 chars
diff --git a/test/results/tls_multiple_synack_different_seq.pcapng.out b/test/results/tls_multiple_synack_different_seq.pcapng.out
index 2cb06d184..c51ba962e 100644
--- a/test/results/tls_multiple_synack_different_seq.pcapng.out
+++ b/test/results/tls_multiple_synack_different_seq.pcapng.out
@@ -19,9 +19,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6431804 bytes
-~~ total memory freed........: 6431804 bytes
-~~ total allocations/frees...: 122469/122469
+~~ total memory allocated....: 6436709 bytes
+~~ total memory freed........: 6436709 bytes
+~~ total allocations/frees...: 122479/122479
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 520 chars
 ~~ json string max len.......: 1992 chars
diff --git a/test/results/tls_port_80.pcapng.out b/test/results/tls_port_80.pcapng.out
index ea8b5cec7..e181e9594 100644
--- a/test/results/tls_port_80.pcapng.out
+++ b/test/results/tls_port_80.pcapng.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6416332 bytes
-~~ total memory freed........: 6416332 bytes
-~~ total allocations/frees...: 122456/122456
+~~ total memory allocated....: 6421237 bytes
+~~ total memory freed........: 6421237 bytes
+~~ total allocations/frees...: 122466/122466
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 498 chars
 ~~ json string max len.......: 1478 chars
diff --git a/test/results/tls_torrent.pcapng.out b/test/results/tls_torrent.pcapng.out
index 5abb3fef1..f1537927f 100644
--- a/test/results/tls_torrent.pcapng.out
+++ b/test/results/tls_torrent.pcapng.out
@@ -19,9 +19,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6428531 bytes
-~~ total memory freed........: 6428531 bytes
-~~ total allocations/frees...: 122453/122453
+~~ total memory allocated....: 6433436 bytes
+~~ total memory freed........: 6433436 bytes
+~~ total allocations/frees...: 122463/122463
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 498 chars
 ~~ json string max len.......: 2388 chars
diff --git a/test/results/tls_unidirectional.pcap.out b/test/results/tls_unidirectional.pcap.out
index 8e9c48809..217d28f62 100644
--- a/test/results/tls_unidirectional.pcap.out
+++ b/test/results/tls_unidirectional.pcap.out
@@ -3,11 +3,11 @@
 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639053848567575,"flow_src_last_pkt_time":1639053848567575,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639053848567575,"l3_proto":"ip4","src_ip":"142.250.27.188","dst_ip":"10.140.72.24","src_port":5228,"dst_port":12654,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639053848567575,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":3285032704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1639053848567575,"pkt":"AAAAAAAAAAMAAAAIgQABNAgARQAAPBpQAAA0Bm8SjvobvAqMSBgUbDFuUzeA1SLoaN2gEv\/\/alkAAAIEBVAEAggK1TA3SQAvLkoBAwMI"}
 02329{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639053848727889,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":3285032704,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1418,"pkt_l4_len":1380,"thread_ts_usec":1639053848727889,"pkt":"AAAAAAAAAAMAAAAIgQABNAgARQAFeBqFAAA0BmmhjvobvAqMSBgUbDFuUzeA1iLoaYSAEAEF8lAAAAEBCArVMDfpAC8u7BYDAwA\/AgAAOwMDYbH6GObXMcPZc0\/u\/07ySDL99AAM65vqRE9XTkdSRAEAwCsAABMAFwAA\/wEAAQAACwACAQAAIwAAFgMDGMULABjBABi+AA21MIINsTCCDJmgAwIBAgIRAL6SfJeXpnf+CgAAAAEZUYgwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxEzARBgNVBAMTCkdUUyBDQSAxQzMwHhcNMjExMTAxMDIxOTUyWhcNMjIwMTI0MDIxOTUxWjAXMRUwEwYDVQQDDAwqLmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARLbBeX0LU3pUWH+9THnnoTQpPglvYMsDQRme2L8rmDF7QEHRFBON4Z6Ol4rL30ubSFYN6X86eKdFg2N4IKsQ0Vo4ILkjCCC44wDgYDVR0PAQH\/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\/wQCMAAwHQYDVR0OBBYEFB918eNtsRAgQAykLBR6lPrqjLfUMB8GA1UdIwQYMBaAFIp0f6+Fze6VzT2c0OJGFPNxNR0nMGoGCCsGAQUFBwEBBF4wXDAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AucGtpLmdvb2cvZ3RzMWMzMDEGCCsGAQUFBzAChiVodHRwOi8vcGtpLmdvb2cvcmVwby9jZXJ0cy9ndHMxYzMuZGVyMIIJQgYDVR0RBIIJOTCCCTWCDCouZ29vZ2xlLmNvbYIWKi5hcHBlbmdpbmUuZ29vZ2xlLmNvbYIJKi5iZG4uZGV2ghIqLmNsb3VkLmdvb2dsZS5jb22CGCouY3Jvd2Rzb3VyY2UuZ29vZ2xlLmNvbYIYKi5kYXRhY29tcHV0ZS5nb29nbGUuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yCDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28udWuCDyouZ29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5jb20uYnKCDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20udHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xlLmVzggsqLmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdvb2dsZS5ubIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0ghIqLmdvb2dsZWFkYXBpcy5jb22CDyouZ29vZ2xlYXBpcy5jboIRKi5nb29nbGV2aWRlby5jb22CDCouZ3N0YXRpYy5jboIQKi5nc3RhdGljLWNuLmNvbYIPZ29vZ2xlY25hcHBzLmNughEqLmdvb2dsZWNuYXBwcy5jboIRZ29vZ2xlYXBwcy1jbi5jb22CEyouZ29vZ2xlYXBwcy1jbi5jb22CDGdrZWNuYXBwcy5jboIOKi5na2VjbmFwcHMuY26CEmdvb2dsZWRvd25sb2Fkcy5jboIUKi5nb29nbGVkb3dubG9hZHMuY26CEHJlY2FwdGNoYS5uZXQuY26CEioucmVjYXB0Y2hhLm5ldC5jboILd2lkZXZpbmUuY26CDSoud2lkZXZpbmUuY26CEWFtcHByb2plY3Qub3JnLmNughMqLmFtcHByb2o="}
-01055{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639053848567575,"flow_src_last_pkt_time":1639053848727889,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639053848727889,"l3_proto":"ip4","src_ip":"142.250.27.188","dst_ip":"10.140.72.24","src_port":5228,"dst_port":12654,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":""}}
+01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639053848567575,"flow_src_last_pkt_time":1639053848727889,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639053848727889,"l3_proto":"ip4","src_ip":"142.250.27.188","dst_ip":"10.140.72.24","src_port":5228,"dst_port":12654,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"","ja3s":"84aaf6d03fc8c5bfb56d1d188735b268","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}}
 02323{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1639053848727889,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":3285032704,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1418,"pkt_l4_len":1380,"thread_ts_usec":1639053848727889,"pkt":"AAAAAAAAAAMAAAAIgQABNAgARQAFeBqGAAA0BmmgjvobvAqMSBgUbDFuUzeGGiLoaYSAEAEFgfMAAAEBCArVMDfpAC8u7GVjdC5vcmcuY26CEWFtcHByb2plY3QubmV0LmNughMqLmFtcHByb2plY3QubmV0LmNughdnb29nbGUtYW5hbHl0aWNzLWNuLmNvbYIZKi5nb29nbGUtYW5hbHl0aWNzLWNuLmNvbYIXZ29vZ2xlYWRzZXJ2aWNlcy1jbi5jb22CGSouZ29vZ2xlYWRzZXJ2aWNlcy1jbi5jb22CEWdvb2dsZXZhZHMtY24uY29tghMqLmdvb2dsZXZhZHMtY24uY29tghFnb29nbGVhcGlzLWNuLmNvbYITKi5nb29nbGVhcGlzLWNuLmNvbYIVZ29vZ2xlb3B0aW1pemUtY24uY29tghcqLmdvb2dsZW9wdGltaXplLWNuLmNvbYISZG91YmxlY2xpY2stY24ubmV0ghQqLmRvdWJsZWNsaWNrLWNuLm5ldIIYKi5mbHMuZG91YmxlY2xpY2stY24ubmV0ghYqLmcuZG91YmxlY2xpY2stY24ubmV0gg5kb3VibGVjbGljay5jboIQKi5kb3VibGVjbGljay5jboIUKi5mbHMuZG91YmxlY2xpY2suY26CEiouZy5kb3VibGVjbGljay5jboIRZGFydHNlYXJjaC1jbi5uZXSCEyouZGFydHNlYXJjaC1jbi5uZXSCHWdvb2dsZXRyYXZlbGFkc2VydmljZXMtY24uY29tgh8qLmdvb2dsZXRyYXZlbGFkc2VydmljZXMtY24uY29tghhnb29nbGV0YWdzZXJ2aWNlcy1jbi5jb22CGiouZ29vZ2xldGFnc2VydmljZXMtY24uY29tghdnb29nbGV0YWdtYW5hZ2VyLWNuLmNvbYIZKi5nb29nbGV0YWdtYW5hZ2VyLWNuLmNvbYIYZ29vZ2xlc3luZGljYXRpb24tY24uY29tghoqLmdvb2dsZXN5bmRpY2F0aW9uLWNuLmNvbYIkKi5zYWZlZnJhbWUuZ29vZ2xlc3luZGljYXRpb24tY24uY29tghZhcHAtbWVhc3VyZW1lbnQtY24uY29tghgqLmFwcC1tZWFzdXJlbWVudC1jbi5jb22CC2d2dDEtY24uY29tgg0qLmd2dDEtY24uY29tggtndnQyLWNuLmNvbYINKi5ndnQyLWNuLmNvbYILMm1kbi1jbi5uZXSCDSouMm1kbi1jbi5uZXSCFGdvb2dsZWZsaWdodHMtY24ubmV0ghYqLmdvb2dsZWZsaWdodHMtY24ubmV0ggxhZG1vYi1jbi5jb22CDiouYWRtb2ItY24uY29tgg0qLmdzdGF0aWMuY29tghQqLm1ldHJpYy5nc3RhdGljLmNvbYIKKi5ndnQxLmNvbYIRKi5nY3BjZG4uZ3Z0MS5jb22CCiouZ3Z0Mi5jb22CDiouZ2NwLmd2dDIuY29tghAqLnVybC5nb29nbGUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggsqLnl0aW1nLmNvbYILYW5kcm9pZC5jb22CDSouYW5kcm9pZC5jb22CEyouZmxhc2guYW5kcm9pZC5jb22CBGcuY26CBiouZy5jboIEZy5jb4IGKi5nLmNvggZnb28uZ2yCCnd3dy5nb28uZ2yCFGdvb2dsZS1hbmFseXRpY3MuY29tghYqLmdvb2dsZS1hbmFseXRpY3MuY29tggpnb29nbGUuY29tghJnb29nbGVjb21tZXJjZS5jb22CFCouZ29vZ2xlY29tbWVyY2UuY29tgghnZ3BodC5jboIKKi5nZ3BodC5jboIKdXJjaGluLmNvbYIMKi4="}
 02345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1639053848727889,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":3285032704,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1418,"pkt_l4_len":1380,"thread_ts_usec":1639053848727889,"pkt":"AAAAAAAAAAMAAAAIgQABNAgARQAFeBqHAAA0BmmfjvobvAqMSBgUbDFuUzeLXiLoaYSAEAEFo1kAAAEBCArVMDfpAC8u7HVyY2hpbi5jb22CCHlvdXR1LmJlggt5b3V0dWJlLmNvbYINKi55b3V0dWJlLmNvbYIUeW91dHViZWVkdWNhdGlvbi5jb22CFioueW91dHViZWVkdWNhdGlvbi5jb22CD3lvdXR1YmVraWRzLmNvbYIRKi55b3V0dWJla2lkcy5jb22CBXl0LmJlggcqLnl0LmJlghphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbYIbZGV2ZWxvcGVyLmFuZHJvaWQuZ29vZ2xlLmNughxkZXZlbG9wZXJzLmFuZHJvaWQuZ29vZ2xlLmNughhzb3VyY2UuYW5kcm9pZC5nb29nbGUuY24wIQYDVR0gBBowGDAIBgZngQwBAgEwDAYKKwYBBAHWeQIFAzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3Jscy5wa2kuZ29vZy9ndHMxYzMvZlZKeGJWLUt0bWsuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHUAUaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN\/tSLBeUAAAF82YK70QAABAMARjBEAiARmGVm7JB3\/oaiBObGX7ROVBBSBRLYITFiTlEAkfPyHgIgcCqtTtRkXEWtBLRMdlLCyCYM1mcHiE111yE3Oz\/NZIAAdwBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiFq\/L8cP5tRwAAAXzZgruvAAAEAwBIMEYCIQCdEWa\/V20J9qsoD+RWkg98YsZ+GN7Iw02KvnAz9ok\/BQIhAIUpxYOKIJBQapnn340xxt3\/h79Jm5lUc5BI1s6PP4IAMA0GCSqGSIb3DQEBCwUAA4IBAQABqQYCPziQTB9R2Rgn5Q8W9muFuMiL4KxImQgWyMFIzShVMs4tIvcdbxGCTlA9XAgmyeDKzU2kf\/bc7nhWpWCLIA45f8+E9bVyHr\/X4mri7FiDHK2XCXO0FRC3eZdepiGSobgPjXlY3Fe7j7+iCnir3opglZmCSKGSUlJMiRAr0AeCNtNEpLzqKc1rUyIpSe7ExrIITKl54o\/8ETyKOlT61jBq4Mbjhmtn0bsrRvaJfV9SOBCa+HlHt+j\/OMqIRm0JNViqmtqAn3eHET3kepM8j2LM3MNs6rMYC9GX6t\/kdQ9LuBdtLk5Beg1yxxPZQicDwEvmo\/KKC8OFwyRb+wekAAWaMIIFljCCA36gAwIBAgINAgO8U1lrNMcY9QFQZjANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMjAwODEzMDAwMDQyWhcNMjcwOTMwMDAwMDQyWjBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFDMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPWI3+dijB43+DdCkH9sh9D7ZYIl\/ejLa6T\/belaI+KZ9hzpkgOZE3wJCor6QtZeViSqejOEH9Hpabu5dOxXTGZok3c3VVP+ORBNtzS7XyV3NzsXlOo85Z3VvMO0Q+sup0fvsEQRY9i0QYXdQTBIkxu\/t\/bgRQIh4JZCF8\/ZK2VWNAcmBA2o\/X3KLu\/qSHw3TT8An4Pf73WELnlXXPxXbhqW\/\/yMmqaZviXZf5YsBvcRKgKAgOtjGDxQSYflispfGStZloE="}
 02343{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639053848727889,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":3285032704,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1418,"pkt_l4_len":1380,"thread_ts_usec":1639053848727889,"pkt":"AAAAAAAAAAMAAAAIgQABNAgARQAFeBqIAAA0BmmejvobvAqMSBgUbDFuUzeQoiLoaYSAEAEFW90AAAEBCArVMDfpAC8u7ACg+1HbyncLC8mWT+9wScdcbSD9mbS04soud\/0t3Au2axMMjBkrF5aYufCL9qAnu7bjjVGPva7Hm7GJnQIDAQABo4IBgDCCAXwwDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdDgQWBBSKdH+vhc3ulc09nNDiRhTzcTUdJzAfBgNVHSMEGDAWgBTkrysmcRorSCeFL1JmLO\/wiRNxPjBoBggrBgEFBQcBAQRcMFowJgYIKwYBBQUHMAGGGmh0dHA6Ly9vY3NwLnBraS5nb29nL2d0c3IxMDAGCCsGAQUFBzAChiRodHRwOi8vcGtpLmdvb2cvcmVwby9jZXJ0cy9ndHNyMS5kZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL2NybC5wa2kuZ29vZy9ndHNyMS9ndHNyMS5jcmwwVwYDVR0gBFAwTjA4BgorBgEEAdZ5AgUDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vcGtpLmdvb2cvcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAgGBmeBDAECAjANBgkqhkiG9w0BAQsFAAOCAgEAiX2sIFwMPL6aqFeVG7Su+qulcnG0NpX930ARA0zCRhS7FCSr8FBxItutxG5\/z\/Fqb8iDG9jOiV+HbIe4qQyjm6FilJOV31uuZhkLApae\/LXnEGk+estGSV9G4UGx15hNZTQAgBo\/T59sf0kAgVNBpJIhgoIa8aNEWypQEhNNwVM280IIr1T6jndTG2Q4JxcJvVjJG3w5LVvzztTtl9sUA78JUyQfwgwEeZgm8mHxU1L9QowbZis\/FaG7\/\/ab44GaAQZxiTUoJN3hvesZLeFIyz1Zg1G0dMadfMaxhluvzDTE08zUgRGVAKH0EiIB+rSDca+Mt4xzJKw3U8IAkD8R\/lztNpQQO70pruLHOmI7bGPZgL9ZcaxjJ7lMF6Da9nMVvyrej\/OlbDKBMwPQhlFxmTS6k41dtVFY97KT6AH2Wb5xm\/1NKM7PbccW3PfR1kabp8pr6XcP\/aC2GyODHRAa2QkAhOBE06J1I7M0hvYgsKReEB3gUkYAnbEPHyFwUfWa3Qb8VfQrDjN3w0tCwvF3E\/xzgJTrH7s3P84CKmawcx0ypTJsMrCO4MQj\/1t9TWVwrCubPc7b4G2OMoC+lp+SY7yXu1259OFxXirk7wMisYplOo\/Ak2XUhc0PD1uDWRZHFi2cJDrIgKYmFIWb9jebrG\/5xcMGUfPif8WxELpR9N0ABWYwggViMIIESqADAgECAhB3vQ1s2zb5GuohD8TwWNMNMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMjAwNjE5MDAwMDQyWhcNMjgwMTI4MDAwMDQyWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaMf\/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7wCl7raKY="}
-01080{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1639053848567575,"flow_src_last_pkt_time":1639053848727919,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639053848727919,"l3_proto":"ip4","src_ip":"142.250.27.188","dst_ip":"10.140.72.24","src_port":5228,"dst_port":12654,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":""}}
+03676{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1639053848567575,"flow_src_last_pkt_time":1639053848727919,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639053848727919,"l3_proto":"ip4","src_ip":"142.250.27.188","dst_ip":"10.140.72.24","src_port":5228,"dst_port":12654,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","server_names":"*.google.com,*.appengine.google.com,*.bdn.dev,*.cloud.google.com,*.crowdsource.google.com,*.datacompute.google.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlevideo.com,*.gstatic.cn,*.gstatic-cn.com,googlecnapps.cn,*.googlecnapps.cn,googleapps-cn.com,*.googleapps-cn.com,gkecnapps.cn,*.gkecnapps.cn,googledownloads.cn,*.googledownloads.cn,recaptcha.net.cn,*.recaptcha.net.cn,widevine.cn,*.widevine.cn,ampproject.org.cn,*.ampproject.org.cn,ampproject.net.cn,*.ampproject.net.cn,google-analytics-cn.com,*.google-analytics-cn.com,googleadservices-cn.com,*.googleadservices-cn.com,googlevads-cn.com,*.googlevads-cn.com,googleapis-cn.com,*.googleapis-cn.com,googleoptimize-cn.com,*.googleoptimize-cn.com,doubleclick-cn.net,*.doubleclick-cn.net,*.fls.doubleclick-cn.net,*.g.doubleclick-cn.net,doubleclick.cn,*.doubleclick.cn,*.fls.doubleclick.cn,*.g.doubleclick.cn,dartsearch-cn.net,*.dartsearch-cn.net,googletraveladservices-cn.com,*.googletraveladservices-cn.com,googletagservices-cn.com,*.googletagservices-cn.com,googletagmanager-cn.com,*.googletagmanager-cn.com,googlesyndication-cn.com,*.googlesyndication-cn.com,*.safeframe.googlesyndication-cn.com,app-measurement-cn.com,*.app-measurement-cn.com,gvt1-cn.com,*.gvt1-cn.com,gvt2-cn.com,*.gvt2-cn.com,2mdn-cn.net,*.2mdn-cn.net,googleflights-cn.net,*.googleflights-cn.net,admob-cn.com,*.admob-cn.com,*.gstatic.com,*.metric.gstatic.com,*.gvt1.com,*.gcpcdn.gvt1.com,*.gvt2.com,*.gcp.gvt2.com,*.url.google.com,*.youtube-nocookie.com,*.ytimg.com,android.com,*.android.com,*.flash.android.com,g.cn,*.g.cn,g.co,*.g.co,goo.gl,www.goo.gl,google-analytics.com,*.google-analytics.com,google.com,googlecommerce.com,*.googlecommerce.com,ggpht.cn,*.ggpht.cn,urchin.com,*.urchin.com,youtu.be,youtube.com,*.youtube.com,youtubeeducation.com,*.youtubeeducation.com,youtubekids.com,*.youtubekids.com,yt.be,*.yt.be,android.clients.google.com,developer.android.google.cn,developers.android.google.cn,source.android.google.cn","notafter":"2022-01-24 02:19:51","ja3":"","ja3s":"84aaf6d03fc8c5bfb56d1d188735b268","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services LLC, CN=GTS CA 1C3","subjectDN":"CN=*.google.com","fingerprint":"02:64:CA:2E:8A:2F:BB:C4:97:9D:A7:AC:2B:47:FF:DE:28:0E:71:B1"}}}
 00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"tls_unidirectional.pcap","alias":"nDPId-test","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":6544,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1663090549161771}
 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"tls_unidirectional.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549161771,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"tls_unidirectional.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549161771,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8b6ZAAEAGlofAqAGAw7WusLyEAbsbAqeoAAAAAKAC+vBE2wAAAgQFtAQCCAo49hnFAAAAAAEDAwc="}
@@ -27,10 +27,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6588373 bytes
-~~ total memory freed........: 6588373 bytes
-~~ total allocations/frees...: 122621/122621
+~~ total memory allocated....: 6593286 bytes
+~~ total memory freed........: 6593286 bytes
+~~ total allocations/frees...: 122631/122631
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 503 chars
-~~ json string max len.......: 2350 chars
-~~ json string avg len.......: 1425 chars
+~~ json string max len.......: 3681 chars
+~~ json string avg len.......: 2091 chars
diff --git a/test/results/tls_verylong_certificate.pcap.out b/test/results/tls_verylong_certificate.pcap.out
index 5d65c0f55..2c34bbbae 100644
--- a/test/results/tls_verylong_certificate.pcap.out
+++ b/test/results/tls_verylong_certificate.pcap.out
@@ -21,9 +21,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6587474 bytes
-~~ total memory freed........: 6587474 bytes
-~~ total allocations/frees...: 122623/122623
+~~ total memory allocated....: 6592379 bytes
+~~ total memory freed........: 6592379 bytes
+~~ total allocations/frees...: 122633/122633
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 509 chars
 ~~ json string max len.......: 3896 chars
diff --git a/test/results/toca-boca.pcap.out b/test/results/toca-boca.pcap.out
index 5377978d7..b3a0148d4 100644
--- a/test/results/toca-boca.pcap.out
+++ b/test/results/toca-boca.pcap.out
@@ -124,9 +124,9 @@
 ~~ total active/idle flows...: 21/21
 ~~ total timeout flows.......: 3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6449979 bytes
-~~ total memory freed........: 6449979 bytes
-~~ total allocations/frees...: 122733/122733
+~~ total memory allocated....: 6455044 bytes
+~~ total memory freed........: 6455044 bytes
+~~ total allocations/frees...: 122743/122743
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 494 chars
 ~~ json string max len.......: 2138 chars
diff --git a/test/results/tor.pcap.out b/test/results/tor.pcap.out
index b003c5e32..d2d5d31a2 100644
--- a/test/results/tor.pcap.out
+++ b/test/results/tor.pcap.out
@@ -105,77 +105,76 @@
 01183{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1893,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1383822130889737,"flow_src_last_pkt_time":1383822131034778,"flow_dst_last_pkt_time":1383822131033681,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822131034778,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.jmts2id.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1894,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1383822131034778,"flow_dst_last_pkt_time":1383822131183159,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1383822131183159,"pkt":"UlQAWul3UlQA2EYhCABFAAAogW9AADQGlaIm5UY1wKgB\/AG7x+hg0\/cF9LcIslAQABBhHwAA"}
 01391{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1896,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1383822130889737,"flow_src_last_pkt_time":1383822131034778,"flow_dst_last_pkt_time":1383822131220406,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":929,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":929,"midstream":0,"thread_ts_usec":1383822131220406,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.jmts2id.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}}}
-02544{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1918,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1383822129897135,"flow_src_last_pkt_time":1383822132138706,"flow_dst_last_pkt_time":1383822132203451,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":4523,"flow_dst_tot_l4_payload_len":5299,"midstream":0,"thread_ts_usec":1383822132203451,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":146,"avg":146706.0,"max":990883,"stddev":220400.9,"var":48576569344.0,"ent":3.9,"data": [64392,65808,9514,82112,4238,79785,91000,88446,79568,146,78186,925,110026,109380,69120,1548,80197,113582,35660,145791,70785,343658,637547,693937,990883,1625,71983,109022,69049,180072,69902]},"pktlen": {"min":40,"avg":348.2,"max":1500,"stddev":347.1,"var":120448.8,"ent":4.3,"data": [52,52,46,253,40,788,174,99,114,1500,142,46,626,40,626,40,626,626,40,626,626,40,626,46,626,40,626,626,40,626,626,40]},"bins": {"c_to_s": [4,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1],"entropies": [4.477674961,4.945419312,4.398030758,5.406278133,4.834183693,7.371150017,6.711827278,5.947438717,6.057762146,7.837278366,6.586953163,4.398030758,7.662993908,4.834183693,7.681317329,4.734183788,7.663327694,7.608054161,4.734183788,7.639224529,7.648303986,4.734183788,7.669913292,4.441509247,7.652542591,4.834183693,7.641192913,7.661419868,4.784183979,7.663778782,7.666988373,4.734183788]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}}
-00283{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822132212345,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822132212345}
-00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822132203451,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
-02316{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1933,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1383822130889737,"flow_src_last_pkt_time":1383822133768898,"flow_dst_last_pkt_time":1383822133768590,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3998,"flow_dst_tot_l4_payload_len":5464,"midstream":0,"thread_ts_usec":1383822133768898,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":215,"avg":185742.4,"max":755290,"stddev":163607.9,"var":26767544320.0,"ent":4.5,"data": [143944,144327,714,149478,37247,195972,163599,153986,192261,56166,215,255054,2118,152835,143919,143900,44572,192109,147551,608487,755290,145485,149387,149841,132696,281585,155046,87778,477208,367752,127492]},"pktlen": {"min":40,"avg":337.4,"max":1500,"stddev":355.4,"var":126324.2,"ent":4.2,"data": [52,52,46,250,40,969,238,99,114,40,1500,126,46,626,40,626,40,626,626,40,626,626,40,626,40,626,626,40,626,46,626,52]},"bins": {"c_to_s": [5,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,0],"entropies": [4.593060017,4.815517426,4.414441109,5.291395664,4.834184170,7.550148964,6.920053005,5.919612408,6.132238388,4.884183884,7.868963718,6.428377628,4.330940247,7.664852619,4.730641365,7.653878212,4.780641079,7.642474174,7.667881489,4.784183979,7.644913673,7.622496128,4.884183884,7.554065228,4.784183979,7.660291672,7.637899399,4.884183884,7.647337437,4.544876099,7.647919655,4.743239880]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-01074{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":62,"flow_dst_packets_processed":79,"flow_first_seen":1383821665420161,"flow_src_last_pkt_time":1383821774457983,"flow_dst_last_pkt_time":1383821774457610,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":19175,"flow_dst_tot_l4_payload_len":41545,"midstream":0,"thread_ts_usec":1383822133787472,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-01072{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821693159821,"flow_src_last_pkt_time":1383821693159821,"flow_dst_last_pkt_time":1383821693159821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":210,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822133787472,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}}
-00897{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821734359648,"flow_src_last_pkt_time":1383821734359648,"flow_dst_last_pkt_time":1383821734359648,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1383822133787472,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00751{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821734359648,"flow_src_last_pkt_time":1383821734359648,"flow_dst_last_pkt_time":1383821734359648,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1383822133787472,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01312{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":18,"flow_first_seen":1383821666407384,"flow_src_last_pkt_time":1383821774461034,"flow_dst_last_pkt_time":1383821774460689,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3946,"flow_dst_tot_l4_payload_len":5300,"midstream":0,"thread_ts_usec":1383822133787472,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}}
-01321{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":580,"flow_dst_packets_processed":996,"flow_first_seen":1383821668403824,"flow_src_last_pkt_time":1383821774532755,"flow_dst_last_pkt_time":1383821774532380,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":112114,"flow_dst_tot_l4_payload_len":1189036,"midstream":0,"thread_ts_usec":1383822133787472,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}}
-00949{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1383821673254958,"flow_src_last_pkt_time":1383822123915516,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822133787472,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00283{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822134212476,"packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822134212476}
-00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822133931333,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
-00283{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822136212325,"packet_id":1944,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822136212325}
-00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1944,"source":"tor.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822134768201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
-00283{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822138212314,"packet_id":1945,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822138212314}
-00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1945,"source":"tor.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822134768201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
-00283{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822140212281,"packet_id":1946,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822140212281}
-00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1946,"source":"tor.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822134768201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
-00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822142212321,"packet_id":1947,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822142212321}
-00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1947,"source":"tor.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822134768201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
-00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822144212343,"packet_id":1948,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822144212343}
-00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1948,"source":"tor.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822134768201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
-00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822146212271,"packet_id":1949,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822146212271}
-00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1949,"source":"tor.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822134768201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
-00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822148212398,"packet_id":1950,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822148212398}
-00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1950,"source":"tor.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822134768201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
-00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822150212222,"packet_id":1951,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822150212222}
-00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1951,"source":"tor.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822134768201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
-00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":15,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822152212240,"packet_id":1952,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822152212240}
-00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1952,"source":"tor.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822134768201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
-00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822154212265,"packet_id":1954,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822154212265}
-00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1954,"source":"tor.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822153962104,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
-00950{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1383821673254958,"flow_src_last_pkt_time":1383822184001176,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1008,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822184001176,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383822190886155,"flow_src_last_pkt_time":1383822190886155,"flow_dst_last_pkt_time":1383822190886155,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822190886155,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1383822190886155,"flow_dst_last_pkt_time":1383822190886155,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1383822190886155,"pkt":"UlQA2EYhUlQAWul3CABFAAA0COtAAIAGZnzAqAH8PtKJ5sfxAbspsDzeAAAAAIACIACTeAAAAgQFtAEDAwgBAQQC"}
-00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2073,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1383822190886155,"flow_dst_last_pkt_time":1383822190950538,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1383822190950538,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADEGvmc+0onmwKgB\/AG7x\/Gvhi1nKbA834ASOQidcgAAAgQFtAEBBAIBAwMH"}
-00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2074,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1383822190951036,"flow_dst_last_pkt_time":1383822190950538,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1383822190951036,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCOxAAIAGZofAqAH8PtKJ5sfxAbspsDzfr4YtaFAQAQAWTQAAAAAAAAAA"}
-00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2075,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1383822190951387,"flow_dst_last_pkt_time":1383822190950538,"flow_idle_time":3285032704,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1383822190951387,"pkt":"UlQA2EYhUlQAWul3CABFAAECCO1AAIAGZazAqAH8PtKJ5sfxAbspsDzfr4YtaFAYAQCdOAAAFgMBANUBAADRAwFSe4F0W8quv62S3\/7ygOUuf1KhU9yi6dM6uUHTsgpIIwAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAGAAAAAcABoAABd3d3cuNmd5aXA3dHFpbTdzaWViLmNvbQALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="}
-01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2075,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1383822190886155,"flow_src_last_pkt_time":1383822190951387,"flow_dst_last_pkt_time":1383822190950538,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822190951387,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.6gyip7tqim7sieb.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
-00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2076,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1383822190951387,"flow_dst_last_pkt_time":1383822191021804,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1383822191021804,"pkt":"UlQAWul3UlQA2EYhCABFAAAo\/HtAADEGwfc+0onmwKgB\/AG7x\/Gvhi1oKbA9uVAQAHsV+AAA"}
-01400{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2077,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1383822190886155,"flow_src_last_pkt_time":1383822190951387,"flow_dst_last_pkt_time":1383822191037108,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":740,"midstream":0,"thread_ts_usec":1383822191037108,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.6gyip7tqim7sieb.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.a3uycdf3rn5md.com","subjectDN":"CN=www.l7xvysfnvkb.net","fingerprint":"EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0"}}}
-00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383822217531372,"flow_src_last_pkt_time":1383822217531372,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":89,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822217531372,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1383822217531372,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_usec":1383822217531372,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDIMBZjPcAAgAAgAAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
-00913{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383822217531372,"flow_src_last_pkt_time":1383822217531372,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":89,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822217531372,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2800,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1383822218758583,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_usec":1383822218758583,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDB8BZjPcAAgAAgBkAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
-00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2863,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1383822220774203,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_usec":1383822220774203,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhC1cBZjPcAAgAAgEsAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
-00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2952,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1383822224935668,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_usec":1383822224935668,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhCWMBZjPcAAgAAgMgAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
-00950{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2989,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1383821673254958,"flow_src_last_pkt_time":1383822214039100,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822230193510,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3010,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1383822232938483,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_usec":1383822232938483,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhBkMBZjPcAAgAAgZAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
-00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3822,"source":"tor.pcap","alias":"nDPId-test","packets-captured":3822,"packets-processed":3664,"total-skipped-flows":0,"total-l4-payload-len":2806614,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":5,"current-active-flows":6,"total-active-flows":11,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":158,"global_ts_usec":1383822260228953}
-02315{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3845,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1383822129889928,"flow_src_last_pkt_time":1383822265160118,"flow_dst_last_pkt_time":1383822265159585,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2761,"flow_dst_tot_l4_payload_len":5864,"midstream":0,"thread_ts_usec":1383822265160118,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":319,"avg":8727092.0,"max":72890007,"stddev":22568808.0,"var":509351076823040.0,"ent":2.1,"data": [59390,61607,13819,72120,2062,62909,63545,60042,79423,319,78805,1749,98338,96626,56518,4501,61844,64873,64036,73717,275721,252847,50798,9733,261423,61538274,61491411,72591366,72890007,3990,98034]},"pktlen": {"min":40,"avg":312.0,"max":1500,"stddev":345.9,"var":119666.8,"ent":4.2,"data": [52,52,46,249,40,783,174,99,114,1500,126,46,626,40,626,40,626,626,626,626,626,46,626,52,626,46,626,46,46,40,40,46]},"bins": {"c_to_s": [9,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0],"entropies": [4.501619816,4.930902481,4.441508770,5.332808495,4.834183693,7.397306919,6.658778667,6.048449516,6.157279968,7.876633167,6.546604156,4.441508770,7.673907757,4.834183693,7.638509750,4.884183884,7.663495541,7.670399189,7.645442486,7.664111614,7.640780926,4.484987259,7.650365353,4.880648136,7.645416737,4.544876099,7.673004150,4.457919598,4.457919598,4.734183788,4.734183788,4.501397610]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00955{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3857,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1383822217531372,"flow_src_last_pkt_time":1383822248944702,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822265221448,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01314{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":21,"flow_first_seen":1383822129897135,"flow_src_last_pkt_time":1383822265221448,"flow_dst_last_pkt_time":1383822265220844,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":4523,"flow_dst_tot_l4_payload_len":5885,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}}
-00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1383821673254958,"flow_src_last_pkt_time":1383822274144364,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00953{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1383822217531372,"flow_src_last_pkt_time":1383822248944702,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01073{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":1383822190886155,"flow_src_last_pkt_time":1383822265123975,"flow_dst_last_pkt_time":1383822265123334,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2770,"flow_dst_tot_l4_payload_len":5259,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-01072{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1383822129889928,"flow_src_last_pkt_time":1383822265160118,"flow_dst_last_pkt_time":1383822265159585,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2761,"flow_dst_tot_l4_payload_len":5864,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-01079{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":693,"flow_dst_packets_processed":1133,"flow_first_seen":1383822130889737,"flow_src_last_pkt_time":1383822265215958,"flow_dst_last_pkt_time":1383822265215370,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":140888,"flow_dst_tot_l4_payload_len":1270708,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","packets-captured":3859,"packets-processed":3694,"total-skipped-flows":0,"total-l4-payload-len":2811958,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":6,"current-active-flows":0,"total-active-flows":11,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":167,"global_ts_usec":1383822276211998}
+02544{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1915,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1383822129897135,"flow_src_last_pkt_time":1383822132138706,"flow_dst_last_pkt_time":1383822132203451,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":4523,"flow_dst_tot_l4_payload_len":5299,"midstream":0,"thread_ts_usec":1383822132203451,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":146,"avg":146706.0,"max":990883,"stddev":220400.9,"var":48576569344.0,"ent":3.9,"data": [64392,65808,9514,82112,4238,79785,91000,88446,79568,146,78186,925,110026,109380,69120,1548,80197,113582,35660,145791,70785,343658,637547,693937,990883,1625,71983,109022,69049,180072,69902]},"pktlen": {"min":40,"avg":348.2,"max":1500,"stddev":347.1,"var":120448.8,"ent":4.3,"data": [52,52,46,253,40,788,174,99,114,1500,142,46,626,40,626,40,626,626,40,626,626,40,626,46,626,40,626,626,40,626,626,40]},"bins": {"c_to_s": [4,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1],"entropies": [4.477674961,4.945419312,4.398030758,5.406278133,4.834183693,7.371150017,6.711827278,5.947438717,6.057762146,7.837278366,6.586953163,4.398030758,7.662993908,4.834183693,7.681317329,4.734183788,7.663327694,7.608054161,4.734183788,7.639224529,7.648303986,4.734183788,7.669913292,4.441509247,7.652542591,4.834183693,7.641192913,7.661419868,4.784183979,7.663778782,7.666988373,4.734183788]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}}
+00283{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822132212345,"packet_id":1916,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822132212345}
+00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1916,"source":"tor.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822132203451,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
+01074{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":62,"flow_dst_packets_processed":79,"flow_first_seen":1383821665420161,"flow_src_last_pkt_time":1383821774457983,"flow_dst_last_pkt_time":1383821774457610,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":19175,"flow_dst_tot_l4_payload_len":41545,"midstream":0,"thread_ts_usec":1383822132675112,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+01072{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821693159821,"flow_src_last_pkt_time":1383821693159821,"flow_dst_last_pkt_time":1383821693159821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":210,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822132675112,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}}
+00897{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821734359648,"flow_src_last_pkt_time":1383821734359648,"flow_dst_last_pkt_time":1383821734359648,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1383822132675112,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00751{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383821734359648,"flow_src_last_pkt_time":1383821734359648,"flow_dst_last_pkt_time":1383821734359648,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1383822132675112,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01312{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":18,"flow_first_seen":1383821666407384,"flow_src_last_pkt_time":1383821774461034,"flow_dst_last_pkt_time":1383821774460689,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3946,"flow_dst_tot_l4_payload_len":5300,"midstream":0,"thread_ts_usec":1383822132675112,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}}
+01321{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":580,"flow_dst_packets_processed":996,"flow_first_seen":1383821668403824,"flow_src_last_pkt_time":1383821774532755,"flow_dst_last_pkt_time":1383821774532380,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":112114,"flow_dst_tot_l4_payload_len":1189036,"midstream":0,"thread_ts_usec":1383822132675112,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}}
+00949{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1383821673254958,"flow_src_last_pkt_time":1383822123915516,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822132675112,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+00283{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822134212476,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822134212476}
+00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822132675112,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
+00283{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822136212325,"packet_id":1922,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822136212325}
+00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1922,"source":"tor.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822132675112,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
+00283{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822138212314,"packet_id":1923,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822138212314}
+00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1923,"source":"tor.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822132675112,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
+00283{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822140212281,"packet_id":1924,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822140212281}
+00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1924,"source":"tor.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822132675112,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
+00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822142212321,"packet_id":1925,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822142212321}
+00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1925,"source":"tor.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822132675112,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
+00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822144212343,"packet_id":1926,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822144212343}
+00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1926,"source":"tor.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822132675112,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
+00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822146212271,"packet_id":1927,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822146212271}
+00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1927,"source":"tor.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822132675112,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
+00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822148212398,"packet_id":1928,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822148212398}
+00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1928,"source":"tor.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822132675112,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
+00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822150212222,"packet_id":1929,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822150212222}
+00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1929,"source":"tor.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822132675112,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
+00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":15,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822152212240,"packet_id":1930,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822152212240}
+00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1930,"source":"tor.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822132675112,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
+00284{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383822154212265,"packet_id":1932,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383822154212265}
+00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1932,"source":"tor.pcap","alias":"nDPId-test","pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383822153962104,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
+00950{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1956,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1383821673254958,"flow_src_last_pkt_time":1383822184001176,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1008,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822184001176,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1956,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383822190886155,"flow_src_last_pkt_time":1383822190886155,"flow_dst_last_pkt_time":1383822190886155,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822190886155,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1956,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1383822190886155,"flow_dst_last_pkt_time":1383822190886155,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1383822190886155,"pkt":"UlQA2EYhUlQAWul3CABFAAA0COtAAIAGZnzAqAH8PtKJ5sfxAbspsDzeAAAAAIACIACTeAAAAgQFtAEDAwgBAQQC"}
+00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1957,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1383822190886155,"flow_dst_last_pkt_time":1383822190950538,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1383822190950538,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADEGvmc+0onmwKgB\/AG7x\/Gvhi1nKbA834ASOQidcgAAAgQFtAEBBAIBAwMH"}
+00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1958,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1383822190951036,"flow_dst_last_pkt_time":1383822190950538,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1383822190951036,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCOxAAIAGZofAqAH8PtKJ5sfxAbspsDzfr4YtaFAQAQAWTQAAAAAAAAAA"}
+00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1959,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1383822190951387,"flow_dst_last_pkt_time":1383822190950538,"flow_idle_time":3285032704,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1383822190951387,"pkt":"UlQA2EYhUlQAWul3CABFAAECCO1AAIAGZazAqAH8PtKJ5sfxAbspsDzfr4YtaFAYAQCdOAAAFgMBANUBAADRAwFSe4F0W8quv62S3\/7ygOUuf1KhU9yi6dM6uUHTsgpIIwAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAGAAAAAcABoAABd3d3cuNmd5aXA3dHFpbTdzaWViLmNvbQALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="}
+01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1959,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1383822190886155,"flow_src_last_pkt_time":1383822190951387,"flow_dst_last_pkt_time":1383822190950538,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822190951387,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.6gyip7tqim7sieb.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1960,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1383822190951387,"flow_dst_last_pkt_time":1383822191021804,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1383822191021804,"pkt":"UlQAWul3UlQA2EYhCABFAAAo\/HtAADEGwfc+0onmwKgB\/AG7x\/Gvhi1oKbA9uVAQAHsV+AAA"}
+01400{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1961,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1383822190886155,"flow_src_last_pkt_time":1383822190951387,"flow_dst_last_pkt_time":1383822191037108,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":740,"midstream":0,"thread_ts_usec":1383822191037108,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.6gyip7tqim7sieb.com","tls": {"version":"TLSv1","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.a3uycdf3rn5md.com","subjectDN":"CN=www.l7xvysfnvkb.net","fingerprint":"EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0"}}}
+00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1998,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383822217531372,"flow_src_last_pkt_time":1383822217531372,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":89,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822217531372,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1998,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1383822217531372,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_usec":1383822217531372,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDIMBZjPcAAgAAgAAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
+00913{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1998,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383822217531372,"flow_src_last_pkt_time":1383822217531372,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":89,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822217531372,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2000,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1383822218758583,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_usec":1383822218758583,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDB8BZjPcAAgAAgBkAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
+00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2002,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1383822220774203,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_usec":1383822220774203,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhC1cBZjPcAAgAAgEsAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
+00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2005,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1383822224935668,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_usec":1383822224935668,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhCWMBZjPcAAgAAgMgAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
+00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2010,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1383822232938483,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_usec":1383822232938483,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhBkMBZjPcAAgAAgZAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
+00950{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2012,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1383821673254958,"flow_src_last_pkt_time":1383822214039100,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822232938483,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2031,"source":"tor.pcap","alias":"nDPId-test","packets-captured":2031,"packets-processed":1873,"total-skipped-flows":0,"total-l4-payload-len":1404406,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":5,"current-active-flows":6,"total-active-flows":11,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":157,"global_ts_usec":1383822262211943}
+02315{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2040,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1383822129889928,"flow_src_last_pkt_time":1383822265160118,"flow_dst_last_pkt_time":1383822265159585,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2761,"flow_dst_tot_l4_payload_len":5864,"midstream":0,"thread_ts_usec":1383822265160118,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":319,"avg":8727092.0,"max":72890007,"stddev":22568808.0,"var":509351076823040.0,"ent":2.1,"data": [59390,61607,13819,72120,2062,62909,63545,60042,79423,319,78805,1749,98338,96626,56518,4501,61844,64873,64036,73717,275721,252847,50798,9733,261423,61538274,61491411,72591366,72890007,3990,98034]},"pktlen": {"min":40,"avg":312.0,"max":1500,"stddev":345.9,"var":119666.8,"ent":4.2,"data": [52,52,46,249,40,783,174,99,114,1500,126,46,626,40,626,40,626,626,626,626,626,46,626,52,626,46,626,46,46,40,40,46]},"bins": {"c_to_s": [9,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0],"entropies": [4.501619816,4.930902481,4.441508770,5.332808495,4.834183693,7.397306919,6.658778667,6.048449516,6.157279968,7.876633167,6.546604156,4.441508770,7.673907757,4.834183693,7.638509750,4.884183884,7.663495541,7.670399189,7.645442486,7.664111614,7.640780926,4.484987259,7.650365353,4.880648136,7.645416737,4.544876099,7.673004150,4.457919598,4.457919598,4.734183788,4.734183788,4.501397610]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00955{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2046,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1383822217531372,"flow_src_last_pkt_time":1383822248944702,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822265221448,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01314{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2050,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":21,"flow_first_seen":1383822129897135,"flow_src_last_pkt_time":1383822265221448,"flow_dst_last_pkt_time":1383822265220844,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":4523,"flow_dst_tot_l4_payload_len":5885,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}}
+00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2050,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1383821673254958,"flow_src_last_pkt_time":1383822274144364,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+00953{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2050,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1383822217531372,"flow_src_last_pkt_time":1383822248944702,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01073{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2050,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":1383822190886155,"flow_src_last_pkt_time":1383822265123975,"flow_dst_last_pkt_time":1383822265123334,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2770,"flow_dst_tot_l4_payload_len":5259,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+01072{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2050,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1383822129889928,"flow_src_last_pkt_time":1383822265160118,"flow_dst_last_pkt_time":1383822265159585,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2761,"flow_dst_tot_l4_payload_len":5864,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+01069{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2050,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":9,"flow_first_seen":1383822130889737,"flow_src_last_pkt_time":1383822131785827,"flow_dst_last_pkt_time":1383822131929382,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1654,"flow_dst_tot_l4_payload_len":2534,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2050,"source":"tor.pcap","alias":"nDPId-test","packets-captured":2050,"packets-processed":1885,"total-skipped-flows":0,"total-l4-payload-len":1404550,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":6,"current-active-flows":0,"total-active-flows":11,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":166,"global_ts_usec":1383822276211998}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
-~~ packets captured/processed: 3859/3694
+~~ packets captured/processed: 2050/1885
 ~~ skipped flows.............: 0
-~~ total layer4 data length..: 2811958 bytes
+~~ total layer4 data length..: 1404550 bytes
 ~~ total detected protocols..: 10
 ~~ total active/idle flows...: 11/11
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6566074 bytes
-~~ total memory freed........: 6566074 bytes
-~~ total allocations/frees...: 126278/126278
+~~ total memory allocated....: 6518598 bytes
+~~ total memory freed........: 6518598 bytes
+~~ total allocations/frees...: 124479/124479
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 285 chars
 ~~ json string max len.......: 2572 chars
diff --git a/test/results/tplink_shp.pcap.out b/test/results/tplink_shp.pcap.out
new file mode 100644
index 000000000..52e079589
--- /dev/null
+++ b/test/results/tplink_shp.pcap.out
@@ -0,0 +1,329 @@
+00490{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tplink_shp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tplink_shp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1671480246580620}
+00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671480246580620,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480246580620,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1671480246580620,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480246580620,"pkt":"\/\/\/\/\/\/\/\/IN+5tLqxCABFAAA5AABAAEARh+LAqPIp\/\/\/\/\/ycPJw8AJQ1F0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671480246580620,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480246580620,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671480252766159,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480252766159,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1671480252766159,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480252766159,"pkt":"\/\/\/\/\/\/\/\/5PBCXd06CABFAAA5AABAAEARh+PAqPIo\/\/\/\/\/ycPJw8AJQ1G0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671480252766159,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480252766159,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671480255663786,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480255663786,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1671480255663786,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480255663786,"pkt":"\/\/\/\/\/\/\/\/2Ix5Hs98CABFAAA5w4FAAEARxCbAqPJj\/\/\/\/\/ycPJw8AJQ0L0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671480255663786,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480255663786,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671480258080467,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480258080467,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1671480258080467,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480258080467,"pkt":"\/\/\/\/\/\/\/\/pHczz+vBCABFAAA5AABAAEARh+XAqPIm\/\/\/\/\/ycPJw8AJQ1I0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671480258080467,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480258080467,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671480280769735,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480280769735,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1671480280769735,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480280769735,"pkt":"\/\/\/\/\/\/\/\/IN+5TpCXCABFAAA5mdNAAEAR7dXAqPJi\/\/\/\/\/ycPJw8AJQ0M0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671480280769735,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480280769735,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671480289264790,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480289264790,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1671480289264790,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480289264790,"pkt":"\/\/\/\/\/\/\/\/FMFOitzKCABFAAA5hrVAAEARANzAqPJ6\/\/\/\/\/ycPJw8AJQz00PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671480289264790,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480289264790,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671480290288997,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480290288997,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1671480290288997,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480290288997,"pkt":"\/\/\/\/\/\/\/\/fC69L3q0CABFAAA5AABAAEARh+vAqPIg\/\/\/\/\/ycPJw8AJQ1O0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671480290288997,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480290288997,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671480293814339,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480293814339,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1671480293814339,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480293814339,"pkt":"\/\/\/\/\/\/\/\/OItZIxZUCABFAAA5AABAAEARh+rAqPIh\/\/\/\/\/ycPJw8AJQ1N0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671480293814339,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480293814339,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00960{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":9,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671480246580620,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480293814339,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1671480306562122,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480306562122,"pkt":"\/\/\/\/\/\/\/\/IN+5tLqxCABFAAA5AABAAEARh+LAqPIp\/\/\/\/\/ycPJw8AJQ1F0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1671480312773048,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480312773048,"pkt":"\/\/\/\/\/\/\/\/5PBCXd06CABFAAA5AABAAEARh+PAqPIo\/\/\/\/\/ycPJw8AJQ1G0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1671480315656940,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480315656940,"pkt":"\/\/\/\/\/\/\/\/2Ix5Hs98CABFAAA5hbVAAEARAfPAqPJj\/\/\/\/\/ycPJw8AJQ0L0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":12,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671480312773048,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480315656940,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":12,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671480258080467,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480315656940,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":12,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671480315656940,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480315656940,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1671480318083945,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480318083945,"pkt":"\/\/\/\/\/\/\/\/pHczz+vBCABFAAA5AABAAEARh+XAqPIm\/\/\/\/\/ycPJw8AJQ1I0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1671480340772546,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480340772546,"pkt":"\/\/\/\/\/\/\/\/IN+5TpCXCABFAAA5zU9AAEARulnAqPJi\/\/\/\/\/ycPJw8AJQ0M0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1671480349264585,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480349264585,"pkt":"\/\/\/\/\/\/\/\/FMFOitzKCABFAAA5jJVAAEAR+vvAqPJ6\/\/\/\/\/ycPJw8AJQz00PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1671480350283902,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480350283902,"pkt":"\/\/\/\/\/\/\/\/fC69L3q0CABFAAA5AABAAEARh+vAqPIg\/\/\/\/\/ycPJw8AJQ1O0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":16,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671480306562122,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480350283902,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":16,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671480350283902,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480350283902,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":16,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671480293814339,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480350283902,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":16,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671480340772546,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480350283902,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":16,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671480349264585,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480350283902,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1671480353867580,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480353867580,"pkt":"\/\/\/\/\/\/\/\/OItZIxZUCABFAAA5AABAAEARh+rAqPIh\/\/\/\/\/ycPJw8AJQ1N0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1671480366589024,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480366589024,"pkt":"\/\/\/\/\/\/\/\/IN+5tLqxCABFAAA5AABAAEARh+LAqPIp\/\/\/\/\/ycPJw8AJQ1F0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1671480372765282,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480372765282,"pkt":"\/\/\/\/\/\/\/\/5PBCXd06CABFAAA5AABAAEARh+PAqPIo\/\/\/\/\/ycPJw8AJQ1G0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1671480375677380,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480375677380,"pkt":"\/\/\/\/\/\/\/\/2Ix5Hs98CABFAAA5s5NAAEAR1BTAqPJj\/\/\/\/\/ycPJw8AJQ0L0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":20,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671480372765282,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":87,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480375677380,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":20,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671480318083945,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480375677380,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":20,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671480375677380,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":87,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480375677380,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1671480378101041,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480378101041,"pkt":"\/\/\/\/\/\/\/\/pHczz+vBCABFAAA5AABAAEARh+XAqPIm\/\/\/\/\/ycPJw8AJQ1I0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1671480400780520,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480400780520,"pkt":"\/\/\/\/\/\/\/\/IN+5TpCXCABFAAA576tAAEARl\/3AqPJi\/\/\/\/\/ycPJw8AJQ0M0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1671480409259767,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480409259767,"pkt":"\/\/\/\/\/\/\/\/FMFOitzKCABFAAA5kt5AAEAR9LLAqPJ6\/\/\/\/\/ycPJw8AJQz00PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1671480410289362,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480410289362,"pkt":"\/\/\/\/\/\/\/\/fC69L3q0CABFAAA5AABAAEARh+vAqPIg\/\/\/\/\/ycPJw8AJQ1O0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":24,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671480366589024,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":87,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480410289362,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":24,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671480410289362,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":87,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480410289362,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":24,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671480353867580,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480410289362,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":24,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671480400780520,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":87,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480410289362,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":24,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671480409259767,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":87,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480410289362,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1671480413878003,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480413878003,"pkt":"\/\/\/\/\/\/\/\/OItZIxZUCABFAAA5AABAAEARh+rAqPIh\/\/\/\/\/ycPJw8AJQ1N0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1671480426622569,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480426622569,"pkt":"\/\/\/\/\/\/\/\/IN+5tLqxCABFAAA5AABAAEARh+LAqPIp\/\/\/\/\/ycPJw8AJQ1F0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1671480432753395,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480432753395,"pkt":"\/\/\/\/\/\/\/\/5PBCXd06CABFAAA5AABAAEARh+PAqPIo\/\/\/\/\/ycPJw8AJQ1G0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1671480435668359,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480435668359,"pkt":"\/\/\/\/\/\/\/\/2Ix5Hs98CABFAAA5VN9AAEARMsnAqPJj\/\/\/\/\/ycPJw8AJQ0L0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":28,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671480432753395,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480435668359,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":28,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671480378101041,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":87,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480435668359,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":28,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671480435668359,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480435668359,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1671480438114184,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480438114184,"pkt":"\/\/\/\/\/\/\/\/pHczz+vBCABFAAA5AABAAEARh+XAqPIm\/\/\/\/\/ycPJw8AJQ1I0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1671480460813682,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480460813682,"pkt":"\/\/\/\/\/\/\/\/IN+5TpCXCABFAAA5C1tAAEARfE7AqPJi\/\/\/\/\/ycPJw8AJQ0M0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1671480469277287,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480469277287,"pkt":"\/\/\/\/\/\/\/\/FMFOitzKCABFAAA5l49AAEAR8AHAqPJ6\/\/\/\/\/ycPJw8AJQz00PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1671480470298932,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480470298932,"pkt":"\/\/\/\/\/\/\/\/fC69L3q0CABFAAA5AABAAEARh+vAqPIg\/\/\/\/\/ycPJw8AJQ1O0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":32,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671480426622569,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480470298932,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":32,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671480470298932,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480470298932,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":32,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671480413878003,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":87,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480470298932,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":32,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671480460813682,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480470298932,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":32,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671480469277287,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480470298932,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1671480473831430,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480473831430,"pkt":"\/\/\/\/\/\/\/\/OItZIxZUCABFAAA5AABAAEARh+rAqPIh\/\/\/\/\/ycPJw8AJQ1N0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1671480486648552,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480486648552,"pkt":"\/\/\/\/\/\/\/\/IN+5tLqxCABFAAA5AABAAEARh+LAqPIp\/\/\/\/\/ycPJw8AJQ1F0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1671480492809273,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480492809273,"pkt":"\/\/\/\/\/\/\/\/5PBCXd06CABFAAA5AABAAEARh+PAqPIo\/\/\/\/\/ycPJw8AJQ1G0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1671480495662877,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480495662877,"pkt":"\/\/\/\/\/\/\/\/2Ix5Hs98CABFAAA59JNAAEARkxTAqPJj\/\/\/\/\/ycPJw8AJQ0L0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":36,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671480492809273,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480495662877,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":36,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671480438114184,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480495662877,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":36,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671480495662877,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480495662877,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1671480498062429,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480498062429,"pkt":"\/\/\/\/\/\/\/\/pHczz+vBCABFAAA5AABAAEARh+XAqPIm\/\/\/\/\/ycPJw8AJQ1I0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1671480520757274,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480520757274,"pkt":"\/\/\/\/\/\/\/\/IN+5TpCXCABFAAA5NrhAAEARUPHAqPJi\/\/\/\/\/ycPJw8AJQ0M0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1671480529270039,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480529270039,"pkt":"\/\/\/\/\/\/\/\/FMFOitzKCABFAAA5rYZAAEAR2grAqPJ6\/\/\/\/\/ycPJw8AJQz00PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1671480530317926,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480530317926,"pkt":"\/\/\/\/\/\/\/\/fC69L3q0CABFAAA5AABAAEARh+vAqPIg\/\/\/\/\/ycPJw8AJQ1O0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":40,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671480486648552,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480530317926,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":40,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671480530317926,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480530317926,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":40,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671480473831430,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480530317926,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":40,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671480520757274,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480530317926,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":40,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671480529270039,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480530317926,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1671480533779323,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480533779323,"pkt":"\/\/\/\/\/\/\/\/OItZIxZUCABFAAA5AABAAEARh+rAqPIh\/\/\/\/\/ycPJw8AJQ1N0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":44,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671480554851666,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480555666583,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":44,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671480498062429,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480555666583,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":44,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671480555666583,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480555666583,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":48,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671480546667991,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480590329923,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":48,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671480590329923,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480590329923,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":48,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671480533779323,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480590329923,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":48,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671480580799033,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480590329923,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":48,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671480589268240,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480590329923,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671480613331882,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480615671641,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671480558185858,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480615671641,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671480615671641,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480615671641,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":56,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671480606697051,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480650360053,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":56,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671480650360053,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480650360053,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":56,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671480593855942,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480650360053,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":56,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671480640810034,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480650360053,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":56,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671480649269778,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480650360053,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":60,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671480672860839,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480675663020,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":60,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671480618129824,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480675663020,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":60,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671480675663020,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480675663020,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671480666704969,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480710407887,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671480710407887,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480710407887,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671480653831532,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480710407887,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671480700799045,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480710407887,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671480709274593,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480710407887,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":68,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671480732840018,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480735681890,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":68,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671480678192159,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480735681890,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":68,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671480735681890,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480735681890,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":72,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671480726665565,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480770378796,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":72,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671480770378796,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480770378796,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":72,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671480713797846,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480770378796,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":72,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671480760812695,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480770378796,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":72,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671480769265454,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480770378796,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":76,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671480792862462,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480795665181,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":76,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671480738194045,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480795665181,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":76,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671480795665181,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480795665181,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671480786684107,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480829271720,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671480770378796,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480829271720,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671480773884477,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480829271720,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671480820817294,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480829271720,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671480829271720,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480829271720,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":81,"source":"tplink_shp.pcap","alias":"nDPId-test","packets-captured":81,"packets-processed":80,"total-skipped-flows":0,"total-l4-payload-len":2320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":73,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":132,"global_ts_usec":1671480846725682}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":84,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671480852858303,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480855668852,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":84,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671480798218993,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480855668852,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":84,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671480855668852,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480855668852,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":87,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671480846725682,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480889278341,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":87,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671480833158513,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480889278341,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":87,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671480833911561,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480889278341,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":87,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671480880781992,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480889278341,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":87,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671480889278341,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480889278341,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":92,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671480912898448,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480915663379,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":92,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671480858214439,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480915663379,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":92,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671480915663379,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480915663379,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":95,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671480906733469,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480950388203,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":95,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671480950388203,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480950388203,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":95,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671480893896110,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480950388203,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":95,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671480940794292,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480950388203,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":95,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671480889278341,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480950388203,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":100,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671480972919283,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":377,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480975660464,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":100,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671480918230271,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480975660464,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":100,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671480975660464,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":377,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480975660464,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":104,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671480966792209,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":377,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481010427987,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":104,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671481010427987,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":377,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481010427987,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":104,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671480953973627,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481010427987,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":104,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671481000835818,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":377,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481010427987,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":104,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671481009277208,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":377,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481010427987,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":108,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671481032928127,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":406,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481035664139,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":108,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671480978223748,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":377,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481035664139,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":108,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671481035664139,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":406,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481035664139,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":111,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671481026802106,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":406,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481070417361,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":111,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671481070417361,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":406,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481070417361,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":111,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671481013911856,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":377,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481070417361,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":111,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671481060853616,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":406,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481070417361,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":111,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671481009277208,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":377,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481070417361,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":116,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671481092939138,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":435,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481095655646,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":116,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671481038204539,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":406,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481095655646,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":116,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671481095655646,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":435,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481095655646,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":120,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671481086790256,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":435,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481130441023,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":120,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671481130441023,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":435,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481130441023,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":120,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671481073885091,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":406,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481130441023,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":120,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671481120829395,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":435,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481130441023,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":120,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671481129275265,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":435,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481130441023,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":124,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671481152971422,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481155668980,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":124,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671481098224804,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":435,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481155668980,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":124,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671481155668980,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481155668980,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":128,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671481146823072,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481190462969,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":128,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671481190462969,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481190462969,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":128,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671481133917057,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":435,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481190462969,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":128,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671481180829505,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481190462969,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":128,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671481189279556,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481190462969,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":132,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671481212917347,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":493,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481215668360,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":132,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671481158255475,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481215668360,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":132,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671481215668360,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":493,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481215668360,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":136,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671481206851026,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":493,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481250515271,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":136,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671481250515271,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":493,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481250515271,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":136,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671481194000080,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481250515271,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":136,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671481240811889,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":493,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481250515271,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":136,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671481249280166,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":493,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481250515271,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":140,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671481272978054,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481275671496,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":140,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671481218223962,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":493,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481275671496,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":140,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671481275671496,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481275671496,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":144,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671481266850055,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481310484233,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":144,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671481310484233,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481310484233,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":144,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671481253952626,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":493,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481310484233,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":144,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671481300889229,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481310484233,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":144,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671481309277797,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481310484233,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":148,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671481332940404,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":551,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481335667299,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":148,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671481278349037,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481335667299,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":148,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671481335667299,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":551,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481335667299,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":152,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671481326869840,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":551,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481370534424,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":152,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671481370534424,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":551,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481370534424,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":152,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671481313934690,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481370534424,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":152,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671481360858753,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":551,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481370534424,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":152,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671481369279642,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":551,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481370534424,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":156,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671481392984326,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481395655468,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":156,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671481338194297,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":551,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481395655468,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":156,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671481395655468,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481395655468,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":160,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671481386841702,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481430535190,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":160,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671481430535190,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481430535190,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":160,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671481373980200,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":551,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481430535190,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":160,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671481420854606,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481430535190,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":160,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671481429280552,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481430535190,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"tplink_shp.pcap","alias":"nDPId-test","packets-captured":161,"packets-processed":160,"total-skipped-flows":0,"total-l4-payload-len":4640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":153,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":213,"global_ts_usec":1671481446878800}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":164,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671481452994794,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":609,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481455655666,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":164,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671481398291656,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481455655666,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":164,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671481455655666,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":609,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481455655666,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":168,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671481446878800,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":609,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481490565180,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":168,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671481490565180,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":609,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481490565180,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":168,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671481434002467,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481490565180,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":168,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671481480885402,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":609,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481490565180,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":168,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671481489281385,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":609,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481490565180,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":172,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671481513013093,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":638,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481515659871,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":172,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671481458337210,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":609,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481515659871,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":172,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671481515659871,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":638,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481515659871,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":176,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671481506917157,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":638,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481550555450,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":176,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671481550555450,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":638,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481550555450,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":176,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671481494031676,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":609,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481550555450,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":176,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671481540857786,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":638,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481550555450,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":176,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671481549282384,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":638,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481550555450,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":180,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671481575695219,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":667,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481575695219,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":180,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671481518305970,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":638,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481575695219,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":180,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671481575663006,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":667,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481575695219,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":184,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671481566886843,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":667,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481610583787,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":184,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671481610583787,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":667,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481610583787,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":184,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671481554000304,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":638,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481610583787,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":184,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671481600857527,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":667,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481610583787,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":184,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671481609282290,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":667,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481610583787,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":188,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671481634877542,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481635667039,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":188,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671481578359315,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":667,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481635667039,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":188,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671481635667039,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481635667039,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":192,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671481626934336,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481670596940,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":192,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671481670596940,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481670596940,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":192,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671481614035985,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":667,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481670596940,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":192,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671481660882118,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481670596940,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":192,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671481669282601,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481670596940,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":196,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671481693035410,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":725,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481695663961,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":196,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671481638273453,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481695663961,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":196,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671481695663961,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":725,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481695663961,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":200,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671481686983953,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":725,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481730582944,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":200,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671481730582944,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":725,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481730582944,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":200,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671481674150577,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481730582944,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":200,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671481720863467,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":725,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481730582944,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":200,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671481729283165,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":725,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481730582944,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":204,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671481753082630,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":754,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481755671988,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":204,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671481698305739,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":725,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481755671988,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":204,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671481755671988,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":754,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481755671988,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":207,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671481746954460,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":754,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481789283206,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":207,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671481730582944,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":725,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481789283206,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":207,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671481734031956,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":725,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481789283206,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":207,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671481780884428,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":754,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481789283206,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":207,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671481789283206,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":754,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481789283206,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":212,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671481813094983,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":783,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481815778239,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":212,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671481758346711,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":754,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481815778239,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":212,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671481815778239,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":783,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481815778239,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":216,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671481806982557,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":783,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481850601390,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":216,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671481850601390,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":783,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481850601390,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":216,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671481794002011,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":754,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481850601390,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":216,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671481840902325,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":783,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481850601390,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":216,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671481849283492,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":783,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481850601390,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":220,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671481873097495,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":812,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481875660246,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":220,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671481818354401,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":783,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481875660246,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":220,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671481875660246,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":812,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481875660246,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":224,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671481867003493,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":812,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481910684034,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":224,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671481910684034,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":812,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481910684034,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":224,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671481854069548,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":783,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481910684034,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":224,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671481900878031,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":812,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481910684034,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":224,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671481909285191,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":812,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481910684034,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":228,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671481933143245,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":841,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481935667062,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":228,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671481878344587,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":812,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481935667062,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":228,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671481935667062,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":841,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481935667062,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":232,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671481927061783,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":841,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481970672790,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":232,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671481970672790,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":841,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481970672790,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":232,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671481914081025,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":812,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481970672790,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":232,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671481960883218,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":841,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481970672790,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":232,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671481969278979,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":841,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481970672790,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":236,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671481993122731,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":870,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481995660783,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":236,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671481938349601,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":841,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481995660783,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":236,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671481995660783,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":870,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481995660783,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":240,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671481987002803,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":870,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482030718391,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":240,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671482030718391,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":870,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482030718391,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":240,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671481974156304,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":841,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482030718391,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":240,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671482020847120,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":870,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482030718391,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":240,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671482029297368,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":870,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482030718391,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":241,"source":"tplink_shp.pcap","alias":"nDPId-test","packets-captured":241,"packets-processed":240,"total-skipped-flows":0,"total-l4-payload-len":6960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":233,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":294,"global_ts_usec":1671482047021959}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671482053161546,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482055666013,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671481998330813,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":870,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482055666013,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671482055666013,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482055666013,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":248,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671482047021959,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482090672452,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":248,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671482090672452,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482090672452,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":248,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671482034164543,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":870,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482090672452,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":248,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671482080865704,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482090672452,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":248,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671482089288803,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482090672452,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+02260{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":249,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671482107022461,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":928,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482107022461,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":59941020,"avg":60014252.0,"max":60058740,"stddev":28832.0,"var":831283968.0,"ent":5.0,"data": [59981502,60026902,60033545,60025983,60019439,60029060,60007918,59960596,60018542,60041575,60007787,60058740,60009897,59988150,60032816,60027954,59999029,60019785,59971862,60037098,60038357,59969686,60047493,60049617,59970507,60028097,60020936,60058290,59941020,60019156,60000502]},"pktlen": {"min":57,"avg":57.0,"max":57,"stddev":0.0,"var":0.0,"ent":5.0,"data": [57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57]},"bins": {"c_to_s": [32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971,4.992990971]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+02264{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":250,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671482113211224,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":928,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482113211224,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":58157868,"avg":60014356.0,"max":62682126,"stddev":761550.5,"var":579959128064.0,"ent":5.0,"data": [60006889,59992234,59988113,60055878,62042393,58480216,59528957,59979179,60022444,59995841,60040145,60020835,60008844,60011011,60032284,59945925,60060707,59962350,60043922,60010468,60018299,62682126,59182323,58157868,60047220,60012353,60002512,60045750,59979486,60038815,60049678]},"pktlen": {"min":57,"avg":57.0,"max":57,"stddev":0.0,"var":0.0,"ent":5.0,"data": [57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57]},"bins": {"c_to_s": [32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556,5.028078556]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+02261{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":251,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671482115665844,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":928,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482115665844,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":59882007,"avg":60000068.0,"max":60106251,"stddev":33292.3,"var":1108378624.0,"ent":5.0,"data": [59993154,60020440,59990979,59994518,60003706,60005058,59991379,60018870,59983291,60003671,59994527,59997085,60003675,59991507,60013334,59999380,60003136,59995803,59988169,60000198,60004205,60003135,60004033,59996922,60008027,60106251,59882007,60006816,59993721,60005230,59999831]},"pktlen": {"min":57,"avg":57.0,"max":57,"stddev":0.0,"var":0.0,"ent":5.0,"data": [57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57,57]},"bins": {"c_to_s": [32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.159829617,5.194917202,5.194917202,5.194917679,5.159829617,5.194917679,5.194917679,5.194917679,5.194917679,5.091405869,5.159829140,5.159829140,5.194917202,5.194917679,5.194917679,5.194917679,5.146585464,5.124742031,5.159829140,5.159829617,5.159829617,5.146585464,5.194917679,5.194917202,5.194917679,5.159829617,5.194917202,5.194917202,5.124741554,5.159829617,5.194917679,5.194917202]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":251,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671482089288803,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482115665844,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":251,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671482080865704,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482115665844,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":251,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671482115665844,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":928,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482115665844,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":251,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671482094208189,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482115665844,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":251,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":0,"flow_first_seen":1671480290288997,"flow_src_last_pkt_time":1671482090672452,"flow_dst_last_pkt_time":1671480290288997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482115665844,"l3_proto":"ip4","src_ip":"192.168.242.32","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":251,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671482058418105,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482115665844,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":251,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671482113211224,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":928,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482115665844,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":251,"source":"tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671482107022461,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":928,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482115665844,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":251,"source":"tplink_shp.pcap","alias":"nDPId-test","packets-captured":251,"packets-processed":251,"total-skipped-flows":0,"total-l4-payload-len":7279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":241,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":314,"global_ts_usec":1671482115665844}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 251/251
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 7279 bytes
+~~ total detected protocols..: 8
+~~ total active/idle flows...: 8/8
+~~ total timeout flows.......: 0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 6436362 bytes
+~~ total memory freed........: 6436362 bytes
+~~ total allocations/frees...: 122766/122766
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ json string min len.......: 495 chars
+~~ json string max len.......: 2269 chars
+~~ json string avg len.......: 1381 chars
diff --git a/test/results/trickbot.pcap.out b/test/results/trickbot.pcap.out
index 741644c43..b750e6405 100644
--- a/test/results/trickbot.pcap.out
+++ b/test/results/trickbot.pcap.out
@@ -19,9 +19,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414127 bytes
-~~ total memory freed........: 6414127 bytes
-~~ total allocations/frees...: 122517/122517
+~~ total memory allocated....: 6419038 bytes
+~~ total memory freed........: 6419038 bytes
+~~ total allocations/frees...: 122528/122528
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 493 chars
 ~~ json string max len.......: 2506 chars
diff --git a/test/results/tumblr.pcap.out b/test/results/tumblr.pcap.out
index 90e3c6748..31d7041c9 100644
--- a/test/results/tumblr.pcap.out
+++ b/test/results/tumblr.pcap.out
@@ -33,304 +33,303 @@
 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1605292104650967,"flow_dst_last_pkt_time":1605292104650967,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292104650967,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MQoWdXXNVgBAB9YSyAAABAQgKTYTpp8Lc6wE="}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1605292104650967,"flow_dst_last_pkt_time":1605292104716333,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292104716333,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1dc1X\/jEKGgBAMSBTRAAABAQgKwt2b\/U1+nj4="}
 02141{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":57,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292103810303,"flow_src_last_pkt_time":1605292105112205,"flow_dst_last_pkt_time":1605292105112063,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":382,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":607,"flow_dst_tot_l4_payload_len":11474,"midstream":1,"thread_ts_usec":1605292105112205,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":83989.1,"max":700859,"stddev":188930.8,"var":35694845952.0,"ent":2.6,"data": [870,91738,194148,2,1,2772,104383,700859,700827,1324,5830,44963,352,357119,395282,1534,2,2,1,1,1,1,2,1529,39,13,18,11,13,13,12]},"pktlen": {"min":72,"avg":449.5,"max":1472,"stddev":576.4,"var":332266.9,"ent":4.0,"data": [454,111,111,72,72,72,111,72,944,72,107,184,72,72,1460,72,84,1472,1472,1472,1472,835,1472,1472,72,72,72,72,72,72,72,72]},"bins": {"c_to_s": [11,3,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0]},"directions": [0,0,0,1,1,1,1,0,1,0,0,0,1,1,1,0,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0],"entropies": [7.475968361,5.973469734,5.991487980,5.083631992,5.055854321,5.055854321,5.836178780,5.218127251,7.768151760,5.245904922,5.915576458,6.683409691,5.034884930,5.073147297,7.871325970,5.162571907,5.437397003,7.868166924,7.884456158,7.861326694,7.846504688,7.733069897,7.846429825,7.853037357,5.218127251,5.218127251,5.218127251,5.218127251,5.218127251,5.190349579,5.245904922,5.190349579]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105170049,"flow_src_last_pkt_time":1605292105170049,"flow_dst_last_pkt_time":1605292105170049,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":160,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292105170049,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1605292105170049,"flow_dst_last_pkt_time":1605292105170049,"flow_idle_time":3285032704,"pkt_caplen":246,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":246,"pkt_l4_len":192,"thread_ts_usec":1605292105170049,"pkt":"qtsDr8lk5EKm5WPyht1gDdvHAMAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqZwBuzRq\/HZTRuvUgBgSELhfAAABAQgKdG+lysLdLW8XAwMAm7+VUv5v3n1cEKhvA7Obmk7hW69laavu9OZNOdP5v2aiE9LYEKQeHffn7vm6VstuW5LB+GPd1bdCCYxPrQ8cpXXvSrRBde7Ubgvulsw\/eGF6vJKgoYXL5h04lY18ojPm\/cV9tUPretg64t\/hG52\/jXKkQ9+5e1GR1KuJgn1MWQ\/97vN82J\/Jt388ivkqQMfP0T\/jvMqs33Elwytq"}
-00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105170049,"flow_src_last_pkt_time":1605292105170049,"flow_dst_last_pkt_time":1605292105170049,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":160,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292105170049,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1605292105170518,"flow_dst_last_pkt_time":1605292105170049,"flow_idle_time":3285032704,"pkt_caplen":237,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":237,"pkt_l4_len":183,"thread_ts_usec":1605292105170518,"pkt":"qtsDr8lk5EKm5WPyht1gDdvHALcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqZwBuzRq\/RZTRuvUgBgSEKKhAAABAQgKdG+ly8LdLW8XAwMAazorJ+v8Qql\/1vWfAai2gkZCI3DTL5oADrcU2MSE9kWZdYS8Jqpk4fHfL5KS3jLCf57oTjL53SDsaGk+gIvtoan6S0MuUK39MyCSYP90lEM7cfvMMDv9MYZwBU7ADMu7jSPLRoIxvW6l0Cl8FwMDACLudklu9KmRe2M4B\/MpTRVuBpiUQvjz3VbQML7h4xLHHM4W"}
-00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105171046,"flow_src_last_pkt_time":1605292105171046,"flow_dst_last_pkt_time":1605292105171046,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292105171046,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1605292105171046,"flow_dst_last_pkt_time":1605292105171046,"flow_idle_time":3285032704,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1605292105171046,"pkt":"qtsDr8lk5EKm5WPyht1gCnTDAJAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqaoBuwynxfpsKg54gBgd\/fuUAAABAQgKdG+ly8LdWR0XAwMAa1HIP\/vnAAogIw4J2B2TkEHONIFMeD5XyAVKi4Q2Vue2Mstte\/aj9aBEGnaC\/XLTSleNDPxB5FKFlYuKlZTTvSjcjRkZVdPHhikw9Xf3PTuX4sNc4A4aMrxDB+2xDdlSgUdvbOv4DPatYzp8"}
-00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105171046,"flow_src_last_pkt_time":1605292105171046,"flow_dst_last_pkt_time":1605292105171046,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292105171046,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1605292105171411,"flow_dst_last_pkt_time":1605292105171046,"flow_idle_time":3285032704,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_usec":1605292105171411,"pkt":"qtsDr8lk5EKm5WPyht1gCnTDAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqaoBuwynxmpsKg54gBgd\/YTsAAABAQgKdG+lzMLdWR0XAwMAIlHp65gwK7PBPS\/ZXxVrtwWRv5u\/D1Oka\/7+0BiFD1N3mso="}
-00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1605292105176233,"flow_dst_last_pkt_time":1605292105171046,"flow_idle_time":3285032704,"pkt_caplen":197,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":197,"pkt_l4_len":143,"thread_ts_usec":1605292105176233,"pkt":"qtsDr8lk5EKm5WPyht1gCnTDAI8GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqaoBuwynxpFsKg54gBgd\/f4EAAABAQgKdG+l0cLdWR0XAwMAau+1WhRe96DKEz4O2DiVS\/91xsnWseh+6lrx3LgaqNmDXwRm1lqF7AcLtXkaV8D99qMpoGwTJnk5i4\/A5jdKnihSC+92twzKrr9YRFj27xUmeqz0tGED25O9+HkuuOkV2W5IN6Z8o+lbpTM="}
-00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1605292105176588,"flow_dst_last_pkt_time":1605292105171046,"flow_idle_time":3285032704,"pkt_caplen":186,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":186,"pkt_l4_len":132,"thread_ts_usec":1605292105176588,"pkt":"qtsDr8lk5EKm5WPyht1gCnTDAIQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqaoBuwynxwBsKg54gBgd\/ayxAAABAQgKdG+l0cLdWR0XAwMAX\/Yd2tE30yITdLVScy1FaO070XnDZMR6GJiZVqwat++QvYX+J9OjAkXIuTA6eA+46mRMhtiJSnHUHMZJ232U\/skK8H88Oqka3BXGyUundCVpL+UIL2bs9pZSC7nGsqsQ"}
-00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1605292105170518,"flow_dst_last_pkt_time":1605292105195930,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105195930,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATSgqAcsBIEmLB5kd7IUo3\/YpAbupnFNG69Q0av0WgBAMvoDtAAABAQgKwt2d3XRvpco="}
-00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1605292105170518,"flow_dst_last_pkt_time":1605292105197034,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105197034,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATSgqAcsBIEmLB5kd7IUo3\/YpAbupnFNG69Q0av2tgBAM0YBAAAABAQgKwt2d33Rvpcs="}
-00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105197307,"flow_src_last_pkt_time":1605292105197307,"flow_dst_last_pkt_time":1605292105197307,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105197307,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1605292105197307,"flow_dst_last_pkt_time":1605292105197307,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105197307,"pkt":"qtsDr8lk5EKm5WPyht1gCsuaACgGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5AwBu6fu9OYAAAAAoAL9IHL6AAACBAWgBAIIClFT82IAAAAAAQMDBw=="}
-00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1605292105176588,"flow_dst_last_pkt_time":1605292105198295,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105198295,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATSgqAcsBIEmLB5kd7IUo3\/YpAbupqmwqDngMp8ZqgBAMGKRpAAABAQgKwt2d4HRvpcs="}
-01648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1605292105170518,"flow_dst_last_pkt_time":1605292105207637,"flow_idle_time":3285032704,"pkt_caplen":905,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":905,"pkt_l4_len":851,"thread_ts_usec":1605292105207637,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAA1MGPQBk\/5sAAAAAAAAAAMAATSgqAcsBIEmLB5kd7IUo3\/YpAbupnFNG69Q0av2tgBgM0YCjAAABAQgKwt2d6XRvpcsXAwMDLk55JOtZHA9hFHC78RI\/6e4ADB70IziFTQtGRHuZOB0Det1Gfpuft9GB7WaB\/JvqxR3SpKpzI6IovCQJLnjW6Oy\/OVDRXZI+e1rsJ8xfCThAbrJKx8Z15+Ia9oQzbu9EMZ0aYGCodHGAKw6pER63UCuT\/HYtD1XN\/5P\/Qzud7VlDejV3giiLk7W99OwzQblzqqj7ozuOqrD2SxgCZBf7HcZDudBGUcgAGwhEd9WMZdEgXbQ\/VW2KsZkhuY\/mVWcws+Vytyn8SAmTihZ+ff\/lJPo6oXZwRGaEh6o+KhaA3xJd2B6jIEjEPK5Rim+Un69wF1z9NGTGA5jCD+4W0q0Dzc5CapBVF2AAJvA\/g\/6zeakoP08VCHX8ZeoWP0WDfENHfUZJSZAgtNWgUeaCFnFsTt6Z5PwGrmG0wqzGna3kLJ9lWJVSL2U3hBlttYbkdGT+ykdlFT\/CBlGUrtBs3BhUCyEWZyHMaaygWYAd7o3x36cLHt96siT1UpRFrfmRA8lD1S\/1zOiS7bUnUdxA4PU9scKdOoSnQL6h+jvK9CIf9Xx0Orm9zi\/fIq5wk4lP511YgHEzPejRKOAGSFyOndq1A5UTYe6vTNcm1JhsK7\/Btozh9BD9mJ1cVKKsk3D8KDHlVMMmOU2glzIf45AQbPPCS+l8SPAxNZGaU0heIJpra09J0uwa4u0oEFQ3WnBIXvvy2XQPuUoJx4I8lS997QBWkiifSKFrcJo1AnvmpbiRyE8TVySJhw56uxcbzPvN42iHQsKs1bvcDLeXlq4E4RlE4Gbqn8dCnpuBq8l5jE9iwG+\/4tYa6OBDish6+E3pPO1UKOz+HMsqo8OvufrMBdU\/RWZ335P92R9wvAR15HHWR34tjc4dgay6sUSJQJTVeFYBlaE7b\/Y75KIip1JHxsz0ODtpgK7u0USYP5Qk6mbnn4IILzx6IlD0ZO5GajcbIJ5pfiVppgZlspWoK9C9ZYd3rhaJWhB5BXISeiOsbvqvND0c2W971Ppgw71jmnnCf3SgD3E\/AF+tZcYKSIroiukrXXZhmWqE+HUuGWvjHhdrO+gjdKPk5y9RuYA5SqcU0dw="}
-01953{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":128,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292105170049,"flow_src_last_pkt_time":1605292105221617,"flow_dst_last_pkt_time":1605292105221612,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":311,"flow_dst_tot_l4_payload_len":12058,"midstream":1,"thread_ts_usec":1605292105221617,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":3326.8,"max":37135,"stddev":8084.0,"var":65351828.0,"ent":2.7,"data": [469,25881,1104,10603,37135,1897,1,1911,13,717,678,9927,9935,107,1,101,8,237,229,116,116,308,309,92,91,472,1,479,15,99,79]},"pktlen": {"min":72,"avg":458.5,"max":1472,"stddev":599.1,"var":358951.0,"ent":3.9,"data": [232,223,72,72,891,72,111,1460,72,72,84,72,1472,72,1472,1460,72,72,84,72,1472,72,1472,72,1460,72,84,1460,72,72,84,72]},"bins": {"c_to_s": [14,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0]},"directions": [0,0,1,1,1,0,1,1,0,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,1,0,0,1,0],"entropies": [6.975117207,6.780508041,5.008678436,4.980900764,7.727560043,5.257209778,5.876837730,7.865436077,5.284987926,5.284987926,5.396960735,5.284987926,7.861420155,5.257210255,7.855777740,7.835244179,5.201654911,5.257210255,5.387974262,5.257210255,7.869387627,5.229432106,7.851236820,5.229432583,7.862463474,5.201654911,5.316545486,7.846337318,5.257210255,5.284987926,5.396960735,5.284987926]}}
-00943{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292105170049,"flow_src_last_pkt_time":1605292105221617,"flow_dst_last_pkt_time":1605292105221612,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":311,"flow_dst_tot_l4_payload_len":12058,"midstream":1,"thread_ts_usec":1605292105221617,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1605292105197307,"flow_dst_last_pkt_time":1605292105230486,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105230486,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDMLhfl2n7vTnoBJXgHalAAACBAV4AQMDAwQCCArC3Z3zUVPzYg=="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1605292105230554,"flow_dst_last_pkt_time":1605292105230486,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105230554,"pkt":"qtsDr8lk5EKm5WPyht1gCsuaACAGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5AwBu6fu9OfC4X5egBAB+\/qVAAABAQgKUVPzg8LdnfM="}
-01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1605292105231042,"flow_dst_last_pkt_time":1605292105230486,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605292105231042,"pkt":"qtsDr8lk5EKm5WPyht1gCsuaAiUGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5AwBu6fu9OfC4X5egBgB++4yAAABAQgKUVPzg8LdnfMWAwECAAEAAfwDAwsTuD27e9O7zSR9QGg\/BjcA3VInM4oSJon9YBOCv5++IFdStpb+CkXQy2c2uOI7+AVrIzBfj1oZ8gAG3CYIQoMEACC6uhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAGQAXAAAUY29uc2VudC5jbXAub2F0aC5jb20AFwAA\/wEAAQAACgAKAAja2gAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKdraAAEAAB0AIDYvcGjd9fK5d+Sh8kpRELYm8anOzkwuInZrhF5dnrEgAC0AAgEBACsACwp6egMEAwMDAgMBABsAAwIAAjo6AAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292105197307,"flow_src_last_pkt_time":1605292105231042,"flow_dst_last_pkt_time":1605292105230486,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105231042,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"consent.cmp.oath.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01962{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":158,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292105171046,"flow_src_last_pkt_time":1605292105231565,"flow_dst_last_pkt_time":1605292105231522,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":362,"flow_dst_tot_l4_payload_len":16800,"midstream":1,"thread_ts_usec":1605292105231565,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":3903.1,"max":45055,"stddev":9416.3,"var":88667112.0,"ent":2.8,"data": [365,4822,355,27249,2992,337,2701,17288,45055,519,518,603,1,579,9,7282,1,7292,34,289,2,248,25,174,1,157,27,1036,1,1005,28]},"pktlen": {"min":72,"avg":608.3,"max":1472,"stddev":669.7,"var":448506.0,"ent":4.1,"data": [184,111,183,172,72,72,72,72,1472,72,1472,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72]},"bins": {"c_to_s": [12,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0]},"directions": [0,0,0,0,1,1,1,1,1,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0],"entropies": [6.587406158,5.914531231,6.603403568,6.519369125,4.980900764,4.980900764,4.894209862,4.980900764,7.851428509,5.118321419,7.864492416,5.118321419,7.853987694,7.848294735,5.062766075,5.080059052,7.860019684,7.828007221,5.118321419,5.118321419,7.856985092,7.866126060,5.118321419,5.080059052,7.856244087,7.840456009,5.146099091,5.080059052,7.871989727,7.857123375,5.118321419,5.118321419]}}
-00943{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":158,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292105171046,"flow_src_last_pkt_time":1605292105231565,"flow_dst_last_pkt_time":1605292105231522,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":362,"flow_dst_tot_l4_payload_len":16800,"midstream":1,"thread_ts_usec":1605292105231565,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105274861,"flow_src_last_pkt_time":1605292105274861,"flow_dst_last_pkt_time":1605292105274861,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105274861,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1605292105274861,"flow_dst_last_pkt_time":1605292105274861,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105274861,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5ACgGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGvZYAAAAAoAL9IG8jAAACBAWgBAIIClFT868AAAAAAQMDBw=="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1605292105231042,"flow_dst_last_pkt_time":1605292105278180,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105278180,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDMLhfl6n7vbsgBALMO8iAAABAQgKwt2eLFFT84M="}
-01252{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":369,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292105197307,"flow_src_last_pkt_time":1605292105231042,"flow_dst_last_pkt_time":1605292105278180,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1605292105278180,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"consent.cmp.oath.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1605292105274861,"flow_dst_last_pkt_time":1605292105299371,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105299371,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDobnvZrixr2XoBJXgG87AAACBAV4AQMDAwQCCArC3Z5DUVPzrw=="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1605292105299399,"flow_dst_last_pkt_time":1605292105299371,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105299399,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGvZeG572bgBAB+\/MzAAABAQgKUVPzyMLdnkM="}
-01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1605292105299606,"flow_dst_last_pkt_time":1605292105299371,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605292105299606,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5AiUGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGvZeG572bgBgB+x+BAAABAQgKUVPzyMLdnkMWAwECAAEAAfwDAy8GqoFoWkNyI7mYtVTa5cXzmnUMn\/AW4e4uQZtHexViIHBqihZlPQxi4\/Swmz8DIl9f5mkTuI3AenD0Ehe9UmbOACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAGQAXAAAUY29uc2VudC5jbXAub2F0aC5jb20AFwAA\/wEAAQAACgAKAAi6ugAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKbq6AAEAAB0AIBw5Ol89JTdAu7B94JP0srEvQLd+Q79aN+DwFdZiG4R\/AC0AAgEBACsACwr6+gMEAwMDAgMBABsAAwIAAhoaAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292105274861,"flow_src_last_pkt_time":1605292105299606,"flow_dst_last_pkt_time":1605292105299371,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105299606,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"consent.cmp.oath.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1605292105322435,"flow_dst_last_pkt_time":1605292105299371,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105322435,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGv5yG572bgBEB+\/EWAAABAQgKUVPz38LdnkM="}
-01252{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":397,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605292105274861,"flow_src_last_pkt_time":1605292105322435,"flow_dst_last_pkt_time":1605292105340527,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1605292105340527,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"consent.cmp.oath.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-02153{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":411,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292105197307,"flow_src_last_pkt_time":1605292105347875,"flow_dst_last_pkt_time":1605292105347850,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":523,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1519,"flow_dst_tot_l4_payload_len":5784,"midstream":0,"thread_ts_usec":1605292105347875,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9713.3,"max":47694,"stddev":16101.6,"var":259260704.0,"ent":3.2,"data": [33179,33247,488,47694,0,47160,1225,37725,2106,0,0,38598,23,3,754,718,796,796,2589,248,171,60,26260,592,1,74,1362,0,0,25234,8]},"pktlen": {"min":72,"avg":300.7,"max":1280,"stddev":381.9,"var":145812.8,"ent":4.1,"data": [80,80,72,589,72,171,72,595,72,1280,1280,1280,72,72,72,544,72,1055,72,146,164,329,128,72,72,72,72,327,327,168,72,72]},"bins": {"c_to_s": [10,1,2,0,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,2,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,1,1,0,0,0,1,0,1,0,0,0,0,0,1,1,1,1,1,1,1,0,0],"entropies": [5.295193195,5.637294769,5.563652992,4.598795891,5.459350586,6.223492146,5.497612953,5.044443607,5.487128258,7.814322472,7.863967419,7.842244625,5.591430664,5.503256798,5.563652992,7.612953186,5.591430664,7.763548851,5.563652992,6.558448792,6.685117722,7.291459560,6.278277397,5.487128258,5.487128258,5.431572914,5.487128258,7.317289352,7.268368721,6.510692596,5.591430664,5.563652992]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105418417,"flow_src_last_pkt_time":1605292105418417,"flow_dst_last_pkt_time":1605292105418417,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105418417,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1605292105418417,"flow_dst_last_pkt_time":1605292105418417,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105418417,"pkt":"qtsDr8lk5EKm5WPyht1gDBurACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mG3sAAAAAoAL9IOHqAAACBAWgBAIIChNm5EYAAAAAAQMDBw=="}
-00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105433892,"flow_src_last_pkt_time":1605292105433892,"flow_dst_last_pkt_time":1605292105433892,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105433892,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1605292105433892,"flow_dst_last_pkt_time":1605292105433892,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105433892,"pkt":"qtsDr8lk5EKm5WPyht1gCUBCACgGQCoBywEgSYsHmR3shSjf9ikgAUmYABQIAAAAAAAAABABuA4Bu2AkF5MAAAAAoAL9IMKvAAACBAWgBAIICr4D0hAAAAAAAQMDBw=="}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1605292105418417,"flow_dst_last_pkt_time":1605292105447883,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105447883,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY8Go+Ou0O5ht8oBJXgIDEAAACBAV4AQMDAwQCCArC3Z7YE2bkRg=="}
-00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1605292105447904,"flow_dst_last_pkt_time":1605292105447883,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105447904,"pkt":"qtsDr8lk5EKm5WPyht1gDBurACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mG3xqPjrugBAB+wS5AAABAQgKE2bkY8Ldntg="}
-01371{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1605292105448108,"flow_dst_last_pkt_time":1605292105447883,"flow_idle_time":3285032704,"pkt_caplen":706,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":706,"pkt_l4_len":652,"thread_ts_usec":1605292105448108,"pkt":"qtsDr8lk5EKm5WPyht1gDBurAowGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mG3xqPjrugBgB+4JWAAABAQgKE2bkZMLdntgWAwECZwEAAmMDA01hkKus+MkqaNZ11u\/JhpX8opi+Paz\/2culjqS\/fRVYIMdAvSOkLp4IegED4alflZbkeoPKAFn+1vm3NO5kGg0FACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAfqamgAAAAAAHQAbAAAYc2Iuc2NvcmVjYXJkcmVzZWFyY2guY29tABcAAP8BAAEAAAoACgAI+voAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACn6+gABAAAdACAZgcv6djgDbSXoFxR2Bhsr1SLhgniKBtXtlIDDETXMCAAtAAIBAQArAAsKqqoDBAMDAwIDAQAbAAMCAAIKCgABAAApASsA9gDwAAAiIJslU1lFpjTpi3lmNam9hQpY2hMMKuXsZwFntxH9VeeCDjG5ZumnFfjZUDtOBPLSzw4R57\/QCBI18BwcPm48mrUGyW53Ub1R1QzZAjB7iAKV4vFIwFfFqvyyzCt+XQCHUSkW6UYjU9HW8UHVOSLv+gTEZIbkGDOYtPsq7YccVngTZL3n3IHqwmTgcbP5ueNH8XOZq7\/Y1OeX7Wx9xVtrBDjNMgQxbOzaBnVFB93EKDMM4PQzj6qYiuKetEAoBMozzmixqRKxA5zUbOA5h0RPxge6RCPaz+BuJE3Cm\/zM5MOERtu8U1IsclnN2s3hdk+igAAxMH67OIYeJEbtrgELqGnjRFz2Dy5CExYP6mmzTrMo8NEajMnamg6uhqcAqBJ0WIxFJA=="}
-01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":436,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292105418417,"flow_src_last_pkt_time":1605292105448108,"flow_dst_last_pkt_time":1605292105447883,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":620,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":620,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105448108,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":101,"category":"Advertisement","hostname":"sb.scorecardresearch.com","tls": {"version":"TLSv1.2","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1605292105433892,"flow_dst_last_pkt_time":1605292105459292,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105459292,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSABSZgAFAgAAAAAAAAAEAEqAcsBIEmLB5kd7IUo3\/YpAbu4DgNW0a1gJBeUoBJXgDGmAAACBAV4AQMDAwQCCArC3Z7jvgPSEA=="}
-00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1605292105459314,"flow_dst_last_pkt_time":1605292105459292,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105459314,"pkt":"qtsDr8lk5EKm5WPyht1gCUBCACAGQCoBywEgSYsHmR3shSjf9ikgAUmYABQIAAAAAAAAABABuA4Bu2AkF5QDVtGugBAB+7WdAAABAQgKvgPSKsLdnuM="}
-01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1605292105459543,"flow_dst_last_pkt_time":1605292105459292,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605292105459543,"pkt":"qtsDr8lk5EKm5WPyht1gCUBCAiUGQCoBywEgSYsHmR3shSjf9ikgAUmYABQIAAAAAAAAABABuA4Bu2AkF5QDVtGugBgB+\/IDAAABAQgKvgPSKsLdnuMWAwECAAEAAfwDA0SwrBQ+d5serlsxTSylSCJ2cOl7xaFhVNFnNENmyXzLII1+rGz9ESjQv1hbMrYHKnzgyMTJu0Ir\/kwfyDkc\/1pDACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNaWgAAAAAAGgAYAAAVY29va2lleC5uZ2QueWFob28uY29tABcAAP8BAAEAAAoACgAIiooAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmKigABAAAdACA9g892NhkW61BobOu+QMSd1m\/f0wlw8Wps+OIILfVOLAAtAAIBAQArAAsKiooDBAMDAwIDAQAbAAMCAALq6gABAAAVAMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292105433892,"flow_src_last_pkt_time":1605292105459543,"flow_dst_last_pkt_time":1605292105459292,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105459543,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Yahoo","proto_id":"91.70","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cookiex.ngd.yahoo.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1605292105448108,"flow_dst_last_pkt_time":1605292105485825,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105485825,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY8Go+Ou4O5h3ogBALPfjjAAABAQgKwt2e\/hNm5GQ="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1605292105459543,"flow_dst_last_pkt_time":1605292105492745,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105492745,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSABSZgAFAgAAAAAAAAAEAEqAcsBIEmLB5kd7IUo3\/YpAbu4DgNW0a5gJBmZgBALMKpAAAABAQgKwt2fBr4D0io="}
-01250{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":442,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292105418417,"flow_src_last_pkt_time":1605292105448108,"flow_dst_last_pkt_time":1605292105494854,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":620,"flow_dst_max_l4_payload_len":270,"flow_src_tot_l4_payload_len":620,"flow_dst_tot_l4_payload_len":270,"midstream":0,"thread_ts_usec":1605292105494854,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":101,"category":"Advertisement","hostname":"sb.scorecardresearch.com","tls": {"version":"TLSv1.3","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105669051,"flow_src_last_pkt_time":1605292105669051,"flow_dst_last_pkt_time":1605292105669051,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292105669051,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1605292105669051,"flow_dst_last_pkt_time":1605292105669051,"flow_idle_time":3285032704,"pkt_caplen":206,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":206,"pkt_l4_len":152,"thread_ts_usec":1605292105669051,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAJgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKOk4W2C\/9gBhA0URlAAABAQgKBcmbq8LdLRcXAwMAcysuUqnNdP5CtlTC2pWvfZyUMV8UFocs8M6W09NnsspPibPhqobMFIm1f0B4kk13U59rzTyXjGQM3JpbSJkQg4GGmBSNMo7KgMloXnt3GygjcT75OOC0YPo3\/MFdKUwkpDu47ubalsF7IwgRDAn\/l0DFoLo="}
-00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105669051,"flow_src_last_pkt_time":1605292105669051,"flow_dst_last_pkt_time":1605292105669051,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292105669051,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1605292105669426,"flow_dst_last_pkt_time":1605292105669051,"flow_idle_time":3285032704,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_usec":1605292105669426,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKOsYW2C\/9gBhA0ehRAAABAQgKBcmbrMLdLRcXAwMAIgQb59HIMHYAgoaCAJqbMMjq72ntBt\/\/eGErLyXH34Iczsk="}
-00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1605292105669518,"flow_dst_last_pkt_time":1605292105669051,"flow_idle_time":3285032704,"pkt_caplen":215,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":215,"pkt_l4_len":161,"thread_ts_usec":1605292105669518,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAKEGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKOu0W2C\/9gBhA0aEtAAABAQgKBcmbrMLdLRcXAwMAfBkhBkIFqMuMKjD1\/xjqGp2hEKMP3ziLomYjJXbyDDBzMNKC8MmFqfqAj9+xvxfAO7rBldu4UpazYVXmg399TnFcypI7qckvMpQyy6kehQ5F75J5BlTYjgokme9I6h8+9mS8Y6D2WQEp5qh0Ix9\/vReZo1xT0xocl8k7wFQ="}
-00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1605292105669903,"flow_dst_last_pkt_time":1605292105669051,"flow_idle_time":3285032704,"pkt_caplen":216,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":216,"pkt_l4_len":162,"thread_ts_usec":1605292105669903,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAKIGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKO24W2C\/9gBhA0ZDEAAABAQgKBcmbrMLdLRcXAwMAfZb\/Q0UxJt3wR3GrF9wc05LB8qT7ZkR+HCn\/iqj2sc401jsGKy+hB2hQCcm\/k7qaMetiTYenENk+ACLo1f2YKjGXVQetGP63wKEr42K8k6tUqE9pBZIE6wew5q00rKis7dRbFMMi3Xwnl\/etAScMk4PwcPmhI80uNbHMV+Kj"}
-00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1605292105670139,"flow_dst_last_pkt_time":1605292105669051,"flow_idle_time":3285032704,"pkt_caplen":157,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":157,"pkt_l4_len":103,"thread_ts_usec":1605292105670139,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAGcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKO\/AW2C\/9gBhA0UbJAAABAQgKBcmbrcLdLRcXAwMAQrLK9m5yPUYZr\/Ss7uS7ctPQk7DORD1YOYAxKYpWRXgQ31nGrlNl9GZg3NHqc299aEIRfgvacsXASirCF1SyoYgbpg=="}
-01954{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":485,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1605292105669051,"flow_src_last_pkt_time":1605292105720296,"flow_dst_last_pkt_time":1605292105720289,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":130,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":525,"flow_dst_tot_l4_payload_len":11113,"midstream":1,"thread_ts_usec":1605292105720296,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":3305.9,"max":36646,"stddev":8575.8,"var":73544632.0,"ent":2.4,"data": [375,92,385,236,26419,36646,2159,0,376,0,10012,21697,203,197,169,221,0,406,8,175,469,1,0,620,51,101,150,197,535,21,562]},"pktlen": {"min":72,"avg":435.7,"max":1472,"stddev":586.0,"var":343353.7,"ent":3.9,"data": [192,111,201,202,143,108,72,72,72,72,72,1472,72,1472,72,1460,84,1472,72,72,1460,84,1327,103,72,72,111,1460,72,84,1460,72]},"bins": {"c_to_s": [8,2,1,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,7,0,0,0,0]},"directions": [0,0,0,0,0,0,1,1,1,1,1,1,0,1,0,1,1,1,0,0,1,1,1,1,0,0,1,1,0,1,1,0],"entropies": [6.771437645,5.700867176,6.623061657,6.706957817,6.270517826,5.792555332,5.008678436,5.036456108,5.008678436,5.036456108,5.008678436,7.827867985,5.069574833,7.856517315,5.080059528,7.842531681,5.292736530,7.873940468,5.069574833,5.034988403,7.877679825,5.307831764,7.852031708,5.639400959,5.146099567,5.090544224,5.719091892,7.856316566,5.118321896,5.301723003,7.853841305,5.090544224]}}
-00944{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":485,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1605292105669051,"flow_src_last_pkt_time":1605292105720296,"flow_dst_last_pkt_time":1605292105720289,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":130,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":525,"flow_dst_tot_l4_payload_len":11113,"midstream":1,"thread_ts_usec":1605292105720296,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105726518,"flow_src_last_pkt_time":1605292105726518,"flow_dst_last_pkt_time":1605292105726518,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":127,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292105726518,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1605292105726518,"flow_dst_last_pkt_time":1605292105726518,"flow_idle_time":3285032704,"pkt_caplen":213,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":213,"pkt_l4_len":159,"thread_ts_usec":1605292105726518,"pkt":"qtsDr8lk5EKm5WPyht1gBYNxAJ8GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAEwDyqIBu7npntnZTJergBgB9damAAABAQgKLIniTsLdLfkXAwMAepLzP8oRHbXAD5D56fW\/ezxXNRxKdaqM6BwQpjw0zyORx06Rl8gHWinoWY19NxmIXl2owLgVHJ\/UEVkHmda\/PMinu6FgCqLeUi5RUsVJaGqL1ulKRH6Mi5nxYau2z9M9f+jUaBIVXH47AOoxy+jPs5YTh+8Es3OdfTIr"}
-00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105726518,"flow_src_last_pkt_time":1605292105726518,"flow_dst_last_pkt_time":1605292105726518,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":127,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292105726518,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1605292105726719,"flow_dst_last_pkt_time":1605292105726518,"flow_idle_time":3285032704,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_usec":1605292105726719,"pkt":"qtsDr8lk5EKm5WPyht1gBYNxAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAEwDyqIBu7npn1jZTJergBgB9c+fAAABAQgKLIniTsLdLfkXAwMAInb0OIEXDizCLxamWTiLwYinYzi396zhkwGnl1I5tNs4gXU="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1605292105726719,"flow_dst_last_pkt_time":1605292105774640,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105774640,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATAMqAcsBIEmLB5kd7IUo3\/YpAbvKotlMl6u56Z9YgBALghHTAAABAQgKwt2gFiyJ4k4="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1605292105726719,"flow_dst_last_pkt_time":1605292105774928,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105774928,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATAMqAcsBIEmLB5kd7IUo3\/YpAbvKotlMl6u56Z9\/gBALhxGlAAABAQgKwt2gGCyJ4k4="}
-01251{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":574,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292105433892,"flow_src_last_pkt_time":1605292105459543,"flow_dst_last_pkt_time":1605292105774928,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605292105774928,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Yahoo","proto_id":"91.70","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cookiex.ngd.yahoo.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1605292105726719,"flow_dst_last_pkt_time":1605292105789000,"flow_idle_time":3285032704,"pkt_caplen":205,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":205,"pkt_l4_len":151,"thread_ts_usec":1605292105789000,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAJcGPQBk\/5sAAAAAAAAAAMAATAMqAcsBIEmLB5kd7IUo3\/YpAbvKotlMl6u56Z9\/gBgLh4oBAAABAQgKwt2gIiyJ4k4XAwMAcvJ676RsxXZ5oBs6OGzQqykqUEr3Z5TFSkZKsLr3jmM2YiVsojp\/iKfkn4WsVwk6xE+3pYlY7baFutWk3YOJdUe42QIFmRoIaWPZHUxxJ72tc0a\/9w3XW4cb6EZieEibCx4fYcBpRjmfe8aHsBh0yypXqQ=="}
-00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2777,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292108746966,"flow_src_last_pkt_time":1605292108746966,"flow_dst_last_pkt_time":1605292108746966,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292108746966,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2777,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1605292108746966,"flow_dst_last_pkt_time":1605292108746966,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292108746966,"pkt":"qtsDr8lk5EKm5WPyht1gBAJCACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QYBu4l3wyDoZi2igBBBsd06AAABAQgKqXtZHsLc+wU="}
-00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2778,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292108746999,"flow_src_last_pkt_time":1605292108746999,"flow_dst_last_pkt_time":1605292108746999,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292108746999,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2778,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1605292108746999,"flow_dst_last_pkt_time":1605292108746999,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292108746999,"pkt":"qtsDr8lk5EKm5WPyht1gCjLcACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PQBu\/EwVJeVyjqfgBBI2yKLAAABAQgKqXtZHsLc+ww="}
-00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2779,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292108747008,"flow_src_last_pkt_time":1605292108747008,"flow_dst_last_pkt_time":1605292108747008,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292108747008,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2779,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1605292108747008,"flow_dst_last_pkt_time":1605292108747008,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292108747008,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3N5hBwa5pgBAB9TOKAAABAQgKqXtZHsLc+w0="}
-00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2780,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292108747015,"flow_src_last_pkt_time":1605292108747015,"flow_dst_last_pkt_time":1605292108747015,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292108747015,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2780,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1605292108747015,"flow_dst_last_pkt_time":1605292108747015,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292108747015,"pkt":"qtsDr8lk5EKm5WPyht1gBLbYACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QIBuwaOpKNiTUmPgBAFOCVEAAABAQgKqXtZHsLc+ww="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2790,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1605292108746966,"flow_dst_last_pkt_time":1605292108789015,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292108789015,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBuhmLaKJd8MhgBAN560UAAABAQgKwt2r5al1DDM="}
-00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2796,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1605292108746999,"flow_dst_last_pkt_time":1605292108796001,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292108796001,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc9JXKOp\/xMFSYgBAPnfW6AAABAQgKwt2r7Kl1DlE="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2797,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1605292108747008,"flow_dst_last_pkt_time":1605292108796448,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292108796448,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdEkHBrmkkNzeZgBALy8PxAAABAQgKwt2r7al1DgU="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2798,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1605292108747015,"flow_dst_last_pkt_time":1605292108805587,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292108805587,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdAmJNSY8GjqSkgBAMILKCAAABAQgKwt2r9ql1FBI="}
-00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2839,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292108895208,"flow_src_last_pkt_time":1605292108895208,"flow_dst_last_pkt_time":1605292108895208,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292108895208,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2839,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1605292108895208,"flow_dst_last_pkt_time":1605292108895208,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292108895208,"pkt":"qtsDr8lk5EKm5WPyht1gCOgvACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3goBu3qld1IAAAAAoAL9IHkiAAACBAWgBAIICgXJqEYAAAAAAQMDBw=="}
-00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2848,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1605292108895208,"flow_dst_last_pkt_time":1605292108917845,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292108917845,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAMAATQMqAcsBIEmLB5kd7IUo3\/YpAbveCh3iVUV6pXdToBJXgDxxAAACBAV4AQMDAwQCCArC3axnBcmoRg=="}
-00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2849,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1605292108917920,"flow_dst_last_pkt_time":1605292108917845,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292108917920,"pkt":"qtsDr8lk5EKm5WPyht1gCOgvACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3goBu3qld1Md4lVGgBAB+8BsAAABAQgKBcmoXMLdrGc="}
-01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2850,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1605292108918360,"flow_dst_last_pkt_time":1605292108917845,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605292108918360,"pkt":"qtsDr8lk5EKm5WPyht1gCOgvAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3goBu3qld1Md4lVGgBgB+1S7AAABAQgKBcmoXcLdrGcWAwECAAEAAfwDAwjhV3OqKqFQfpcnWP89rtumm\/UccggvWkyi\/8FQZPWxIDvu3xcXjzuK8OGeiJCkn4luO5ref2KxaCnpVBkTuZCrACAqKhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPKygAAAAAAGAAWAAATNjQubWVkaWEudHVtYmxyLmNvbQAXAAD\/AQABAAAKAAoACFpaAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApWloAAQAAHQAgZaSQBi71IH\/A5WZQ4IeqmtWtcLONPQZBNc11j5iQXXAALQACAQEAKwALChoaAwQDAwMCAwEAGwADAgACuroAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2850,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292108895208,"flow_src_last_pkt_time":1605292108918360,"flow_dst_last_pkt_time":1605292108917845,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292108918360,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"64.media.tumblr.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2860,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1605292108918360,"flow_dst_last_pkt_time":1605292108948507,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292108948507,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATQMqAcsBIEmLB5kd7IUo3\/YpAbveCh3iVUZ6pXlYgBALMLUWAAABAQgKwt2sggXJqF0="}
-01256{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2953,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292108895208,"flow_src_last_pkt_time":1605292108918360,"flow_dst_last_pkt_time":1605292108973288,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1400,"midstream":0,"thread_ts_usec":1605292108973288,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"64.media.tumblr.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-02146{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3670,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292108895208,"flow_src_last_pkt_time":1605292109072597,"flow_dst_last_pkt_time":1605292109072571,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":1335,"flow_dst_tot_l4_payload_len":7988,"midstream":0,"thread_ts_usec":1605292109072597,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":11443.6,"max":70171,"stddev":19863.6,"var":394563968.0,"ent":3.1,"data": [22637,22712,440,30662,24781,0,1,1,54941,10,7,4,36,7,1509,240,132,59732,70171,1,0,28567,37136,504,0,1,0,1,500,15,4]},"pktlen": {"min":72,"avg":363.8,"max":1472,"stddev":486.5,"var":236637.8,"ent":4.0,"data": [80,80,72,589,72,1472,1472,1368,1472,72,72,72,72,193,72,136,164,403,403,72,72,72,343,72,343,134,103,1472,408,72,72,72]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,0,1,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,4,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,1,0,0,0,0,0,1,1,1,1,0,1,1,1,1,1,0,0,0],"entropies": [4.750073910,5.171930313,5.147485733,4.504647255,5.036456108,7.837605953,7.857367039,7.841114044,7.873028755,5.147486210,5.119708538,5.175263882,5.147486210,6.592915535,5.147486210,5.952137947,6.489402294,7.443186283,7.431387901,5.036456108,4.980900764,5.008678436,7.119190693,5.175263882,7.234163284,6.096735001,5.624744892,7.869890213,7.348752975,5.175263882,5.175263882,5.175263882]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12579,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292114506948,"flow_src_last_pkt_time":1605292114506948,"flow_dst_last_pkt_time":1605292114506948,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292114506948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12579,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1605292114506948,"flow_dst_last_pkt_time":1605292114506948,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292114506948,"pkt":"qtsDr8lk5EKm5WPyht1gCYCjACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3O4Bu5iknWH70O\/fgBATex8tAAABAQgKqXtvnsLdEcs="}
-00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12580,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1605292114506948,"flow_dst_last_pkt_time":1605292114736576,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292114736576,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc7vvQ79+YpJ1igBBY1dkNAAABAQgKwt3C3al6v1A="}
-00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14179,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554831,"flow_src_last_pkt_time":1605292116554831,"flow_dst_last_pkt_time":1605292116554831,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554831,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14179,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554831,"flow_dst_last_pkt_time":1605292116554831,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554831,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duJjvT55jAgBAB9d1JAAABAQgKVGZuDcLdE7E="}
-00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14180,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554865,"flow_src_last_pkt_time":1605292116554865,"flow_dst_last_pkt_time":1605292116554865,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554865,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49496,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14180,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554865,"flow_dst_last_pkt_time":1605292116554865,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554865,"pkt":"qtsDr8lk5EKm5WPyht1gCRbVACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACADwVgBu1ozjhE9MAHmgBAB9RZAAAABAQgK5fXM6cLdEu0="}
-00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14181,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554874,"flow_src_last_pkt_time":1605292116554874,"flow_dst_last_pkt_time":1605292116554874,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554874,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43602,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14181,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554874,"flow_dst_last_pkt_time":1605292116554874,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554874,"pkt":"qtsDr8lk5EKm5WPyht1gA8lZACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAN+SHGqlIBu\/+4ugmfFZgCgBAB9UmMAAABAQgKTADwSsLdGmw="}
-00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14182,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554881,"flow_src_last_pkt_time":1605292116554881,"flow_dst_last_pkt_time":1605292116554881,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554881,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14182,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554881,"flow_dst_last_pkt_time":1605292116554881,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554881,"pkt":"qtsDr8lk5EKm5WPyht1gBu\/tACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACACjDQBuwRHeTthOU5lgBAB9RTKAAABAQgKi91SNsLdGI4="}
-00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14183,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554888,"flow_src_last_pkt_time":1605292116554888,"flow_dst_last_pkt_time":1605292116554888,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554888,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14183,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554888,"flow_dst_last_pkt_time":1605292116554888,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554888,"pkt":"qtsDr8lk5EKm5WPyht1gAlISACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsooBu5EKNZ7ythfhgBAB9RDDAAABAQgKWJK\/EMLdGI8="}
-00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14184,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554906,"flow_src_last_pkt_time":1605292116554906,"flow_dst_last_pkt_time":1605292116554906,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554906,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49464,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14184,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554906,"flow_dst_last_pkt_time":1605292116554906,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554906,"pkt":"qtsDr8lk5EKm5WPyht1gBlBRACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwTgBu2jzM2ULiifpgBAB9R7MAAABAQgK2Fskl8LdF\/4="}
-00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14185,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554924,"flow_src_last_pkt_time":1605292116554924,"flow_dst_last_pkt_time":1605292116554924,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554924,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14185,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554924,"flow_dst_last_pkt_time":1605292116554924,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554924,"pkt":"qtsDr8lk5EKm5WPyht1gBTnWACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwTYBuwdwDB5je19MgBAC+RdtAAABAQgK2Fskl8LdF9E="}
-00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14186,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554935,"flow_src_last_pkt_time":1605292116554935,"flow_dst_last_pkt_time":1605292116554935,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554935,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14186,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554935,"flow_dst_last_pkt_time":1605292116554935,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554935,"pkt":"qtsDr8lk5EKm5WPyht1gCDsgACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAO4bwBu7dGlx3VVkGGgBAB9ZNXAAABAQgKuCcas8LdF48="}
-00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14187,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554946,"flow_src_last_pkt_time":1605292116554946,"flow_dst_last_pkt_time":1605292116554946,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554946,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14187,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554946,"flow_dst_last_pkt_time":1605292116554946,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554946,"pkt":"qtsDr8lk5EKm5WPyht1gBC50ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACADwYoBu\/frxKCU+7xigBACJCsCAAABAQgK5fXM6cLdFzo="}
-00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14188,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554955,"flow_src_last_pkt_time":1605292116554955,"flow_dst_last_pkt_time":1605292116554955,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554955,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14188,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554955,"flow_dst_last_pkt_time":1605292116554955,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554955,"pkt":"qtsDr8lk5EKm5WPyht1gCjT0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACADrIQBu3CsbiISBiplgBAJFEMHAAABAQgKZRk18sLdF+A="}
-00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14189,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554965,"flow_src_last_pkt_time":1605292116554965,"flow_dst_last_pkt_time":1605292116554965,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554965,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14189,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554965,"flow_dst_last_pkt_time":1605292116554965,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554965,"pkt":"qtsDr8lk5EKm5WPyht1gB1DkACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAO5PoBu5jg6U77lZSLgBAB9bFqAAABAQgKob1mQcLdFBA="}
-00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14190,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554976,"flow_src_last_pkt_time":1605292116554976,"flow_dst_last_pkt_time":1605292116554976,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554976,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58616,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14190,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554976,"flow_dst_last_pkt_time":1605292116554976,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554976,"pkt":"qtsDr8lk5EKm5WPyht1gCkAwACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAO5PgBu6pVAe\/PmdazgBAB9nEsAAABAQgKob1mQcLdFA4="}
-00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14191,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554985,"flow_src_last_pkt_time":1605292116554985,"flow_dst_last_pkt_time":1605292116554985,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554985,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14191,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554985,"flow_dst_last_pkt_time":1605292116554985,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554985,"pkt":"qtsDr8lk5EKm5WPyht1gCnAxACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAO5PYBu2KmMmkBhhCygBAB9hx4AAABAQgKob1mQcLdFA8="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14192,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554831,"flow_dst_last_pkt_time":1605292116783801,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783801,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHENPnmMC3biY8gBANvdD5AAABAQgKwt3K6VRlt1w="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14193,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554865,"flow_dst_last_pkt_time":1605292116783930,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783930,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgVAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvBWD0wAeZaM44SgBAN0gneAAABAQgKwt3K8eX1FWk="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14194,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554888,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783931,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbuyivK2F+GRCjWfgBAMggWaAAABAQgKwt3K8ViSDUk="}
-00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14195,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554874,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783931,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAA35IcYqAcsBIEmLB5kd7IUo3\/YpAbuqUp8VmAL\/uLoKgBALilfCAAABAQgKwt3K8Ev+J\/w="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14196,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554881,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783931,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgVAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbuMNGE5TmUER3k8gBALhgqfAAABAQgKwt3K8YvcoGw="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14197,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554906,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783931,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBOAuKJ+lo8zNmgBALjxSdAAABAQgKwt3K8thacjc="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14198,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554955,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783931,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbushBIGKmVwrG4jgBANXT4sAAABAQgKwt3K8WUYg3I="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14199,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554946,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783931,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgVAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvBipT7vGL368ShgBALhSEJAAABAQgKwt3K8eX1Gck="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14200,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554985,"flow_dst_last_pkt_time":1605292116783932,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783932,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvk9gGGELJipjJqgBALQBJ2AAABAQgKwt3K8aG8sBY="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14201,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554976,"flow_dst_last_pkt_time":1605292116783951,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783951,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvk+M+Z1rOqVQHwgBALQGcqAAABAQgKwt3K8aG8sBU="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14202,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554924,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783952,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBNmN7X0wHcAwfgBALjg4+AAABAQgKwt3K8thacg8="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14203,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554965,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783952,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvk+vuVlIuY4OlPgBALOKdvAAABAQgKwt3K8qG8sBY="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14204,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554935,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783952,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvhvNVWQYa3RpcegBALd4k3AAABAQgKwt3K8rgmZ+0="}
-00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23343,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292118602881,"flow_src_last_pkt_time":1605292118602881,"flow_dst_last_pkt_time":1605292118602881,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292118602881,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23343,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1605292118602881,"flow_dst_last_pkt_time":1605292118602881,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292118602881,"pkt":"qtsDr8lk5EKm5WPyht1gAi73ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtWCxtoBu1KGqo810Lv\/gBAB9aO7AAABAQgKDow6U8LdGxc="}
-00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23344,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292118714869,"flow_src_last_pkt_time":1605292118714869,"flow_dst_last_pkt_time":1605292118714869,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292118714869,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":48988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23344,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1605292118714869,"flow_dst_last_pkt_time":1605292118714869,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292118714869,"pkt":"qtsDr8lk5EKm5WPyht1gADFFACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAEv1wBu54AWFX+ZWnrgBAB9ax4AAABAQgKIY6128LdIt0="}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23345,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1605292118602881,"flow_dst_last_pkt_time":1605292118777753,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292118777753,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAANg61YIqAcsBIEmLB5kd7IUo3\/YpAbvG2jXQu\/9ShqqQgBAMVq52AAABAQgKwt3S6w6JbWQ="}
-00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23346,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1605292118714869,"flow_dst_last_pkt_time":1605292118786493,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292118786493,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgRAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbu\/XP5laeueAFhWgBALgb+AAAABAQgKwt3S8iGL6TM="}
-00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23347,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292119370851,"flow_src_last_pkt_time":1605292119370851,"flow_dst_last_pkt_time":1605292119370851,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292119370851,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23347,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1605292119370851,"flow_dst_last_pkt_time":1605292119370851,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292119370851,"pkt":"qtsDr8lk5EKm5WPyht1gB9dmACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAO4aoBuwkMYXdt3wkTgBAGDPrTAAABAQgKuCcls8LdJNk="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23348,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1605292119370851,"flow_dst_last_pkt_time":1605292119458269,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292119458269,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvhqm3fCRMJDGF4gBAMQfSOAAABAQgKwt3Va7gmdTA="}
-00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23349,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292120654870,"flow_src_last_pkt_time":1605292120654870,"flow_dst_last_pkt_time":1605292120654870,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292120654870,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::200e","src_port":58004,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23349,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1605292120654870,"flow_dst_last_pkt_time":1605292120654870,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292120654870,"pkt":"qtsDr8lk5EKm5WPyht1gBWy\/ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAO4pQBuzf4sNBRRFrJgBAB9RDeAAABAQgKzK1LLsLdJJ0="}
-00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23350,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292120654889,"flow_src_last_pkt_time":1605292120654889,"flow_dst_last_pkt_time":1605292120654889,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292120654889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23350,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1605292120654889,"flow_dst_last_pkt_time":1605292120654889,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292120654889,"pkt":"qtsDr8lk5EKm5WPyht1gD6CDACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1uYBu2Ue7VYDxGJbgBAB9U4jAAABAQgKcJlSucLdI9M="}
-00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23351,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292120654893,"flow_src_last_pkt_time":1605292120654893,"flow_dst_last_pkt_time":1605292120654893,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292120654893,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23351,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1605292120654893,"flow_dst_last_pkt_time":1605292120654893,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292120654893,"pkt":"qtsDr8lk5EKm5WPyht1gCJJIACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAEv2oBu3NXQRgXN+V5gBAZpzN2AAABAQgKIY69b8LdKhI="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23359,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1605292120654870,"flow_dst_last_pkt_time":1605292120839721,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292120839721,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvilFFEWsk3+LDRgBALmwajAAABAQgKwt3a98yslWg="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23360,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1605292120654889,"flow_dst_last_pkt_time":1605292120853149,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292120853149,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvW5gPEYltlHu1XgBALmkPeAAABAQgKwt3bBnCYnCU="}
-00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23362,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1605292120654893,"flow_dst_last_pkt_time":1605292120853914,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292120853914,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgRAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbu\/ahc35XlzV0EZgBAPBj1lAAABAQgKwt3bBiGODSw="}
-00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23415,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292121486006,"flow_src_last_pkt_time":1605292121486006,"flow_dst_last_pkt_time":1605292121486006,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292121486006,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23415,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1605292121486006,"flow_dst_last_pkt_time":1605292121486006,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292121486006,"pkt":"qtsDr8lk5EKm5WPyht1gCYf1ACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoWqUABuwNc+osAAAAAoAL9IJMMAAACBAWgBAIICpi1TMUAAAAAAQMDBw=="}
-00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23416,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1605292121486006,"flow_dst_last_pkt_time":1605292121507427,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292121507427,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAEpymhYqAcsBIEmLB5kd7IUo3\/YpAbupQGb5NYUDXPqMoBJXgPvWAAACBAV4AQMDAwQCCArC3d2UmLVMxQ=="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23417,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_src_last_pkt_time":1605292121507474,"flow_dst_last_pkt_time":1605292121507427,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292121507474,"pkt":"qtsDr8lk5EKm5WPyht1gCYf1ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoWqUABuwNc+oxm+TWGgBAB+3\/SAAABAQgKmLVM28Ld3ZQ="}
-01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23418,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_src_last_pkt_time":1605292121507997,"flow_dst_last_pkt_time":1605292121507427,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605292121507997,"pkt":"qtsDr8lk5EKm5WPyht1gCYf1AiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoWqUABuwNc+oxm+TWGgBgB+yW6AAABAQgKmLVM28Ld3ZQWAwECAAEAAfwDA9nSk2KeVcFHOIgIqlGvi0eycTTMQTOty0xI9t2BdS31IHNR5s\/xYMO8\/2mipv181fxQHxiQGiouoi3LhBjKSL1oACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAGQAXAAAUY2F0YXN0ZXJzLnR1bWJsci5jb20AFwAA\/wEAAQAACgAKAAhaWgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKVpaAAEAAB0AIObRVS3K9ld1BBlaeDdBVyGReJdkTjt6xYTnNvdI\/itGAC0AAgEBACsACwoqKgMEAwMDAgMBABsAAwIAAnp6AAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01213{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23418,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292121486006,"flow_src_last_pkt_time":1605292121507997,"flow_dst_last_pkt_time":1605292121507427,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292121507997,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"catasters.tumblr.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23419,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1605292121507997,"flow_dst_last_pkt_time":1605292121536972,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292121536972,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAEpymhYqAcsBIEmLB5kd7IUo3\/YpAbupQGb5NYYDXPyRgBALMHR7AAABAQgKwt3dsZi1TNs="}
-00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23420,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292121674877,"flow_src_last_pkt_time":1605292121674877,"flow_dst_last_pkt_time":1605292121674877,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292121674877,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23420,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1605292121674877,"flow_dst_last_pkt_time":1605292121674877,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292121674877,"pkt":"qtsDr8lk5EKm5WPyht1gDKQRACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFwAAAAAAACAK2QgBu\/13v36ZlfzugBAB9Zh5AAABAQgKG7m2dMLdLYw="}
-01302{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23421,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292121486006,"flow_src_last_pkt_time":1605292121507997,"flow_dst_last_pkt_time":1605292121697370,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1400,"midstream":0,"thread_ts_usec":1605292121697370,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"catasters.tumblr.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"738f0c3c6e00286f3afac626676d352d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-01571{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23427,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1605292121486006,"flow_src_last_pkt_time":1605292121697627,"flow_dst_last_pkt_time":1605292121698447,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5097,"midstream":0,"thread_ts_usec":1605292121698447,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"catasters.tumblr.com","tls": {"version":"TLSv1.2","server_names":"*.tumblr.com,tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"738f0c3c6e00286f3afac626676d352d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA","subjectDN":"CN=*.tumblr.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"14:78:BA:5B:B5:54:5D:A1:2C:D2:79:4C:42:99:BB:3A:A9:DB:86:C2"}}}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23429,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1605292121674877,"flow_dst_last_pkt_time":1605292121698552,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292121698552,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgXAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbvZCJmV\/O79d79\/gBALlo7gAAABAQgKwt3eUxu5BaQ="}
-01986{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":23448,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292121486006,"flow_src_last_pkt_time":1605292121915646,"flow_dst_last_pkt_time":1605292121915718,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":1174,"flow_dst_tot_l4_payload_len":11033,"midstream":0,"thread_ts_usec":1605292121915718,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":27721.0,"max":189403,"stddev":49540.4,"var":2454247936.0,"ent":3.2,"data": [21421,21468,523,29545,160398,189403,235,0,213,14,842,826,3808,144,202,28681,1,1011,77988,2,103570,74,656,29813,79144,108203,110,95,435,441,86]},"pktlen": {"min":72,"avg":454.0,"max":1472,"stddev":568.3,"var":322990.4,"ent":4.0,"data": [80,80,72,589,72,1472,72,1472,1368,72,72,1073,72,157,163,523,72,72,72,338,142,72,72,102,72,1472,72,1472,72,1472,72,1472]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,6,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,1,0,1,0,1],"entropies": [4.847575665,5.264388561,5.273682594,4.570615292,5.139187336,7.183391094,5.218127251,7.306411743,7.637944698,5.179864883,5.245904922,7.569734573,5.218127251,6.162980080,6.493566990,7.590200424,5.139187336,5.139187336,5.083631992,7.038479328,6.319642544,5.162571907,5.162571907,5.715408325,5.083631992,7.863587856,5.218127251,7.862967491,5.245904922,7.863145828,5.190349579,7.850796700]}}
-01575{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23448,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292121486006,"flow_src_last_pkt_time":1605292121915646,"flow_dst_last_pkt_time":1605292121915718,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":1174,"flow_dst_tot_l4_payload_len":11033,"midstream":0,"thread_ts_usec":1605292121915718,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"catasters.tumblr.com","tls": {"version":"TLSv1.2","server_names":"*.tumblr.com,tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"738f0c3c6e00286f3afac626676d352d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA","subjectDN":"CN=*.tumblr.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"14:78:BA:5B:B5:54:5D:A1:2C:D2:79:4C:42:99:BB:3A:A9:DB:86:C2"}}}
-00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23631,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292122064463,"flow_src_last_pkt_time":1605292122064463,"flow_dst_last_pkt_time":1605292122064463,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292122064463,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23631,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1605292122064463,"flow_dst_last_pkt_time":1605292122064463,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292122064463,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0AeaGkAAAAAoAL9IOE8AAACBAWgBAIICthbOh0AAAAAAQMDBw=="}
-00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23633,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1605292122076240,"flow_dst_last_pkt_time":1605292102602965,"flow_idle_time":3285032704,"pkt_caplen":172,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":172,"pkt_l4_len":118,"thread_ts_usec":1605292122076240,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTAHYGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2Qd9sejoTgBgk6QsuAAABAQgKJEeQFMLc4vQXAwMAUQAAAAAAAAAPN+72C7wfHoQtmaJB3aOHKjPk6JlEWLNjF5TOq7HiJ1O2KSnCxtEIEQAeO4GmbeSTOkkpawAah7BKsajx09L6L57ZkTTcEWLCJA=="}
-00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23633,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1605292102602965,"flow_src_last_pkt_time":1605292122076240,"flow_dst_last_pkt_time":1605292102602965,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122076240,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23634,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1605292122076586,"flow_dst_last_pkt_time":1605292102602965,"flow_idle_time":3285032704,"pkt_caplen":132,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":132,"pkt_l4_len":78,"thread_ts_usec":1605292122076586,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTAE4GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2QjVsejoTgBgk6YPXAAABAQgKJEeQFMLc4vQXAwMAKQAAAAAAAAAQ4G\/3mQ3kGgQra1eBqPYCTvM1QPmaUoG2gBnwdZPdmFLU"}
-00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23650,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1605292122064463,"flow_dst_last_pkt_time":1605292122094721,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292122094721,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBjCTTL5FAHmhqoBJXgI\/cAAACBAV4AQMDAwQCCArC3d\/Z2Fs6HQ=="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23654,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1605292122094761,"flow_dst_last_pkt_time":1605292122094721,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122094761,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0AeaGok0y+SgBAB+xPQAAABAQgK2Fs6O8Ld39k="}
-01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23657,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1605292122094987,"flow_dst_last_pkt_time":1605292122094721,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605292122094987,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0AeaGok0y+SgBgB+5pFAAABAQgK2Fs6O8Ld39kWAwECAAEAAfwDA4SEFpd+Ui2RJOstUdyWPiOQJLso1+e8murU+rSUvScLIOxlBCWQSXeBEkOuoY9ArjNfnRtplIaJsV3gAzrnHWtBACBKShMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAFAASAAAPYXBpcy5nb29nbGUuY29tABcAAP8BAAEAAAoACgAIysoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACnKygABAAAdACBB0ZlvhvxIZjessBrEqcEd8cKmBCymsB2\/FWOJUIU9TwAtAAIBAQArAAsK2toDBAMDAwIDAQAbAAMCAAKKigABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01212{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23657,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292122064463,"flow_src_last_pkt_time":1605292122094987,"flow_dst_last_pkt_time":1605292122094721,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292122094987,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apis.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23664,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292122095843,"flow_src_last_pkt_time":1605292122095843,"flow_dst_last_pkt_time":1605292122095843,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292122095843,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23664,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1605292122095843,"flow_dst_last_pkt_time":1605292122095843,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292122095843,"pkt":"qtsDr8lk5EKm5WPyht1gD2uVACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAKltABu4i5CzgAAAAAoAL9IPiAAAACBAWgBAIIChLBJ8gAAAAAAQMDBw=="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23818,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1605292122076586,"flow_dst_last_pkt_time":1605292122116538,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122116538,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleJ0qAcsBIEmLB5kd7IUo3\/YpAbu8cGx6OhMItkI1gBAMRA6zAAABAQgKwt3f5SRHkBQ="}
-01957{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23819,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1605292122076586,"flow_dst_last_pkt_time":1605292122116538,"flow_idle_time":3285032704,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"thread_ts_usec":1605292122116538,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleJ0qAcsBIEmLB5kd7IUo3\/YpAbu8cGx6OhMItkI1gBgMRHzEAAABAQgKwt3f5iRHkBQXAwNAGJc9h3GYNRFQlTKtM7rxIBlCWvu2+kAtsSKUpPeQGC2f9G6Xq+yeDPU221fnjVpofZnbGWH209M5VFwfCbYBd\/Ug672I7YdgqPjdHdeHhsk5JO7a6ZKrKfKPrNR6YV7haA9UHN\/J20tM3dd1ztVqjpfbv0\/ZJmmisIhD21RHxC+bpnR9aUwAHNslPkgS258ZBH2f6TbIDYUZtSMnZWw3Yk\/ci8p72sljAny1A0bK6nTpcgQdrpz72F8pAQANc8+dtvsHTLhIpCvOc6Ne6kWtUKT7C\/mvdjTu5edIany0ejKotIFClcl4RxqARVu2X1rfTugLw5NDSe0wQ2nHTzTqPvaW7AfYVBRuhLTkXbNrJI65nxsqhUnfa60m3bgzF7vJcVGCZnpJafd9EdKxWUn3zIF9HNZPAaoWOVFHMyX9a+GRL3JsX2Y5BoTsGub9kof4cZv9bszWuQGQ32PqzX8tj0vwQgSS+\/6S++A\/fvGhO3z2O4J5JcExiBHL9NO41Ci77nPGUPc8rzROsKBv+iwjPxII7ZTo+HPy8VtcXYK9fMChuPeM2GJGvjtvuTXBXbAajdN99K6za2E83mXsUFa4zXbW8l6vvPf\/QtzoTU4L9xdK63gJGDxlquf0XuSzocIpEQi1F1Wer1yQa02YyM9dE5pCuSsEvLN9e3nWr+e5ts1swpdDA9qB0i7vopuVw7pVJRa\/5jtj10ogWPHGj2tvaRujTQeDciYar+lH9\/+jsk7PRHX+uIUqDDNJr9L4h4Y5HFaECy28OARK+N8iZPMvLjs+b2v9+1SVFwvOZk2keVzr60iLx9SAxK+qK3iQWWRvVmrjER7XMeaQBw9ZDHNiSeMtNeFfmRKRTQN09GNCR0gb6nnbLaowG55byyc9Ixf0CX1E+gt7yBldEZUUKfDlxtw+uLgeGUXqthxjdDzHmt05igu5OjLX1G4r5IZOVC4zPzyhWkdvVj3Xlv+5VdG78q9fG74Kr4jrWd0HmfWAicEqqlrJ0tzM615CXJdHLq2i\/icncRzXkfKIHoIE7akepvW2uFW47l3zunDfCPS2CPdfu4SgfwscjhTdvMd0yEZgiOOpbXgOiFet4ZTlfmbFFc1UeXXFtn8JSmdDTZps738TSMj+kk9x8MshGWKOVu0ue6LonWUyQNu1K9\/sN\/LUbwtwiJhRTd4lbHV3YBTVFelyuUAiHAYYrO1BQq\/1qgPHYrAC9\/XR1LO2ONRYU\/Y5+xV2iMD3hHSQ30e3g5G4lPgWiJR\/5BxivIHZmOM3jV1\/ejjWfzi6Q+rJSgLP1NhRuCOEWEb8Rva9JGpl5hBrk9oX7wzBiu7yI4Hc4KR6E6bjwM0G+KtwCI+dvZO488RHnGsWkcv5evakZJvQrVRCJM0\/gTwn"}
-01963{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":23851,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605292102602965,"flow_src_last_pkt_time":1605292122118409,"flow_dst_last_pkt_time":1605292122118430,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":16768,"midstream":1,"thread_ts_usec":1605292122118430,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":1259061.5,"max":19513573,"stddev":4788586.0,"var":22930555666432.0,"ent":1.0,"data": [19473275,346,19513573,0,40000,58,0,14,3,47,46,590,601,1080,1,1,0,1,0,0,1081,15,50,4,2,3,4,112,1,0,1]},"pktlen": {"min":72,"avg":600.1,"max":1120,"stddev":520.1,"var":270533.2,"ent":4.4,"data": [72,158,118,72,1120,72,1120,1120,72,72,1120,72,1120,72,1120,1120,1120,1120,1120,1120,1120,72,72,72,72,72,72,72,1120,1120,1120,1120]},"bins": {"c_to_s": [13,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,0,1,1,0,0,1,0,1,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1],"entropies": [5.300073624,6.172540188,5.808043480,5.111409664,7.793330193,5.244518280,7.816789150,7.806469440,5.188962936,5.244518280,7.817547321,5.216740131,7.782293320,5.272295952,7.814203739,7.825418949,7.833592415,7.796096325,7.794456482,7.800365925,7.831590176,5.300073624,5.244518280,5.272295952,5.300073624,5.216740608,5.244518280,5.272295475,7.782464504,7.824431896,7.817936897,7.808838844]}}
-00944{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23851,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605292102602965,"flow_src_last_pkt_time":1605292122118409,"flow_dst_last_pkt_time":1605292122118430,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":16768,"midstream":1,"thread_ts_usec":1605292122118430,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24118,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1605292122095843,"flow_dst_last_pkt_time":1605292122163288,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292122163288,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuW0O3zbp+IuQs5oBJXgJ7NAAACBAV4AQMDAwQCCArC3d\/9EsEnyA=="}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24126,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_src_last_pkt_time":1605292122163315,"flow_dst_last_pkt_time":1605292122163288,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122163315,"pkt":"qtsDr8lk5EKm5WPyht1gD2uVACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAKltABu4i5Cznt826ggBAB+yKbAAABAQgKEsEoDMLd3\/0="}
-01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24188,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_src_last_pkt_time":1605292122163584,"flow_dst_last_pkt_time":1605292122163288,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605292122163584,"pkt":"qtsDr8lk5EKm5WPyht1gD2uVAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAKltABu4i5Cznt826ggBgB+67mAAABAQgKEsEoDMLd3\/0WAwECAAEAAfwDA7bS9qVsy5B4YR21YJQRtEh5Py7oz+4S+4EMfJZtbGRGIFTZBy5p0gziG2ybvndeac3\/kMpuKpBLUHIf7VQxlGl9ACDq6hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAGAAWAAATYWpheC5nb29nbGVhcGlzLmNvbQAXAAD\/AQABAAAKAAoACPr6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwAp+voAAQAAHQAg8WEmWZ9OWDe9\/XkTSDe85PaENProAIW9qnEE9QmUWSAALQACAQEAKwALCurqAwQDAwMCAwEAGwADAgACWloAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24188,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292122095843,"flow_src_last_pkt_time":1605292122163584,"flow_dst_last_pkt_time":1605292122163288,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292122163584,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ajax.googleapis.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24197,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1605292122094987,"flow_dst_last_pkt_time":1605292122165400,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122165400,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBjCTTL5JAHmpvgBALMAhqAAABAQgKwt3gBdhbOjs="}
-01257{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24239,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292122064463,"flow_src_last_pkt_time":1605292122094987,"flow_dst_last_pkt_time":1605292122177975,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605292122177975,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apis.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24422,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1605292122163584,"flow_dst_last_pkt_time":1605292122207366,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122207366,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuW0O3zbqCIuQ0+gBALMBcPAAABAQgKwt3gTxLBKAw="}
-01269{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24429,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292122095843,"flow_src_last_pkt_time":1605292122163584,"flow_dst_last_pkt_time":1605292122212637,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605292122212637,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ajax.googleapis.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-02169{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":24477,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605292122095843,"flow_src_last_pkt_time":1605292122274057,"flow_dst_last_pkt_time":1605292122274042,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":982,"flow_dst_tot_l4_payload_len":8808,"midstream":0,"thread_ts_usec":1605292122274057,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":11497.2,"max":67472,"stddev":19899.9,"var":396007328.0,"ent":3.2,"data": [67445,67472,269,44078,5271,1,49097,3,94,53,18571,10150,718,42370,0,12940,229,14297,2020,1,16083,2556,1,2570,25,64,1,0,22,4,8]},"pktlen": {"min":72,"avg":378.4,"max":1280,"stddev":464.3,"var":215557.6,"ent":4.1,"data": [80,80,72,589,72,1280,1280,72,72,572,72,136,164,350,72,652,72,103,72,103,72,72,521,1280,72,72,1280,1280,1280,72,72,72]},"bins": {"c_to_s": [13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,0,0,1,1,1,0,1,1,0,0,1,1,1,0,0,0],"entropies": [4.880388737,5.286173344,5.204868793,4.536604404,5.107836723,7.787920475,7.830109596,5.260424137,5.232646465,7.542898178,5.232646465,6.192057133,6.535644054,7.298229218,5.014019012,7.680838585,5.232646465,5.914041996,5.041796684,5.815946102,5.052281380,5.166606426,7.546278477,7.846930027,5.117859364,5.138828754,7.830280781,7.832926273,7.840851784,5.194384098,5.099461079,5.156121731]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-02169{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":24501,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292122064463,"flow_src_last_pkt_time":1605292122281616,"flow_dst_last_pkt_time":1605292122282509,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":962,"flow_dst_tot_l4_payload_len":9011,"midstream":0,"thread_ts_usec":1605292122282509,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":14038.7,"max":83018,"stddev":20606.9,"var":424642560.0,"ent":3.6,"data": [30258,30298,226,70679,12575,2,1,83018,62,4,882,32413,0,31475,5911,16277,137,34580,1914,14156,7168,10659,16853,1,0,1,34679,24,2,2,942]},"pktlen": {"min":72,"avg":384.2,"max":1280,"stddev":474.8,"var":225406.5,"ent":4.1,"data": [80,80,72,589,72,1280,1280,311,72,72,72,136,72,652,72,164,103,330,72,103,72,72,72,985,1280,1280,1280,72,72,72,72,1280]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,0,0,0,1,1,0,1,1,1,1,1,1,0,0,0,0,1],"entropies": [4.836515903,5.311173439,5.222161770,4.516429901,5.097352028,7.813626766,7.833569527,7.238987446,5.249939442,5.211677551,5.222161770,6.183825970,5.163392067,7.648269653,5.182794571,6.507936478,5.802297115,7.243775845,5.097352028,5.700409889,5.249939919,5.097352028,5.163392067,7.756225586,7.832665920,7.840676308,7.826161861,5.222161770,5.222161770,5.166606426,5.183899403,7.820078373]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24626,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1605292122439986,"flow_dst_last_pkt_time":1605292121698552,"flow_idle_time":3285032704,"pkt_caplen":203,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":203,"pkt_l4_len":149,"thread_ts_usec":1605292122439986,"pkt":"qtsDr8lk5EKm5WPyht1gDKQRAJUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFwAAAAAAACAK2QgBu\/13v3+ZlfzugBgB9aL3AAABAQgKG7m5ccLd3lMXAwMAcFVxaXihuhejZCNpZ5nuv6bEN9Yj5XMBxAt2QHwyRgmT6ybDwC5C73DyglYgxmIhMzt282zpUtE5GphT7ONBXskP6qssi1eNQHysgmBFeTvR+6kSeL0yhYhtFPIEYfWd8KPo3wOHIQIgFNXMNqMrZ9Q="}
-00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24626,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1605292121674877,"flow_src_last_pkt_time":1605292122439986,"flow_dst_last_pkt_time":1605292121698552,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":117,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":117,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122439986,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24627,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1605292122440221,"flow_dst_last_pkt_time":1605292121698552,"flow_idle_time":3285032704,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_usec":1605292122440221,"pkt":"qtsDr8lk5EKm5WPyht1gDKQRAEcGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFwAAAAAAACAK2QgBu\/13v\/SZlfzugBgB9Z8fAAABAQgKG7m5csLd3lMXAwMAInk1I4nIPSajLKiA35EuKIlPm\/oqqHEG+SP9VTSkSQmA2P0="}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24635,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1605292122440221,"flow_dst_last_pkt_time":1605292122468567,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122468567,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgXAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbvZCJmV\/O79d7\/0gBALpNeNAAABAQgKwt3hVRu5uXE="}
-00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24657,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1605292122501104,"flow_dst_last_pkt_time":1605292104716333,"flow_idle_time":3285032704,"pkt_caplen":149,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":149,"pkt_l4_len":95,"thread_ts_usec":1605292122501104,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMAF8GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MQoadXXNVgBgB9QaPAAABAQgKTYUvYcLdm\/0XAwMAOgAAAAAAAAAIvZM7k4G8cjK7Q9\/YrVI4eMbPvi74lWEwjtUtgcQJsZEKgX5x1KPe5+ARIWOSp6YRK8o="}
-00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24657,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1605292104650967,"flow_src_last_pkt_time":1605292122501104,"flow_dst_last_pkt_time":1605292104716333,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122501104,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24658,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1605292122501492,"flow_dst_last_pkt_time":1605292104716333,"flow_idle_time":3285032704,"pkt_caplen":132,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":132,"pkt_l4_len":78,"thread_ts_usec":1605292122501492,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMAE4GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MQsWdXXNVgBgB9YnNAAABAQgKTYUvYsLdm\/0XAwMAKQAAAAAAAAAJhfarTPFG\/0Gx5mBHg+oWjrQOzezO5YGM3qlkDtuEBJnw"}
-00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24664,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1605292122501492,"flow_dst_last_pkt_time":1605292122537161,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122537161,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1dc1X\/jELFgBAMUD3EAAABAQgKwt3hmU2FL2E="}
-00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24688,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292122674024,"flow_src_last_pkt_time":1605292122674024,"flow_dst_last_pkt_time":1605292122674024,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292122674024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24688,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1605292122674024,"flow_dst_last_pkt_time":1605292122674024,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292122674024,"pkt":"qtsDr8lk5EKm5WPyht1gD3A1ACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPwBuzwV9u8AAAAAoAL9IJXTAAACBAWgBAIIChNnJ60AAAAAAQMDBw=="}
-00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24691,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1605292122674024,"flow_dst_last_pkt_time":1605292122697976,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292122697976,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY\/FghbGM8FfbwoBJXgNHxAAACBAV4AQMDAwQCCArC3eI6E2cnrQ=="}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24692,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1605292122698027,"flow_dst_last_pkt_time":1605292122697976,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122698027,"pkt":"qtsDr8lk5EKm5WPyht1gD3A1ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPwBuzwV9vBYIWxkgBAB+1XrAAABAQgKE2cnxcLd4jo="}
-01375{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24693,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1605292122698360,"flow_dst_last_pkt_time":1605292122697976,"flow_idle_time":3285032704,"pkt_caplen":706,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":706,"pkt_l4_len":652,"thread_ts_usec":1605292122698360,"pkt":"qtsDr8lk5EKm5WPyht1gD3A1AowGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPwBuzwV9vBYIWxkgBgB+5tKAAABAQgKE2cnxsLd4joWAwECZwEAAmMDAxcqM3SukIiua6aXUWl305akyrAbsQ8fC5QrHYGn8yAqIOfUpAFM2ex8Yzi\/Sen\/tnD95LkMo2l4V+QtyZhS\/smCACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAfqKigAAAAAAHQAbAAAYc2Iuc2NvcmVjYXJkcmVzZWFyY2guY29tABcAAP8BAAEAAAoACgAICgoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkKCgABAAAdACDK7MvCss9kPuP\/sGQIpNIgaBZPSr9Qiypf8B3tmZxOcgAtAAIBAQArAAsKiooDBAMDAwIDAQAbAAMCAAKamgABAAApASsA9gDwAAAiIJslU1lFpjTpi3lmNcM02Z66mKz\/ebRIkuOX18rpowH2yWfRzdOZHXike\/2DtKx+3unPfKAy7bV8y4oY0zmw0E1pgUb7btO6Vjk+uxl7qJDciqRgqzQMVKk21FI05k9Tj8+QijWSqapfQXpJZo9ZGd54w+gB1V2q8Nw7dtF2+eFiyJH2mXerNpN0ZE6fUqgXQsD4DbRpYQjZTIcPcs\/we2ogtL0JfR+e875ICH323jad+VODdi9WWJ93O+ld3DiE0YkFyo7kp5dxhnBMUode0ut+uFiEfQ9mADB5yJ2cgEQe3BR1tRHNJhSdnJ6lY4sULQAxMNVjiEV0UOkpjkSg09LdgE2p3Pne63LSoF7PSJBmSVGBkf3yxkp3tDTf\/lSBUFM44A=="}
-01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24693,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292122674024,"flow_src_last_pkt_time":1605292122698360,"flow_dst_last_pkt_time":1605292122697976,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":620,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":620,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292122698360,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":101,"category":"Advertisement","hostname":"sb.scorecardresearch.com","tls": {"version":"TLSv1.2","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24694,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292122698834,"flow_src_last_pkt_time":1605292122698834,"flow_dst_last_pkt_time":1605292122698834,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122698834,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24694,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1605292122698834,"flow_dst_last_pkt_time":1605292122698834,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122698834,"pkt":"qtsDr8lk5EKm5WPyht1gCuvGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoVprIBu3ASIMYXhL6qgBAB9S93AAABAQgKNSTnjcLdLMU="}
-00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24705,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1605292122698360,"flow_dst_last_pkt_time":1605292122740353,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122740353,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY\/FghbGQ8FflcgBALPUoSAAABAQgKwt3iZBNnJ8Y="}
-00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24706,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1605292122698834,"flow_dst_last_pkt_time":1605292122741055,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122741055,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAEpymhUqAcsBIEmLB5kd7IUo3\/YpAbumsheEvqpwEiDHgBALdyXtAAABAQgKwt3iZjUkMfM="}
-01252{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24707,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292122674024,"flow_src_last_pkt_time":1605292122698360,"flow_dst_last_pkt_time":1605292122755298,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":620,"flow_dst_max_l4_payload_len":270,"flow_src_tot_l4_payload_len":620,"flow_dst_tot_l4_payload_len":270,"midstream":0,"thread_ts_usec":1605292122755298,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":101,"category":"Advertisement","hostname":"sb.scorecardresearch.com","tls": {"version":"TLSv1.3","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
-02214{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":24724,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605292105418417,"flow_src_last_pkt_time":1605292122813676,"flow_dst_last_pkt_time":1605292122725006,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":764,"flow_dst_max_l4_payload_len":1279,"flow_src_tot_l4_payload_len":4217,"flow_dst_tot_l4_payload_len":4676,"midstream":0,"thread_ts_usec":1605292122813676,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":98,"avg":1119414.5,"max":16588707,"stddev":4059258.8,"var":16477581213696.0,"ent":1.4,"data": [29466,29487,204,37942,9029,46759,696,98,30996,1834,7035,39073,52635,52694,371915,406395,20731,55185,2451,32929,9268,39721,16556740,16588707,11402,43353,16903,58413,9807,93158,46822]},"pktlen": {"min":72,"avg":350.4,"max":1351,"stddev":367.9,"var":135349.6,"ent":4.3,"data": [80,80,72,692,72,342,72,152,489,72,72,359,72,1259,72,824,72,855,72,836,72,342,72,500,72,1351,72,644,72,672,72,656]},"bins": {"c_to_s": [9,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,1,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,1,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0],"entropies": [4.797575951,5.229953289,5.190349579,7.030211926,4.972520828,6.811050892,5.091930866,6.334684849,7.516590118,5.055853844,5.055853844,7.313119888,5.190349579,7.806543827,5.218127251,7.745193005,5.000298500,7.694315910,5.134794235,7.706961155,5.028076172,7.266840458,5.190349579,7.564545631,4.972520828,7.854704857,5.162571907,7.655811310,5.000298500,7.622268677,5.134794235,7.624323368]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":101,"category":"Advertisement"}}
-00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24733,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292122874816,"flow_src_last_pkt_time":1605292122874816,"flow_dst_last_pkt_time":1605292122874816,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122874816,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24733,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1605292122874816,"flow_dst_last_pkt_time":1605292122874816,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122874816,"pkt":"qtsDr8lk5EKm5WPyht1gDJQ7ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnP4Bu4CgSN\/gvLosgBAB9qrlAAABAQgK1OQQnsLdMvM="}
-00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1605292122874816,"flow_dst_last_pkt_time":1605292122899206,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122899206,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuc\/uC8uiyAoEjggBALQrp6AAABAQgKwt3jAtThR68="}
-00940{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292118714869,"flow_src_last_pkt_time":1605292118714869,"flow_dst_last_pkt_time":1605292118786493,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":48988,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292118714869,"flow_src_last_pkt_time":1605292118714869,"flow_dst_last_pkt_time":1605292118786493,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":48988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00940{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654893,"flow_src_last_pkt_time":1605292120654893,"flow_dst_last_pkt_time":1605292120853914,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654893,"flow_src_last_pkt_time":1605292120654893,"flow_dst_last_pkt_time":1605292120853914,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00813{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1605292103804319,"flow_src_last_pkt_time":1605292104013801,"flow_dst_last_pkt_time":1605292104013772,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":664,"flow_dst_max_l4_payload_len":400,"flow_src_tot_l4_payload_len":756,"flow_dst_tot_l4_payload_len":446,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:8c6e:cf2c:8d6:9fb5","src_port":41266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":38,"flow_dst_packets_processed":38,"flow_first_seen":1605292102602965,"flow_src_last_pkt_time":1605292122470330,"flow_dst_last_pkt_time":1605292122470323,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":130,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":34972,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292114506948,"flow_src_last_pkt_time":1605292114506948,"flow_dst_last_pkt_time":1605292114736576,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292114506948,"flow_src_last_pkt_time":1605292114506948,"flow_dst_last_pkt_time":1605292114736576,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292108746999,"flow_src_last_pkt_time":1605292108746999,"flow_dst_last_pkt_time":1605292108796001,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292108746999,"flow_src_last_pkt_time":1605292108746999,"flow_dst_last_pkt_time":1605292108796001,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292108747015,"flow_src_last_pkt_time":1605292108747015,"flow_dst_last_pkt_time":1605292108805587,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292108747015,"flow_src_last_pkt_time":1605292108747015,"flow_dst_last_pkt_time":1605292108805587,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292108746966,"flow_src_last_pkt_time":1605292108746966,"flow_dst_last_pkt_time":1605292108789015,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292108746966,"flow_src_last_pkt_time":1605292108746966,"flow_dst_last_pkt_time":1605292108789015,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00933{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292102219041,"flow_src_last_pkt_time":1605292102219041,"flow_dst_last_pkt_time":1605292102653473,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292102219041,"flow_src_last_pkt_time":1605292102219041,"flow_dst_last_pkt_time":1605292102653473,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292108747008,"flow_src_last_pkt_time":1605292108747008,"flow_dst_last_pkt_time":1605292108796448,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292108747008,"flow_src_last_pkt_time":1605292108747008,"flow_dst_last_pkt_time":1605292108796448,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":15,"flow_first_seen":1605292105433892,"flow_src_last_pkt_time":1605292105972592,"flow_dst_last_pkt_time":1605292106000954,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1166,"flow_dst_tot_l4_payload_len":6085,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Yahoo","proto_id":"91.70","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1605292121674877,"flow_src_last_pkt_time":1605292122484196,"flow_dst_last_pkt_time":1605292122517767,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":117,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":212,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00933{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292102603001,"flow_src_last_pkt_time":1605292102603001,"flow_dst_last_pkt_time":1605292102678719,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292102603001,"flow_src_last_pkt_time":1605292102603001,"flow_dst_last_pkt_time":1605292102678719,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00940{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554924,"flow_src_last_pkt_time":1605292116554924,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49462,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554924,"flow_src_last_pkt_time":1605292116554924,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00940{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554906,"flow_src_last_pkt_time":1605292116554906,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49464,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554906,"flow_src_last_pkt_time":1605292116554906,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49464,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00940{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554865,"flow_src_last_pkt_time":1605292116554865,"flow_dst_last_pkt_time":1605292116783930,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49496,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554865,"flow_src_last_pkt_time":1605292116554865,"flow_dst_last_pkt_time":1605292116783930,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49496,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00940{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554946,"flow_src_last_pkt_time":1605292116554946,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554946,"flow_src_last_pkt_time":1605292116554946,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":38,"flow_dst_packets_processed":69,"flow_first_seen":1605292122064463,"flow_src_last_pkt_time":1605292122413893,"flow_dst_last_pkt_time":1605292122440928,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6040,"flow_src_tot_l4_payload_len":1195,"flow_dst_tot_l4_payload_len":75024,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605292104650967,"flow_src_last_pkt_time":1605292122733019,"flow_dst_last_pkt_time":1605292122732998,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":287,"flow_src_tot_l4_payload_len":109,"flow_dst_tot_l4_payload_len":333,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00940{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292119370851,"flow_src_last_pkt_time":1605292119370851,"flow_dst_last_pkt_time":1605292119458269,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292119370851,"flow_src_last_pkt_time":1605292119370851,"flow_dst_last_pkt_time":1605292119458269,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":4211,"flow_dst_packets_processed":16806,"flow_first_seen":1605292105669051,"flow_src_last_pkt_time":1605292122890792,"flow_dst_last_pkt_time":1605292122889284,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":2772,"flow_src_tot_l4_payload_len":18663,"flow_dst_tot_l4_payload_len":20026479,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00940{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554935,"flow_src_last_pkt_time":1605292116554935,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554935,"flow_src_last_pkt_time":1605292116554935,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":761,"flow_dst_packets_processed":910,"flow_first_seen":1605292108895208,"flow_src_last_pkt_time":1605292115212651,"flow_dst_last_pkt_time":1605292115212495,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2426,"flow_src_tot_l4_payload_len":1488,"flow_dst_tot_l4_payload_len":1034254,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292122698834,"flow_src_last_pkt_time":1605292122698834,"flow_dst_last_pkt_time":1605292122741055,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292122698834,"flow_src_last_pkt_time":1605292122698834,"flow_dst_last_pkt_time":1605292122741055,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00940{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554888,"flow_src_last_pkt_time":1605292116554888,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554888,"flow_src_last_pkt_time":1605292116554888,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00940{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654870,"flow_src_last_pkt_time":1605292120654870,"flow_dst_last_pkt_time":1605292120839721,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::200e","src_port":58004,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654870,"flow_src_last_pkt_time":1605292120654870,"flow_dst_last_pkt_time":1605292120839721,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::200e","src_port":58004,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292118602881,"flow_src_last_pkt_time":1605292118602881,"flow_dst_last_pkt_time":1605292118777753,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292118602881,"flow_src_last_pkt_time":1605292118602881,"flow_dst_last_pkt_time":1605292118777753,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":385,"flow_dst_packets_processed":477,"flow_first_seen":1605292103810303,"flow_src_last_pkt_time":1605292122755323,"flow_dst_last_pkt_time":1605292122755299,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":2294,"flow_src_tot_l4_payload_len":44889,"flow_dst_tot_l4_payload_len":477944,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1605292103804485,"flow_src_last_pkt_time":1605292104007252,"flow_dst_last_pkt_time":1605292104007225,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":644,"flow_dst_max_l4_payload_len":527,"flow_src_tot_l4_payload_len":722,"flow_dst_tot_l4_payload_len":566,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::8fcc:d927","src_port":57286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":29,"flow_first_seen":1605292105197307,"flow_src_last_pkt_time":1605292105351681,"flow_dst_last_pkt_time":1605292105378152,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":523,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1550,"flow_dst_tot_l4_payload_len":18160,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1605292105274861,"flow_src_last_pkt_time":1605292105347857,"flow_dst_last_pkt_time":1605292105347849,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00940{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554881,"flow_src_last_pkt_time":1605292116554881,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554881,"flow_src_last_pkt_time":1605292116554881,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00940{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554955,"flow_src_last_pkt_time":1605292116554955,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554955,"flow_src_last_pkt_time":1605292116554955,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1605292105418417,"flow_src_last_pkt_time":1605292122864867,"flow_dst_last_pkt_time":1605292122864791,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":764,"flow_dst_max_l4_payload_len":1279,"flow_src_tot_l4_payload_len":4217,"flow_dst_tot_l4_payload_len":4946,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":101,"category":"Advertisement"}}
-00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1605292122674024,"flow_src_last_pkt_time":1605292122861140,"flow_dst_last_pkt_time":1605292122861115,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":620,"flow_dst_max_l4_payload_len":600,"flow_src_tot_l4_payload_len":1856,"flow_dst_tot_l4_payload_len":1427,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00940{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554985,"flow_src_last_pkt_time":1605292116554985,"flow_dst_last_pkt_time":1605292116783932,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554985,"flow_src_last_pkt_time":1605292116554985,"flow_dst_last_pkt_time":1605292116783932,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00940{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554976,"flow_src_last_pkt_time":1605292116554976,"flow_dst_last_pkt_time":1605292116783951,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58616,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554976,"flow_src_last_pkt_time":1605292116554976,"flow_dst_last_pkt_time":1605292116783951,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58616,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00940{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554965,"flow_src_last_pkt_time":1605292116554965,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554965,"flow_src_last_pkt_time":1605292116554965,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00940{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292122874816,"flow_src_last_pkt_time":1605292122874816,"flow_dst_last_pkt_time":1605292122899206,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292122874816,"flow_src_last_pkt_time":1605292122874816,"flow_dst_last_pkt_time":1605292122899206,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":33,"flow_first_seen":1605292121486006,"flow_src_last_pkt_time":1605292122503493,"flow_dst_last_pkt_time":1605292122503481,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":1423,"flow_dst_tot_l4_payload_len":22629,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":125,"flow_dst_packets_processed":164,"flow_first_seen":1605292105170049,"flow_src_last_pkt_time":1605292122449520,"flow_dst_last_pkt_time":1605292122449418,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":251,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":1628,"flow_dst_tot_l4_payload_len":185560,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":157,"flow_dst_packets_processed":169,"flow_first_seen":1605292105171046,"flow_src_last_pkt_time":1605292122739889,"flow_dst_last_pkt_time":1605292122739878,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":807,"flow_dst_tot_l4_payload_len":184998,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00933{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554874,"flow_src_last_pkt_time":1605292116554874,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43602,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554874,"flow_src_last_pkt_time":1605292116554874,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43602,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":14,"flow_first_seen":1605292105726518,"flow_src_last_pkt_time":1605292122804785,"flow_dst_last_pkt_time":1605292122804743,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":119,"flow_src_tot_l4_payload_len":767,"flow_dst_tot_l4_payload_len":604,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":37,"flow_first_seen":1605292122095843,"flow_src_last_pkt_time":1605292122306980,"flow_dst_last_pkt_time":1605292122344801,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3141,"flow_src_tot_l4_payload_len":1021,"flow_dst_tot_l4_payload_len":38525,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00940{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654889,"flow_src_last_pkt_time":1605292120654889,"flow_dst_last_pkt_time":1605292120853149,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654889,"flow_src_last_pkt_time":1605292120654889,"flow_dst_last_pkt_time":1605292120853149,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00940{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554831,"flow_src_last_pkt_time":1605292116554831,"flow_dst_last_pkt_time":1605292116783801,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554831,"flow_src_last_pkt_time":1605292116554831,"flow_dst_last_pkt_time":1605292116783801,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00577{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","packets-captured":24745,"packets-processed":24745,"total-skipped-flows":0,"total-l4-payload-len":22196494,"total-not-detected-flows":0,"total-guessed-flows":28,"total-detected-flows":19,"total-detection-updates":15,"total-updates":0,"current-active-flows":0,"total-active-flows":47,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":321,"global_ts_usec":1605292122899206}
+00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105170049,"flow_src_last_pkt_time":1605292105170049,"flow_dst_last_pkt_time":1605292105170049,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":160,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292105170049,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1605292105170049,"flow_dst_last_pkt_time":1605292105170049,"flow_idle_time":3285032704,"pkt_caplen":246,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":246,"pkt_l4_len":192,"thread_ts_usec":1605292105170049,"pkt":"qtsDr8lk5EKm5WPyht1gDdvHAMAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqZwBuzRq\/HZTRuvUgBgSELhfAAABAQgKdG+lysLdLW8XAwMAm7+VUv5v3n1cEKhvA7Obmk7hW69laavu9OZNOdP5v2aiE9LYEKQeHffn7vm6VstuW5LB+GPd1bdCCYxPrQ8cpXXvSrRBde7Ubgvulsw\/eGF6vJKgoYXL5h04lY18ojPm\/cV9tUPretg64t\/hG52\/jXKkQ9+5e1GR1KuJgn1MWQ\/97vN82J\/Jt388ivkqQMfP0T\/jvMqs33Elwytq"}
+00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105170049,"flow_src_last_pkt_time":1605292105170049,"flow_dst_last_pkt_time":1605292105170049,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":160,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292105170049,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1605292105170518,"flow_dst_last_pkt_time":1605292105170049,"flow_idle_time":3285032704,"pkt_caplen":237,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":237,"pkt_l4_len":183,"thread_ts_usec":1605292105170518,"pkt":"qtsDr8lk5EKm5WPyht1gDdvHALcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqZwBuzRq\/RZTRuvUgBgSEKKhAAABAQgKdG+ly8LdLW8XAwMAazorJ+v8Qql\/1vWfAai2gkZCI3DTL5oADrcU2MSE9kWZdYS8Jqpk4fHfL5KS3jLCf57oTjL53SDsaGk+gIvtoan6S0MuUK39MyCSYP90lEM7cfvMMDv9MYZwBU7ADMu7jSPLRoIxvW6l0Cl8FwMDACLudklu9KmRe2M4B\/MpTRVuBpiUQvjz3VbQML7h4xLHHM4W"}
+00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105171046,"flow_src_last_pkt_time":1605292105171046,"flow_dst_last_pkt_time":1605292105171046,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292105171046,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1605292105171046,"flow_dst_last_pkt_time":1605292105171046,"flow_idle_time":3285032704,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1605292105171046,"pkt":"qtsDr8lk5EKm5WPyht1gCnTDAJAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqaoBuwynxfpsKg54gBgd\/fuUAAABAQgKdG+ly8LdWR0XAwMAa1HIP\/vnAAogIw4J2B2TkEHONIFMeD5XyAVKi4Q2Vue2Mstte\/aj9aBEGnaC\/XLTSleNDPxB5FKFlYuKlZTTvSjcjRkZVdPHhikw9Xf3PTuX4sNc4A4aMrxDB+2xDdlSgUdvbOv4DPatYzp8"}
+00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105171046,"flow_src_last_pkt_time":1605292105171046,"flow_dst_last_pkt_time":1605292105171046,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292105171046,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1605292105171411,"flow_dst_last_pkt_time":1605292105171046,"flow_idle_time":3285032704,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_usec":1605292105171411,"pkt":"qtsDr8lk5EKm5WPyht1gCnTDAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqaoBuwynxmpsKg54gBgd\/YTsAAABAQgKdG+lzMLdWR0XAwMAIlHp65gwK7PBPS\/ZXxVrtwWRv5u\/D1Oka\/7+0BiFD1N3mso="}
+00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1605292105176233,"flow_dst_last_pkt_time":1605292105171046,"flow_idle_time":3285032704,"pkt_caplen":197,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":197,"pkt_l4_len":143,"thread_ts_usec":1605292105176233,"pkt":"qtsDr8lk5EKm5WPyht1gCnTDAI8GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqaoBuwynxpFsKg54gBgd\/f4EAAABAQgKdG+l0cLdWR0XAwMAau+1WhRe96DKEz4O2DiVS\/91xsnWseh+6lrx3LgaqNmDXwRm1lqF7AcLtXkaV8D99qMpoGwTJnk5i4\/A5jdKnihSC+92twzKrr9YRFj27xUmeqz0tGED25O9+HkuuOkV2W5IN6Z8o+lbpTM="}
+00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1605292105176588,"flow_dst_last_pkt_time":1605292105171046,"flow_idle_time":3285032704,"pkt_caplen":186,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":186,"pkt_l4_len":132,"thread_ts_usec":1605292105176588,"pkt":"qtsDr8lk5EKm5WPyht1gCnTDAIQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqaoBuwynxwBsKg54gBgd\/ayxAAABAQgKdG+l0cLdWR0XAwMAX\/Yd2tE30yITdLVScy1FaO070XnDZMR6GJiZVqwat++QvYX+J9OjAkXIuTA6eA+46mRMhtiJSnHUHMZJ232U\/skK8H88Oqka3BXGyUundCVpL+UIL2bs9pZSC7nGsqsQ"}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1605292105170518,"flow_dst_last_pkt_time":1605292105195930,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105195930,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATSgqAcsBIEmLB5kd7IUo3\/YpAbupnFNG69Q0av0WgBAMvoDtAAABAQgKwt2d3XRvpco="}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1605292105170518,"flow_dst_last_pkt_time":1605292105197034,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105197034,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATSgqAcsBIEmLB5kd7IUo3\/YpAbupnFNG69Q0av2tgBAM0YBAAAABAQgKwt2d33Rvpcs="}
+00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105197307,"flow_src_last_pkt_time":1605292105197307,"flow_dst_last_pkt_time":1605292105197307,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105197307,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1605292105197307,"flow_dst_last_pkt_time":1605292105197307,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105197307,"pkt":"qtsDr8lk5EKm5WPyht1gCsuaACgGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5AwBu6fu9OYAAAAAoAL9IHL6AAACBAWgBAIIClFT82IAAAAAAQMDBw=="}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1605292105176588,"flow_dst_last_pkt_time":1605292105198295,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105198295,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATSgqAcsBIEmLB5kd7IUo3\/YpAbupqmwqDngMp8ZqgBAMGKRpAAABAQgKwt2d4HRvpcs="}
+01647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1605292105170518,"flow_dst_last_pkt_time":1605292105207637,"flow_idle_time":3285032704,"pkt_caplen":905,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":905,"pkt_l4_len":851,"thread_ts_usec":1605292105207637,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAA1MGPQBk\/5sAAAAAAAAAAMAATSgqAcsBIEmLB5kd7IUo3\/YpAbupnFNG69Q0av2tgBgM0YCjAAABAQgKwt2d6XRvpcsXAwMDLk55JOtZHA9hFHC78RI\/6e4ADB70IziFTQtGRHuZOB0Det1Gfpuft9GB7WaB\/JvqxR3SpKpzI6IovCQJLnjW6Oy\/OVDRXZI+e1rsJ8xfCThAbrJKx8Z15+Ia9oQzbu9EMZ0aYGCodHGAKw6pER63UCuT\/HYtD1XN\/5P\/Qzud7VlDejV3giiLk7W99OwzQblzqqj7ozuOqrD2SxgCZBf7HcZDudBGUcgAGwhEd9WMZdEgXbQ\/VW2KsZkhuY\/mVWcws+Vytyn8SAmTihZ+ff\/lJPo6oXZwRGaEh6o+KhaA3xJd2B6jIEjEPK5Rim+Un69wF1z9NGTGA5jCD+4W0q0Dzc5CapBVF2AAJvA\/g\/6zeakoP08VCHX8ZeoWP0WDfENHfUZJSZAgtNWgUeaCFnFsTt6Z5PwGrmG0wqzGna3kLJ9lWJVSL2U3hBlttYbkdGT+ykdlFT\/CBlGUrtBs3BhUCyEWZyHMaaygWYAd7o3x36cLHt96siT1UpRFrfmRA8lD1S\/1zOiS7bUnUdxA4PU9scKdOoSnQL6h+jvK9CIf9Xx0Orm9zi\/fIq5wk4lP511YgHEzPejRKOAGSFyOndq1A5UTYe6vTNcm1JhsK7\/Btozh9BD9mJ1cVKKsk3D8KDHlVMMmOU2glzIf45AQbPPCS+l8SPAxNZGaU0heIJpra09J0uwa4u0oEFQ3WnBIXvvy2XQPuUoJx4I8lS997QBWkiifSKFrcJo1AnvmpbiRyE8TVySJhw56uxcbzPvN42iHQsKs1bvcDLeXlq4E4RlE4Gbqn8dCnpuBq8l5jE9iwG+\/4tYa6OBDish6+E3pPO1UKOz+HMsqo8OvufrMBdU\/RWZ335P92R9wvAR15HHWR34tjc4dgay6sUSJQJTVeFYBlaE7b\/Y75KIip1JHxsz0ODtpgK7u0USYP5Qk6mbnn4IILzx6IlD0ZO5GajcbIJ5pfiVppgZlspWoK9C9ZYd3rhaJWhB5BXISeiOsbvqvND0c2W971Ppgw71jmnnCf3SgD3E\/AF+tZcYKSIroiukrXXZhmWqE+HUuGWvjHhdrO+gjdKPk5y9RuYA5SqcU0dw="}
+01953{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":101,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292105170049,"flow_src_last_pkt_time":1605292105221617,"flow_dst_last_pkt_time":1605292105221612,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":311,"flow_dst_tot_l4_payload_len":12058,"midstream":1,"thread_ts_usec":1605292105221617,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":3326.8,"max":37135,"stddev":8084.0,"var":65351828.0,"ent":2.7,"data": [469,25881,1104,10603,37135,1897,1,1911,13,717,678,9927,9935,107,1,101,8,237,229,116,116,308,309,92,91,472,1,479,15,99,79]},"pktlen": {"min":72,"avg":458.5,"max":1472,"stddev":599.1,"var":358951.0,"ent":3.9,"data": [232,223,72,72,891,72,111,1460,72,72,84,72,1472,72,1472,1460,72,72,84,72,1472,72,1472,72,1460,72,84,1460,72,72,84,72]},"bins": {"c_to_s": [14,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0]},"directions": [0,0,1,1,1,0,1,1,0,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,1,0,0,1,0],"entropies": [6.975117207,6.780508041,5.008678436,4.980900764,7.727560043,5.257209778,5.876837730,7.865436077,5.284987926,5.284987926,5.396960735,5.284987926,7.861420155,5.257210255,7.855777740,7.835244179,5.201654911,5.257210255,5.387974262,5.257210255,7.869387627,5.229432106,7.851236820,5.229432583,7.862463474,5.201654911,5.316545486,7.846337318,5.257210255,5.284987926,5.396960735,5.284987926]}}
+00943{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":101,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292105170049,"flow_src_last_pkt_time":1605292105221617,"flow_dst_last_pkt_time":1605292105221612,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":311,"flow_dst_tot_l4_payload_len":12058,"midstream":1,"thread_ts_usec":1605292105221617,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1605292105197307,"flow_dst_last_pkt_time":1605292105230486,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105230486,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDMLhfl2n7vTnoBJXgHalAAACBAV4AQMDAwQCCArC3Z3zUVPzYg=="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1605292105230554,"flow_dst_last_pkt_time":1605292105230486,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105230554,"pkt":"qtsDr8lk5EKm5WPyht1gCsuaACAGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5AwBu6fu9OfC4X5egBAB+\/qVAAABAQgKUVPzg8LdnfM="}
+01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1605292105231042,"flow_dst_last_pkt_time":1605292105230486,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605292105231042,"pkt":"qtsDr8lk5EKm5WPyht1gCsuaAiUGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5AwBu6fu9OfC4X5egBgB++4yAAABAQgKUVPzg8LdnfMWAwECAAEAAfwDAwsTuD27e9O7zSR9QGg\/BjcA3VInM4oSJon9YBOCv5++IFdStpb+CkXQy2c2uOI7+AVrIzBfj1oZ8gAG3CYIQoMEACC6uhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAGQAXAAAUY29uc2VudC5jbXAub2F0aC5jb20AFwAA\/wEAAQAACgAKAAja2gAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKdraAAEAAB0AIDYvcGjd9fK5d+Sh8kpRELYm8anOzkwuInZrhF5dnrEgAC0AAgEBACsACwp6egMEAwMDAgMBABsAAwIAAjo6AAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292105197307,"flow_src_last_pkt_time":1605292105231042,"flow_dst_last_pkt_time":1605292105230486,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105231042,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"consent.cmp.oath.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01962{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":131,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292105171046,"flow_src_last_pkt_time":1605292105231565,"flow_dst_last_pkt_time":1605292105231522,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":362,"flow_dst_tot_l4_payload_len":16800,"midstream":1,"thread_ts_usec":1605292105231565,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":3903.1,"max":45055,"stddev":9416.3,"var":88667112.0,"ent":2.8,"data": [365,4822,355,27249,2992,337,2701,17288,45055,519,518,603,1,579,9,7282,1,7292,34,289,2,248,25,174,1,157,27,1036,1,1005,28]},"pktlen": {"min":72,"avg":608.3,"max":1472,"stddev":669.7,"var":448506.0,"ent":4.1,"data": [184,111,183,172,72,72,72,72,1472,72,1472,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72]},"bins": {"c_to_s": [12,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0]},"directions": [0,0,0,0,1,1,1,1,1,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0],"entropies": [6.587406158,5.914531231,6.603403568,6.519369125,4.980900764,4.980900764,4.894209862,4.980900764,7.851428509,5.118321419,7.864492416,5.118321419,7.853987694,7.848294735,5.062766075,5.080059052,7.860019684,7.828007221,5.118321419,5.118321419,7.856985092,7.866126060,5.118321419,5.080059052,7.856244087,7.840456009,5.146099091,5.080059052,7.871989727,7.857123375,5.118321419,5.118321419]}}
+00943{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292105171046,"flow_src_last_pkt_time":1605292105231565,"flow_dst_last_pkt_time":1605292105231522,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":362,"flow_dst_tot_l4_payload_len":16800,"midstream":1,"thread_ts_usec":1605292105231565,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":318,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105274861,"flow_src_last_pkt_time":1605292105274861,"flow_dst_last_pkt_time":1605292105274861,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105274861,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1605292105274861,"flow_dst_last_pkt_time":1605292105274861,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105274861,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5ACgGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGvZYAAAAAoAL9IG8jAAACBAWgBAIIClFT868AAAAAAQMDBw=="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1605292105231042,"flow_dst_last_pkt_time":1605292105278180,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105278180,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDMLhfl6n7vbsgBALMO8iAAABAQgKwt2eLFFT84M="}
+01252{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":342,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292105197307,"flow_src_last_pkt_time":1605292105231042,"flow_dst_last_pkt_time":1605292105278180,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1605292105278180,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"consent.cmp.oath.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1605292105274861,"flow_dst_last_pkt_time":1605292105299371,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105299371,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDobnvZrixr2XoBJXgG87AAACBAV4AQMDAwQCCArC3Z5DUVPzrw=="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1605292105299399,"flow_dst_last_pkt_time":1605292105299371,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105299399,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGvZeG572bgBAB+\/MzAAABAQgKUVPzyMLdnkM="}
+01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1605292105299606,"flow_dst_last_pkt_time":1605292105299371,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605292105299606,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5AiUGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGvZeG572bgBgB+x+BAAABAQgKUVPzyMLdnkMWAwECAAEAAfwDAy8GqoFoWkNyI7mYtVTa5cXzmnUMn\/AW4e4uQZtHexViIHBqihZlPQxi4\/Swmz8DIl9f5mkTuI3AenD0Ehe9UmbOACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAGQAXAAAUY29uc2VudC5jbXAub2F0aC5jb20AFwAA\/wEAAQAACgAKAAi6ugAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKbq6AAEAAB0AIBw5Ol89JTdAu7B94JP0srEvQLd+Q79aN+DwFdZiG4R\/AC0AAgEBACsACwr6+gMEAwMDAgMBABsAAwIAAhoaAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292105274861,"flow_src_last_pkt_time":1605292105299606,"flow_dst_last_pkt_time":1605292105299371,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105299606,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"consent.cmp.oath.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1605292105322435,"flow_dst_last_pkt_time":1605292105299371,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105322435,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGv5yG572bgBEB+\/EWAAABAQgKUVPz38LdnkM="}
+01252{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":370,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605292105274861,"flow_src_last_pkt_time":1605292105322435,"flow_dst_last_pkt_time":1605292105340527,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1605292105340527,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"consent.cmp.oath.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+02153{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":384,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292105197307,"flow_src_last_pkt_time":1605292105347875,"flow_dst_last_pkt_time":1605292105347850,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":523,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1519,"flow_dst_tot_l4_payload_len":5784,"midstream":0,"thread_ts_usec":1605292105347875,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9713.3,"max":47694,"stddev":16101.6,"var":259260704.0,"ent":3.2,"data": [33179,33247,488,47694,0,47160,1225,37725,2106,0,0,38598,23,3,754,718,796,796,2589,248,171,60,26260,592,1,74,1362,0,0,25234,8]},"pktlen": {"min":72,"avg":300.7,"max":1280,"stddev":381.9,"var":145812.8,"ent":4.1,"data": [80,80,72,589,72,171,72,595,72,1280,1280,1280,72,72,72,544,72,1055,72,146,164,329,128,72,72,72,72,327,327,168,72,72]},"bins": {"c_to_s": [10,1,2,0,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,2,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,1,1,0,0,0,1,0,1,0,0,0,0,0,1,1,1,1,1,1,1,0,0],"entropies": [5.295193195,5.637294769,5.563652992,4.598795891,5.459350586,6.223492146,5.497612953,5.044443607,5.487128258,7.814322472,7.863967419,7.842244625,5.591430664,5.503256798,5.563652992,7.612953186,5.591430664,7.763548851,5.563652992,6.558448792,6.685117722,7.291459560,6.278277397,5.487128258,5.487128258,5.431572914,5.487128258,7.317289352,7.268368721,6.510692596,5.591430664,5.563652992]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105418417,"flow_src_last_pkt_time":1605292105418417,"flow_dst_last_pkt_time":1605292105418417,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105418417,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1605292105418417,"flow_dst_last_pkt_time":1605292105418417,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105418417,"pkt":"qtsDr8lk5EKm5WPyht1gDBurACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mG3sAAAAAoAL9IOHqAAACBAWgBAIIChNm5EYAAAAAAQMDBw=="}
+00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":404,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105433892,"flow_src_last_pkt_time":1605292105433892,"flow_dst_last_pkt_time":1605292105433892,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105433892,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1605292105433892,"flow_dst_last_pkt_time":1605292105433892,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105433892,"pkt":"qtsDr8lk5EKm5WPyht1gCUBCACgGQCoBywEgSYsHmR3shSjf9ikgAUmYABQIAAAAAAAAABABuA4Bu2AkF5MAAAAAoAL9IMKvAAACBAWgBAIICr4D0hAAAAAAAQMDBw=="}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1605292105418417,"flow_dst_last_pkt_time":1605292105447883,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105447883,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY8Go+Ou0O5ht8oBJXgIDEAAACBAV4AQMDAwQCCArC3Z7YE2bkRg=="}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1605292105447904,"flow_dst_last_pkt_time":1605292105447883,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105447904,"pkt":"qtsDr8lk5EKm5WPyht1gDBurACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mG3xqPjrugBAB+wS5AAABAQgKE2bkY8Ldntg="}
+01371{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1605292105448108,"flow_dst_last_pkt_time":1605292105447883,"flow_idle_time":3285032704,"pkt_caplen":706,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":706,"pkt_l4_len":652,"thread_ts_usec":1605292105448108,"pkt":"qtsDr8lk5EKm5WPyht1gDBurAowGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mG3xqPjrugBgB+4JWAAABAQgKE2bkZMLdntgWAwECZwEAAmMDA01hkKus+MkqaNZ11u\/JhpX8opi+Paz\/2culjqS\/fRVYIMdAvSOkLp4IegED4alflZbkeoPKAFn+1vm3NO5kGg0FACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAfqamgAAAAAAHQAbAAAYc2Iuc2NvcmVjYXJkcmVzZWFyY2guY29tABcAAP8BAAEAAAoACgAI+voAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACn6+gABAAAdACAZgcv6djgDbSXoFxR2Bhsr1SLhgniKBtXtlIDDETXMCAAtAAIBAQArAAsKqqoDBAMDAwIDAQAbAAMCAAIKCgABAAApASsA9gDwAAAiIJslU1lFpjTpi3lmNam9hQpY2hMMKuXsZwFntxH9VeeCDjG5ZumnFfjZUDtOBPLSzw4R57\/QCBI18BwcPm48mrUGyW53Ub1R1QzZAjB7iAKV4vFIwFfFqvyyzCt+XQCHUSkW6UYjU9HW8UHVOSLv+gTEZIbkGDOYtPsq7YccVngTZL3n3IHqwmTgcbP5ueNH8XOZq7\/Y1OeX7Wx9xVtrBDjNMgQxbOzaBnVFB93EKDMM4PQzj6qYiuKetEAoBMozzmixqRKxA5zUbOA5h0RPxge6RCPaz+BuJE3Cm\/zM5MOERtu8U1IsclnN2s3hdk+igAAxMH67OIYeJEbtrgELqGnjRFz2Dy5CExYP6mmzTrMo8NEajMnamg6uhqcAqBJ0WIxFJA=="}
+01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292105418417,"flow_src_last_pkt_time":1605292105448108,"flow_dst_last_pkt_time":1605292105447883,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":620,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":620,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105448108,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":101,"category":"Advertisement","hostname":"sb.scorecardresearch.com","tls": {"version":"TLSv1.2","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1605292105433892,"flow_dst_last_pkt_time":1605292105459292,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105459292,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSABSZgAFAgAAAAAAAAAEAEqAcsBIEmLB5kd7IUo3\/YpAbu4DgNW0a1gJBeUoBJXgDGmAAACBAV4AQMDAwQCCArC3Z7jvgPSEA=="}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1605292105459314,"flow_dst_last_pkt_time":1605292105459292,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105459314,"pkt":"qtsDr8lk5EKm5WPyht1gCUBCACAGQCoBywEgSYsHmR3shSjf9ikgAUmYABQIAAAAAAAAABABuA4Bu2AkF5QDVtGugBAB+7WdAAABAQgKvgPSKsLdnuM="}
+01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1605292105459543,"flow_dst_last_pkt_time":1605292105459292,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605292105459543,"pkt":"qtsDr8lk5EKm5WPyht1gCUBCAiUGQCoBywEgSYsHmR3shSjf9ikgAUmYABQIAAAAAAAAABABuA4Bu2AkF5QDVtGugBgB+\/IDAAABAQgKvgPSKsLdnuMWAwECAAEAAfwDA0SwrBQ+d5serlsxTSylSCJ2cOl7xaFhVNFnNENmyXzLII1+rGz9ESjQv1hbMrYHKnzgyMTJu0Ir\/kwfyDkc\/1pDACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNaWgAAAAAAGgAYAAAVY29va2lleC5uZ2QueWFob28uY29tABcAAP8BAAEAAAoACgAIiooAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmKigABAAAdACA9g892NhkW61BobOu+QMSd1m\/f0wlw8Wps+OIILfVOLAAtAAIBAQArAAsKiooDBAMDAwIDAQAbAAMCAALq6gABAAAVAMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":410,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292105433892,"flow_src_last_pkt_time":1605292105459543,"flow_dst_last_pkt_time":1605292105459292,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105459543,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Yahoo","proto_id":"91.70","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cookiex.ngd.yahoo.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1605292105448108,"flow_dst_last_pkt_time":1605292105485825,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105485825,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY8Go+Ou4O5h3ogBALPfjjAAABAQgKwt2e\/hNm5GQ="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1605292105459543,"flow_dst_last_pkt_time":1605292105492745,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105492745,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSABSZgAFAgAAAAAAAAAEAEqAcsBIEmLB5kd7IUo3\/YpAbu4DgNW0a5gJBmZgBALMKpAAAABAQgKwt2fBr4D0io="}
+01250{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":413,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292105418417,"flow_src_last_pkt_time":1605292105448108,"flow_dst_last_pkt_time":1605292105494854,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":620,"flow_dst_max_l4_payload_len":270,"flow_src_tot_l4_payload_len":620,"flow_dst_tot_l4_payload_len":270,"midstream":0,"thread_ts_usec":1605292105494854,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":101,"category":"Advertisement","hostname":"sb.scorecardresearch.com","tls": {"version":"TLSv1.3","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105669051,"flow_src_last_pkt_time":1605292105669051,"flow_dst_last_pkt_time":1605292105669051,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292105669051,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1605292105669051,"flow_dst_last_pkt_time":1605292105669051,"flow_idle_time":3285032704,"pkt_caplen":206,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":206,"pkt_l4_len":152,"thread_ts_usec":1605292105669051,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAJgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKOk4W2C\/9gBhA0URlAAABAQgKBcmbq8LdLRcXAwMAcysuUqnNdP5CtlTC2pWvfZyUMV8UFocs8M6W09NnsspPibPhqobMFIm1f0B4kk13U59rzTyXjGQM3JpbSJkQg4GGmBSNMo7KgMloXnt3GygjcT75OOC0YPo3\/MFdKUwkpDu47ubalsF7IwgRDAn\/l0DFoLo="}
+00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105669051,"flow_src_last_pkt_time":1605292105669051,"flow_dst_last_pkt_time":1605292105669051,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292105669051,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1605292105669426,"flow_dst_last_pkt_time":1605292105669051,"flow_idle_time":3285032704,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_usec":1605292105669426,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKOsYW2C\/9gBhA0ehRAAABAQgKBcmbrMLdLRcXAwMAIgQb59HIMHYAgoaCAJqbMMjq72ntBt\/\/eGErLyXH34Iczsk="}
+00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1605292105669518,"flow_dst_last_pkt_time":1605292105669051,"flow_idle_time":3285032704,"pkt_caplen":215,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":215,"pkt_l4_len":161,"thread_ts_usec":1605292105669518,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAKEGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKOu0W2C\/9gBhA0aEtAAABAQgKBcmbrMLdLRcXAwMAfBkhBkIFqMuMKjD1\/xjqGp2hEKMP3ziLomYjJXbyDDBzMNKC8MmFqfqAj9+xvxfAO7rBldu4UpazYVXmg399TnFcypI7qckvMpQyy6kehQ5F75J5BlTYjgokme9I6h8+9mS8Y6D2WQEp5qh0Ix9\/vReZo1xT0xocl8k7wFQ="}
+00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1605292105669903,"flow_dst_last_pkt_time":1605292105669051,"flow_idle_time":3285032704,"pkt_caplen":216,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":216,"pkt_l4_len":162,"thread_ts_usec":1605292105669903,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAKIGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKO24W2C\/9gBhA0ZDEAAABAQgKBcmbrMLdLRcXAwMAfZb\/Q0UxJt3wR3GrF9wc05LB8qT7ZkR+HCn\/iqj2sc401jsGKy+hB2hQCcm\/k7qaMetiTYenENk+ACLo1f2YKjGXVQetGP63wKEr42K8k6tUqE9pBZIE6wew5q00rKis7dRbFMMi3Xwnl\/etAScMk4PwcPmhI80uNbHMV+Kj"}
+00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1605292105670139,"flow_dst_last_pkt_time":1605292105669051,"flow_idle_time":3285032704,"pkt_caplen":157,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":157,"pkt_l4_len":103,"thread_ts_usec":1605292105670139,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAGcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKO\/AW2C\/9gBhA0UbJAAABAQgKBcmbrcLdLRcXAwMAQrLK9m5yPUYZr\/Ss7uS7ctPQk7DORD1YOYAxKYpWRXgQ31nGrlNl9GZg3NHqc299aEIRfgvacsXASirCF1SyoYgbpg=="}
+01954{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":454,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1605292105669051,"flow_src_last_pkt_time":1605292105720296,"flow_dst_last_pkt_time":1605292105720289,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":130,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":525,"flow_dst_tot_l4_payload_len":11113,"midstream":1,"thread_ts_usec":1605292105720296,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":3305.9,"max":36646,"stddev":8575.8,"var":73544632.0,"ent":2.4,"data": [375,92,385,236,26419,36646,2159,0,376,0,10012,21697,203,197,169,221,0,406,8,175,469,1,0,620,51,101,150,197,535,21,562]},"pktlen": {"min":72,"avg":435.7,"max":1472,"stddev":586.0,"var":343353.7,"ent":3.9,"data": [192,111,201,202,143,108,72,72,72,72,72,1472,72,1472,72,1460,84,1472,72,72,1460,84,1327,103,72,72,111,1460,72,84,1460,72]},"bins": {"c_to_s": [8,2,1,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,7,0,0,0,0]},"directions": [0,0,0,0,0,0,1,1,1,1,1,1,0,1,0,1,1,1,0,0,1,1,1,1,0,0,1,1,0,1,1,0],"entropies": [6.771437645,5.700867176,6.623061657,6.706957817,6.270517826,5.792555332,5.008678436,5.036456108,5.008678436,5.036456108,5.008678436,7.827867985,5.069574833,7.856517315,5.080059528,7.842531681,5.292736530,7.873940468,5.069574833,5.034988403,7.877679825,5.307831764,7.852031708,5.639400959,5.146099567,5.090544224,5.719091892,7.856316566,5.118321896,5.301723003,7.853841305,5.090544224]}}
+00944{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":454,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1605292105669051,"flow_src_last_pkt_time":1605292105720296,"flow_dst_last_pkt_time":1605292105720289,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":130,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":525,"flow_dst_tot_l4_payload_len":11113,"midstream":1,"thread_ts_usec":1605292105720296,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":460,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105726518,"flow_src_last_pkt_time":1605292105726518,"flow_dst_last_pkt_time":1605292105726518,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":127,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292105726518,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1605292105726518,"flow_dst_last_pkt_time":1605292105726518,"flow_idle_time":3285032704,"pkt_caplen":213,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":213,"pkt_l4_len":159,"thread_ts_usec":1605292105726518,"pkt":"qtsDr8lk5EKm5WPyht1gBYNxAJ8GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAEwDyqIBu7npntnZTJergBgB9damAAABAQgKLIniTsLdLfkXAwMAepLzP8oRHbXAD5D56fW\/ezxXNRxKdaqM6BwQpjw0zyORx06Rl8gHWinoWY19NxmIXl2owLgVHJ\/UEVkHmda\/PMinu6FgCqLeUi5RUsVJaGqL1ulKRH6Mi5nxYau2z9M9f+jUaBIVXH47AOoxy+jPs5YTh+8Es3OdfTIr"}
+00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105726518,"flow_src_last_pkt_time":1605292105726518,"flow_dst_last_pkt_time":1605292105726518,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":127,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292105726518,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1605292105726719,"flow_dst_last_pkt_time":1605292105726518,"flow_idle_time":3285032704,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_usec":1605292105726719,"pkt":"qtsDr8lk5EKm5WPyht1gBYNxAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAEwDyqIBu7npn1jZTJergBgB9c+fAAABAQgKLIniTsLdLfkXAwMAInb0OIEXDizCLxamWTiLwYinYzi396zhkwGnl1I5tNs4gXU="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1605292105726719,"flow_dst_last_pkt_time":1605292105774640,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105774640,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATAMqAcsBIEmLB5kd7IUo3\/YpAbvKotlMl6u56Z9YgBALghHTAAABAQgKwt2gFiyJ4k4="}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1605292105726719,"flow_dst_last_pkt_time":1605292105774928,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105774928,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATAMqAcsBIEmLB5kd7IUo3\/YpAbvKotlMl6u56Z9\/gBALhxGlAAABAQgKwt2gGCyJ4k4="}
+01251{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292105433892,"flow_src_last_pkt_time":1605292105459543,"flow_dst_last_pkt_time":1605292105774928,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605292105774928,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Yahoo","proto_id":"91.70","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"cookiex.ngd.yahoo.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1605292105726719,"flow_dst_last_pkt_time":1605292105789000,"flow_idle_time":3285032704,"pkt_caplen":205,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":205,"pkt_l4_len":151,"thread_ts_usec":1605292105789000,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAJcGPQBk\/5sAAAAAAAAAAMAATAMqAcsBIEmLB5kd7IUo3\/YpAbvKotlMl6u56Z9\/gBgLh4oBAAABAQgKwt2gIiyJ4k4XAwMAcvJ676RsxXZ5oBs6OGzQqykqUEr3Z5TFSkZKsLr3jmM2YiVsojp\/iKfkn4WsVwk6xE+3pYlY7baFutWk3YOJdUe42QIFmRoIaWPZHUxxJ72tc0a\/9w3XW4cb6EZieEibCx4fYcBpRjmfe8aHsBh0yypXqQ=="}
+00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292108746966,"flow_src_last_pkt_time":1605292108746966,"flow_dst_last_pkt_time":1605292108746966,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292108746966,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1605292108746966,"flow_dst_last_pkt_time":1605292108746966,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292108746966,"pkt":"qtsDr8lk5EKm5WPyht1gBAJCACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QYBu4l3wyDoZi2igBBBsd06AAABAQgKqXtZHsLc+wU="}
+00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":553,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292108746999,"flow_src_last_pkt_time":1605292108746999,"flow_dst_last_pkt_time":1605292108746999,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292108746999,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1605292108746999,"flow_dst_last_pkt_time":1605292108746999,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292108746999,"pkt":"qtsDr8lk5EKm5WPyht1gCjLcACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PQBu\/EwVJeVyjqfgBBI2yKLAAABAQgKqXtZHsLc+ww="}
+00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":554,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292108747008,"flow_src_last_pkt_time":1605292108747008,"flow_dst_last_pkt_time":1605292108747008,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292108747008,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1605292108747008,"flow_dst_last_pkt_time":1605292108747008,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292108747008,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3N5hBwa5pgBAB9TOKAAABAQgKqXtZHsLc+w0="}
+00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":555,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292108747015,"flow_src_last_pkt_time":1605292108747015,"flow_dst_last_pkt_time":1605292108747015,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292108747015,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1605292108747015,"flow_dst_last_pkt_time":1605292108747015,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292108747015,"pkt":"qtsDr8lk5EKm5WPyht1gBLbYACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QIBuwaOpKNiTUmPgBAFOCVEAAABAQgKqXtZHsLc+ww="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1605292108746966,"flow_dst_last_pkt_time":1605292108789015,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292108789015,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBuhmLaKJd8MhgBAN560UAAABAQgKwt2r5al1DDM="}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1605292108746999,"flow_dst_last_pkt_time":1605292108796001,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292108796001,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc9JXKOp\/xMFSYgBAPnfW6AAABAQgKwt2r7Kl1DlE="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1605292108747008,"flow_dst_last_pkt_time":1605292108796448,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292108796448,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdEkHBrmkkNzeZgBALy8PxAAABAQgKwt2r7al1DgU="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1605292108747015,"flow_dst_last_pkt_time":1605292108805587,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292108805587,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdAmJNSY8GjqSkgBAMILKCAAABAQgKwt2r9ql1FBI="}
+00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":560,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292108895208,"flow_src_last_pkt_time":1605292108895208,"flow_dst_last_pkt_time":1605292108895208,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292108895208,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1605292108895208,"flow_dst_last_pkt_time":1605292108895208,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292108895208,"pkt":"qtsDr8lk5EKm5WPyht1gCOgvACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3goBu3qld1IAAAAAoAL9IHkiAAACBAWgBAIICgXJqEYAAAAAAQMDBw=="}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1605292108895208,"flow_dst_last_pkt_time":1605292108917845,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292108917845,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAMAATQMqAcsBIEmLB5kd7IUo3\/YpAbveCh3iVUV6pXdToBJXgDxxAAACBAV4AQMDAwQCCArC3axnBcmoRg=="}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1605292108917920,"flow_dst_last_pkt_time":1605292108917845,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292108917920,"pkt":"qtsDr8lk5EKm5WPyht1gCOgvACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3goBu3qld1Md4lVGgBAB+8BsAAABAQgKBcmoXMLdrGc="}
+01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1605292108918360,"flow_dst_last_pkt_time":1605292108917845,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605292108918360,"pkt":"qtsDr8lk5EKm5WPyht1gCOgvAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3goBu3qld1Md4lVGgBgB+1S7AAABAQgKBcmoXcLdrGcWAwECAAEAAfwDAwjhV3OqKqFQfpcnWP89rtumm\/UccggvWkyi\/8FQZPWxIDvu3xcXjzuK8OGeiJCkn4luO5ref2KxaCnpVBkTuZCrACAqKhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPKygAAAAAAGAAWAAATNjQubWVkaWEudHVtYmxyLmNvbQAXAAD\/AQABAAAKAAoACFpaAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApWloAAQAAHQAgZaSQBi71IH\/A5WZQ4IeqmtWtcLONPQZBNc11j5iQXXAALQACAQEAKwALChoaAwQDAwMCAwEAGwADAgACuroAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292108895208,"flow_src_last_pkt_time":1605292108918360,"flow_dst_last_pkt_time":1605292108917845,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292108918360,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"64.media.tumblr.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1605292108918360,"flow_dst_last_pkt_time":1605292108948507,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292108948507,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATQMqAcsBIEmLB5kd7IUo3\/YpAbveCh3iVUZ6pXlYgBALMLUWAAABAQgKwt2sggXJqF0="}
+01255{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":565,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292108895208,"flow_src_last_pkt_time":1605292108918360,"flow_dst_last_pkt_time":1605292108973288,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1400,"midstream":0,"thread_ts_usec":1605292108973288,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"64.media.tumblr.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292114506948,"flow_src_last_pkt_time":1605292114506948,"flow_dst_last_pkt_time":1605292114506948,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292114506948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1605292114506948,"flow_dst_last_pkt_time":1605292114506948,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292114506948,"pkt":"qtsDr8lk5EKm5WPyht1gCYCjACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3O4Bu5iknWH70O\/fgBATex8tAAABAQgKqXtvnsLdEcs="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1605292114506948,"flow_dst_last_pkt_time":1605292114736576,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292114736576,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc7vvQ79+YpJ1igBBY1dkNAAABAQgKwt3C3al6v1A="}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554831,"flow_src_last_pkt_time":1605292116554831,"flow_dst_last_pkt_time":1605292116554831,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554831,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554831,"flow_dst_last_pkt_time":1605292116554831,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554831,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duJjvT55jAgBAB9d1JAAABAQgKVGZuDcLdE7E="}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":628,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554865,"flow_src_last_pkt_time":1605292116554865,"flow_dst_last_pkt_time":1605292116554865,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554865,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49496,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554865,"flow_dst_last_pkt_time":1605292116554865,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554865,"pkt":"qtsDr8lk5EKm5WPyht1gCRbVACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACADwVgBu1ozjhE9MAHmgBAB9RZAAAABAQgK5fXM6cLdEu0="}
+00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":629,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554874,"flow_src_last_pkt_time":1605292116554874,"flow_dst_last_pkt_time":1605292116554874,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554874,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43602,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":629,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554874,"flow_dst_last_pkt_time":1605292116554874,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554874,"pkt":"qtsDr8lk5EKm5WPyht1gA8lZACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAN+SHGqlIBu\/+4ugmfFZgCgBAB9UmMAAABAQgKTADwSsLdGmw="}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":630,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554881,"flow_src_last_pkt_time":1605292116554881,"flow_dst_last_pkt_time":1605292116554881,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554881,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554881,"flow_dst_last_pkt_time":1605292116554881,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554881,"pkt":"qtsDr8lk5EKm5WPyht1gBu\/tACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACACjDQBuwRHeTthOU5lgBAB9RTKAAABAQgKi91SNsLdGI4="}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":631,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554888,"flow_src_last_pkt_time":1605292116554888,"flow_dst_last_pkt_time":1605292116554888,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554888,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554888,"flow_dst_last_pkt_time":1605292116554888,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554888,"pkt":"qtsDr8lk5EKm5WPyht1gAlISACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsooBu5EKNZ7ythfhgBAB9RDDAAABAQgKWJK\/EMLdGI8="}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554906,"flow_src_last_pkt_time":1605292116554906,"flow_dst_last_pkt_time":1605292116554906,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554906,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49464,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554906,"flow_dst_last_pkt_time":1605292116554906,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554906,"pkt":"qtsDr8lk5EKm5WPyht1gBlBRACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwTgBu2jzM2ULiifpgBAB9R7MAAABAQgK2Fskl8LdF\/4="}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":633,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554924,"flow_src_last_pkt_time":1605292116554924,"flow_dst_last_pkt_time":1605292116554924,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554924,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554924,"flow_dst_last_pkt_time":1605292116554924,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554924,"pkt":"qtsDr8lk5EKm5WPyht1gBTnWACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwTYBuwdwDB5je19MgBAC+RdtAAABAQgK2Fskl8LdF9E="}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":634,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554935,"flow_src_last_pkt_time":1605292116554935,"flow_dst_last_pkt_time":1605292116554935,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554935,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554935,"flow_dst_last_pkt_time":1605292116554935,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554935,"pkt":"qtsDr8lk5EKm5WPyht1gCDsgACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAO4bwBu7dGlx3VVkGGgBAB9ZNXAAABAQgKuCcas8LdF48="}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":635,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554946,"flow_src_last_pkt_time":1605292116554946,"flow_dst_last_pkt_time":1605292116554946,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554946,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554946,"flow_dst_last_pkt_time":1605292116554946,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554946,"pkt":"qtsDr8lk5EKm5WPyht1gBC50ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACADwYoBu\/frxKCU+7xigBACJCsCAAABAQgK5fXM6cLdFzo="}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":636,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554955,"flow_src_last_pkt_time":1605292116554955,"flow_dst_last_pkt_time":1605292116554955,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554955,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554955,"flow_dst_last_pkt_time":1605292116554955,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554955,"pkt":"qtsDr8lk5EKm5WPyht1gCjT0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACADrIQBu3CsbiISBiplgBAJFEMHAAABAQgKZRk18sLdF+A="}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":637,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554965,"flow_src_last_pkt_time":1605292116554965,"flow_dst_last_pkt_time":1605292116554965,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554965,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554965,"flow_dst_last_pkt_time":1605292116554965,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554965,"pkt":"qtsDr8lk5EKm5WPyht1gB1DkACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAO5PoBu5jg6U77lZSLgBAB9bFqAAABAQgKob1mQcLdFBA="}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":638,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554976,"flow_src_last_pkt_time":1605292116554976,"flow_dst_last_pkt_time":1605292116554976,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554976,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58616,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554976,"flow_dst_last_pkt_time":1605292116554976,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554976,"pkt":"qtsDr8lk5EKm5WPyht1gCkAwACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAO5PgBu6pVAe\/PmdazgBAB9nEsAAABAQgKob1mQcLdFA4="}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":639,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292116554985,"flow_src_last_pkt_time":1605292116554985,"flow_dst_last_pkt_time":1605292116554985,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292116554985,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1605292116554985,"flow_dst_last_pkt_time":1605292116554985,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116554985,"pkt":"qtsDr8lk5EKm5WPyht1gCnAxACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAO5PYBu2KmMmkBhhCygBAB9hx4AAABAQgKob1mQcLdFA8="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554831,"flow_dst_last_pkt_time":1605292116783801,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783801,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHENPnmMC3biY8gBANvdD5AAABAQgKwt3K6VRlt1w="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554865,"flow_dst_last_pkt_time":1605292116783930,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783930,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgVAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvBWD0wAeZaM44SgBAN0gneAAABAQgKwt3K8eX1FWk="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554888,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783931,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbuyivK2F+GRCjWfgBAMggWaAAABAQgKwt3K8ViSDUk="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":643,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554874,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783931,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAA35IcYqAcsBIEmLB5kd7IUo3\/YpAbuqUp8VmAL\/uLoKgBALilfCAAABAQgKwt3K8Ev+J\/w="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554881,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783931,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgVAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbuMNGE5TmUER3k8gBALhgqfAAABAQgKwt3K8YvcoGw="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554906,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783931,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBOAuKJ+lo8zNmgBALjxSdAAABAQgKwt3K8thacjc="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554955,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783931,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbushBIGKmVwrG4jgBANXT4sAAABAQgKwt3K8WUYg3I="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554946,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783931,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgVAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvBipT7vGL368ShgBALhSEJAAABAQgKwt3K8eX1Gck="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554985,"flow_dst_last_pkt_time":1605292116783932,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783932,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvk9gGGELJipjJqgBALQBJ2AAABAQgKwt3K8aG8sBY="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554976,"flow_dst_last_pkt_time":1605292116783951,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783951,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvk+M+Z1rOqVQHwgBALQGcqAAABAQgKwt3K8aG8sBU="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554924,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783952,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBNmN7X0wHcAwfgBALjg4+AAABAQgKwt3K8thacg8="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554965,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783952,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvk+vuVlIuY4OlPgBALOKdvAAABAQgKwt3K8qG8sBY="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1605292116554935,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292116783952,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvhvNVWQYa3RpcegBALd4k3AAABAQgKwt3K8rgmZ+0="}
+00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":677,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292118602881,"flow_src_last_pkt_time":1605292118602881,"flow_dst_last_pkt_time":1605292118602881,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292118602881,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1605292118602881,"flow_dst_last_pkt_time":1605292118602881,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292118602881,"pkt":"qtsDr8lk5EKm5WPyht1gAi73ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtWCxtoBu1KGqo810Lv\/gBAB9aO7AAABAQgKDow6U8LdGxc="}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":678,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292118714869,"flow_src_last_pkt_time":1605292118714869,"flow_dst_last_pkt_time":1605292118714869,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292118714869,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":48988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1605292118714869,"flow_dst_last_pkt_time":1605292118714869,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292118714869,"pkt":"qtsDr8lk5EKm5WPyht1gADFFACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAEv1wBu54AWFX+ZWnrgBAB9ax4AAABAQgKIY6128LdIt0="}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1605292118602881,"flow_dst_last_pkt_time":1605292118777753,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292118777753,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAANg61YIqAcsBIEmLB5kd7IUo3\/YpAbvG2jXQu\/9ShqqQgBAMVq52AAABAQgKwt3S6w6JbWQ="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1605292118714869,"flow_dst_last_pkt_time":1605292118786493,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292118786493,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgRAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbu\/XP5laeueAFhWgBALgb+AAAABAQgKwt3S8iGL6TM="}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292119370851,"flow_src_last_pkt_time":1605292119370851,"flow_dst_last_pkt_time":1605292119370851,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292119370851,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1605292119370851,"flow_dst_last_pkt_time":1605292119370851,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292119370851,"pkt":"qtsDr8lk5EKm5WPyht1gB9dmACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAO4aoBuwkMYXdt3wkTgBAGDPrTAAABAQgKuCcls8LdJNk="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1605292119370851,"flow_dst_last_pkt_time":1605292119458269,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292119458269,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvhqm3fCRMJDGF4gBAMQfSOAAABAQgKwt3Va7gmdTA="}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":683,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292120654870,"flow_src_last_pkt_time":1605292120654870,"flow_dst_last_pkt_time":1605292120654870,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292120654870,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::200e","src_port":58004,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1605292120654870,"flow_dst_last_pkt_time":1605292120654870,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292120654870,"pkt":"qtsDr8lk5EKm5WPyht1gBWy\/ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAO4pQBuzf4sNBRRFrJgBAB9RDeAAABAQgKzK1LLsLdJJ0="}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":684,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292120654889,"flow_src_last_pkt_time":1605292120654889,"flow_dst_last_pkt_time":1605292120654889,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292120654889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1605292120654889,"flow_dst_last_pkt_time":1605292120654889,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292120654889,"pkt":"qtsDr8lk5EKm5WPyht1gD6CDACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1uYBu2Ue7VYDxGJbgBAB9U4jAAABAQgKcJlSucLdI9M="}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":685,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292120654893,"flow_src_last_pkt_time":1605292120654893,"flow_dst_last_pkt_time":1605292120654893,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292120654893,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1605292120654893,"flow_dst_last_pkt_time":1605292120654893,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292120654893,"pkt":"qtsDr8lk5EKm5WPyht1gCJJIACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAEv2oBu3NXQRgXN+V5gBAZpzN2AAABAQgKIY69b8LdKhI="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1605292120654870,"flow_dst_last_pkt_time":1605292120839721,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292120839721,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvilFFEWsk3+LDRgBALmwajAAABAQgKwt3a98yslWg="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1605292120654889,"flow_dst_last_pkt_time":1605292120853149,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292120853149,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvW5gPEYltlHu1XgBALmkPeAAABAQgKwt3bBnCYnCU="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1605292120654893,"flow_dst_last_pkt_time":1605292120853914,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292120853914,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgRAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbu\/ahc35XlzV0EZgBAPBj1lAAABAQgKwt3bBiGODSw="}
+00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":689,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292121486006,"flow_src_last_pkt_time":1605292121486006,"flow_dst_last_pkt_time":1605292121486006,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292121486006,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":689,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1605292121486006,"flow_dst_last_pkt_time":1605292121486006,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292121486006,"pkt":"qtsDr8lk5EKm5WPyht1gCYf1ACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoWqUABuwNc+osAAAAAoAL9IJMMAAACBAWgBAIICpi1TMUAAAAAAQMDBw=="}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":690,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1605292121486006,"flow_dst_last_pkt_time":1605292121507427,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292121507427,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAEpymhYqAcsBIEmLB5kd7IUo3\/YpAbupQGb5NYUDXPqMoBJXgPvWAAACBAV4AQMDAwQCCArC3d2UmLVMxQ=="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_src_last_pkt_time":1605292121507474,"flow_dst_last_pkt_time":1605292121507427,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292121507474,"pkt":"qtsDr8lk5EKm5WPyht1gCYf1ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoWqUABuwNc+oxm+TWGgBAB+3\/SAAABAQgKmLVM28Ld3ZQ="}
+01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_src_last_pkt_time":1605292121507997,"flow_dst_last_pkt_time":1605292121507427,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605292121507997,"pkt":"qtsDr8lk5EKm5WPyht1gCYf1AiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoWqUABuwNc+oxm+TWGgBgB+yW6AAABAQgKmLVM28Ld3ZQWAwECAAEAAfwDA9nSk2KeVcFHOIgIqlGvi0eycTTMQTOty0xI9t2BdS31IHNR5s\/xYMO8\/2mipv181fxQHxiQGiouoi3LhBjKSL1oACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAGQAXAAAUY2F0YXN0ZXJzLnR1bWJsci5jb20AFwAA\/wEAAQAACgAKAAhaWgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKVpaAAEAAB0AIObRVS3K9ld1BBlaeDdBVyGReJdkTjt6xYTnNvdI\/itGAC0AAgEBACsACwoqKgMEAwMDAgMBABsAAwIAAnp6AAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":692,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292121486006,"flow_src_last_pkt_time":1605292121507997,"flow_dst_last_pkt_time":1605292121507427,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292121507997,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"catasters.tumblr.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1605292121507997,"flow_dst_last_pkt_time":1605292121536972,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292121536972,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAEpymhYqAcsBIEmLB5kd7IUo3\/YpAbupQGb5NYYDXPyRgBALMHR7AAABAQgKwt3dsZi1TNs="}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":694,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292121674877,"flow_src_last_pkt_time":1605292121674877,"flow_dst_last_pkt_time":1605292121674877,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292121674877,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":694,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1605292121674877,"flow_dst_last_pkt_time":1605292121674877,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292121674877,"pkt":"qtsDr8lk5EKm5WPyht1gDKQRACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFwAAAAAAACAK2QgBu\/13v36ZlfzugBAB9Zh5AAABAQgKG7m2dMLdLYw="}
+01300{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":695,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292121486006,"flow_src_last_pkt_time":1605292121507997,"flow_dst_last_pkt_time":1605292121697370,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1400,"midstream":0,"thread_ts_usec":1605292121697370,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"catasters.tumblr.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"738f0c3c6e00286f3afac626676d352d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01569{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":701,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1605292121486006,"flow_src_last_pkt_time":1605292121697627,"flow_dst_last_pkt_time":1605292121698447,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5097,"midstream":0,"thread_ts_usec":1605292121698447,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"catasters.tumblr.com","tls": {"version":"TLSv1.2","server_names":"*.tumblr.com,tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"738f0c3c6e00286f3afac626676d352d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA","subjectDN":"CN=*.tumblr.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"14:78:BA:5B:B5:54:5D:A1:2C:D2:79:4C:42:99:BB:3A:A9:DB:86:C2"}}}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1605292121674877,"flow_dst_last_pkt_time":1605292121698552,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292121698552,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgXAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbvZCJmV\/O79d79\/gBALlo7gAAABAQgKwt3eUxu5BaQ="}
+01984{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":722,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292121486006,"flow_src_last_pkt_time":1605292121915646,"flow_dst_last_pkt_time":1605292121915718,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":1174,"flow_dst_tot_l4_payload_len":11033,"midstream":0,"thread_ts_usec":1605292121915718,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":27721.0,"max":189403,"stddev":49540.4,"var":2454247936.0,"ent":3.2,"data": [21421,21468,523,29545,160398,189403,235,0,213,14,842,826,3808,144,202,28681,1,1011,77988,2,103570,74,656,29813,79144,108203,110,95,435,441,86]},"pktlen": {"min":72,"avg":454.0,"max":1472,"stddev":568.3,"var":322990.4,"ent":4.0,"data": [80,80,72,589,72,1472,72,1472,1368,72,72,1073,72,157,163,523,72,72,72,338,142,72,72,102,72,1472,72,1472,72,1472,72,1472]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,6,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,1,0,1,0,1],"entropies": [4.847575665,5.264388561,5.273682594,4.570615292,5.139187336,7.183391094,5.218127251,7.306411743,7.637944698,5.179864883,5.245904922,7.569734573,5.218127251,6.162980080,6.493566990,7.590200424,5.139187336,5.139187336,5.083631992,7.038479328,6.319642544,5.162571907,5.162571907,5.715408325,5.083631992,7.863587856,5.218127251,7.862967491,5.245904922,7.863145828,5.190349579,7.850796700]}}
+01573{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":722,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292121486006,"flow_src_last_pkt_time":1605292121915646,"flow_dst_last_pkt_time":1605292121915718,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":1174,"flow_dst_tot_l4_payload_len":11033,"midstream":0,"thread_ts_usec":1605292121915718,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"catasters.tumblr.com","tls": {"version":"TLSv1.2","server_names":"*.tumblr.com,tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"738f0c3c6e00286f3afac626676d352d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA","subjectDN":"CN=*.tumblr.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"14:78:BA:5B:B5:54:5D:A1:2C:D2:79:4C:42:99:BB:3A:A9:DB:86:C2"}}}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":758,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292122064463,"flow_src_last_pkt_time":1605292122064463,"flow_dst_last_pkt_time":1605292122064463,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292122064463,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":758,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1605292122064463,"flow_dst_last_pkt_time":1605292122064463,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292122064463,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0AeaGkAAAAAoAL9IOE8AAACBAWgBAIICthbOh0AAAAAAQMDBw=="}
+00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1605292122076240,"flow_dst_last_pkt_time":1605292102602965,"flow_idle_time":3285032704,"pkt_caplen":172,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":172,"pkt_l4_len":118,"thread_ts_usec":1605292122076240,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTAHYGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2Qd9sejoTgBgk6QsuAAABAQgKJEeQFMLc4vQXAwMAUQAAAAAAAAAPN+72C7wfHoQtmaJB3aOHKjPk6JlEWLNjF5TOq7HiJ1O2KSnCxtEIEQAeO4GmbeSTOkkpawAah7BKsajx09L6L57ZkTTcEWLCJA=="}
+00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":759,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1605292102602965,"flow_src_last_pkt_time":1605292122076240,"flow_dst_last_pkt_time":1605292102602965,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122076240,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1605292122076586,"flow_dst_last_pkt_time":1605292102602965,"flow_idle_time":3285032704,"pkt_caplen":132,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":132,"pkt_l4_len":78,"thread_ts_usec":1605292122076586,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTAE4GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2QjVsejoTgBgk6YPXAAABAQgKJEeQFMLc4vQXAwMAKQAAAAAAAAAQ4G\/3mQ3kGgQra1eBqPYCTvM1QPmaUoG2gBnwdZPdmFLU"}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1605292122064463,"flow_dst_last_pkt_time":1605292122094721,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292122094721,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBjCTTL5FAHmhqoBJXgI\/cAAACBAV4AQMDAwQCCArC3d\/Z2Fs6HQ=="}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1605292122094761,"flow_dst_last_pkt_time":1605292122094721,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122094761,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0AeaGok0y+SgBAB+xPQAAABAQgK2Fs6O8Ld39k="}
+01226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":767,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1605292122094987,"flow_dst_last_pkt_time":1605292122094721,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605292122094987,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0AeaGok0y+SgBgB+5pFAAABAQgK2Fs6O8Ld39kWAwECAAEAAfwDA4SEFpd+Ui2RJOstUdyWPiOQJLso1+e8murU+rSUvScLIOxlBCWQSXeBEkOuoY9ArjNfnRtplIaJsV3gAzrnHWtBACBKShMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAFAASAAAPYXBpcy5nb29nbGUuY29tABcAAP8BAAEAAAoACgAIysoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACnKygABAAAdACBB0ZlvhvxIZjessBrEqcEd8cKmBCymsB2\/FWOJUIU9TwAtAAIBAQArAAsK2toDBAMDAwIDAQAbAAMCAAKKigABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":767,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292122064463,"flow_src_last_pkt_time":1605292122094987,"flow_dst_last_pkt_time":1605292122094721,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292122094987,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apis.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":768,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292122095843,"flow_src_last_pkt_time":1605292122095843,"flow_dst_last_pkt_time":1605292122095843,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292122095843,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1605292122095843,"flow_dst_last_pkt_time":1605292122095843,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292122095843,"pkt":"qtsDr8lk5EKm5WPyht1gD2uVACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAKltABu4i5CzgAAAAAoAL9IPiAAAACBAWgBAIIChLBJ8gAAAAAAQMDBw=="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":769,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1605292122076586,"flow_dst_last_pkt_time":1605292122116538,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122116538,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleJ0qAcsBIEmLB5kd7IUo3\/YpAbu8cGx6OhMItkI1gBAMRA6zAAABAQgKwt3f5SRHkBQ="}
+01955{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":770,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1605292122076586,"flow_dst_last_pkt_time":1605292122116538,"flow_idle_time":3285032704,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"thread_ts_usec":1605292122116538,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleJ0qAcsBIEmLB5kd7IUo3\/YpAbu8cGx6OhMItkI1gBgMRHzEAAABAQgKwt3f5iRHkBQXAwNAGJc9h3GYNRFQlTKtM7rxIBlCWvu2+kAtsSKUpPeQGC2f9G6Xq+yeDPU221fnjVpofZnbGWH209M5VFwfCbYBd\/Ug672I7YdgqPjdHdeHhsk5JO7a6ZKrKfKPrNR6YV7haA9UHN\/J20tM3dd1ztVqjpfbv0\/ZJmmisIhD21RHxC+bpnR9aUwAHNslPkgS258ZBH2f6TbIDYUZtSMnZWw3Yk\/ci8p72sljAny1A0bK6nTpcgQdrpz72F8pAQANc8+dtvsHTLhIpCvOc6Ne6kWtUKT7C\/mvdjTu5edIany0ejKotIFClcl4RxqARVu2X1rfTugLw5NDSe0wQ2nHTzTqPvaW7AfYVBRuhLTkXbNrJI65nxsqhUnfa60m3bgzF7vJcVGCZnpJafd9EdKxWUn3zIF9HNZPAaoWOVFHMyX9a+GRL3JsX2Y5BoTsGub9kof4cZv9bszWuQGQ32PqzX8tj0vwQgSS+\/6S++A\/fvGhO3z2O4J5JcExiBHL9NO41Ci77nPGUPc8rzROsKBv+iwjPxII7ZTo+HPy8VtcXYK9fMChuPeM2GJGvjtvuTXBXbAajdN99K6za2E83mXsUFa4zXbW8l6vvPf\/QtzoTU4L9xdK63gJGDxlquf0XuSzocIpEQi1F1Wer1yQa02YyM9dE5pCuSsEvLN9e3nWr+e5ts1swpdDA9qB0i7vopuVw7pVJRa\/5jtj10ogWPHGj2tvaRujTQeDciYar+lH9\/+jsk7PRHX+uIUqDDNJr9L4h4Y5HFaECy28OARK+N8iZPMvLjs+b2v9+1SVFwvOZk2keVzr60iLx9SAxK+qK3iQWWRvVmrjER7XMeaQBw9ZDHNiSeMtNeFfmRKRTQN09GNCR0gb6nnbLaowG55byyc9Ixf0CX1E+gt7yBldEZUUKfDlxtw+uLgeGUXqthxjdDzHmt05igu5OjLX1G4r5IZOVC4zPzyhWkdvVj3Xlv+5VdG78q9fG74Kr4jrWd0HmfWAicEqqlrJ0tzM615CXJdHLq2i\/icncRzXkfKIHoIE7akepvW2uFW47l3zunDfCPS2CPdfu4SgfwscjhTdvMd0yEZgiOOpbXgOiFet4ZTlfmbFFc1UeXXFtn8JSmdDTZps738TSMj+kk9x8MshGWKOVu0ue6LonWUyQNu1K9\/sN\/LUbwtwiJhRTd4lbHV3YBTVFelyuUAiHAYYrO1BQq\/1qgPHYrAC9\/XR1LO2ONRYU\/Y5+xV2iMD3hHSQ30e3g5G4lPgWiJR\/5BxivIHZmOM3jV1\/ejjWfzi6Q+rJSgLP1NhRuCOEWEb8Rva9JGpl5hBrk9oX7wzBiu7yI4Hc4KR6E6bjwM0G+KtwCI+dvZO488RHnGsWkcv5evakZJvQrVRCJM0\/gTwn"}
+01961{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":797,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605292102602965,"flow_src_last_pkt_time":1605292122118409,"flow_dst_last_pkt_time":1605292122118430,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":16768,"midstream":1,"thread_ts_usec":1605292122118430,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":1259061.5,"max":19513573,"stddev":4788586.0,"var":22930555666432.0,"ent":1.0,"data": [19473275,346,19513573,0,40000,58,0,14,3,47,46,590,601,1080,1,1,0,1,0,0,1081,15,50,4,2,3,4,112,1,0,1]},"pktlen": {"min":72,"avg":600.1,"max":1120,"stddev":520.1,"var":270533.2,"ent":4.4,"data": [72,158,118,72,1120,72,1120,1120,72,72,1120,72,1120,72,1120,1120,1120,1120,1120,1120,1120,72,72,72,72,72,72,72,1120,1120,1120,1120]},"bins": {"c_to_s": [13,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,0,1,1,0,0,1,0,1,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1],"entropies": [5.300073624,6.172540188,5.808043480,5.111409664,7.793330193,5.244518280,7.816789150,7.806469440,5.188962936,5.244518280,7.817547321,5.216740131,7.782293320,5.272295952,7.814203739,7.825418949,7.833592415,7.796096325,7.794456482,7.800365925,7.831590176,5.300073624,5.244518280,5.272295952,5.300073624,5.216740608,5.244518280,5.272295475,7.782464504,7.824431896,7.817936897,7.808838844]}}
+00942{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":797,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605292102602965,"flow_src_last_pkt_time":1605292122118409,"flow_dst_last_pkt_time":1605292122118430,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":16768,"midstream":1,"thread_ts_usec":1605292122118430,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":857,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1605292122095843,"flow_dst_last_pkt_time":1605292122163288,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292122163288,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuW0O3zbp+IuQs5oBJXgJ7NAAACBAV4AQMDAwQCCArC3d\/9EsEnyA=="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":858,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_src_last_pkt_time":1605292122163315,"flow_dst_last_pkt_time":1605292122163288,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122163315,"pkt":"qtsDr8lk5EKm5WPyht1gD2uVACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAKltABu4i5Cznt826ggBAB+yKbAAABAQgKEsEoDMLd3\/0="}
+01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":909,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_src_last_pkt_time":1605292122163584,"flow_dst_last_pkt_time":1605292122163288,"flow_idle_time":3285032704,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605292122163584,"pkt":"qtsDr8lk5EKm5WPyht1gD2uVAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAKltABu4i5Cznt826ggBgB+67mAAABAQgKEsEoDMLd3\/0WAwECAAEAAfwDA7bS9qVsy5B4YR21YJQRtEh5Py7oz+4S+4EMfJZtbGRGIFTZBy5p0gziG2ybvndeac3\/kMpuKpBLUHIf7VQxlGl9ACDq6hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAGAAWAAATYWpheC5nb29nbGVhcGlzLmNvbQAXAAD\/AQABAAAKAAoACPr6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwAp+voAAQAAHQAg8WEmWZ9OWDe9\/XkTSDe85PaENProAIW9qnEE9QmUWSAALQACAQEAKwALCurqAwQDAwMCAwEAGwADAgACWloAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":909,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292122095843,"flow_src_last_pkt_time":1605292122163584,"flow_dst_last_pkt_time":1605292122163288,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292122163584,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ajax.googleapis.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":913,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1605292122094987,"flow_dst_last_pkt_time":1605292122165400,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122165400,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBjCTTL5JAHmpvgBALMAhqAAABAQgKwt3gBdhbOjs="}
+01255{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":917,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292122064463,"flow_src_last_pkt_time":1605292122094987,"flow_dst_last_pkt_time":1605292122177975,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605292122177975,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apis.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1605292122163584,"flow_dst_last_pkt_time":1605292122207366,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122207366,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuW0O3zbqCIuQ0+gBALMBcPAAABAQgKwt3gTxLBKAw="}
+01268{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1035,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292122095843,"flow_src_last_pkt_time":1605292122163584,"flow_dst_last_pkt_time":1605292122212637,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605292122212637,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ajax.googleapis.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+02168{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1069,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605292122095843,"flow_src_last_pkt_time":1605292122274057,"flow_dst_last_pkt_time":1605292122274042,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":982,"flow_dst_tot_l4_payload_len":8808,"midstream":0,"thread_ts_usec":1605292122274057,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":11497.2,"max":67472,"stddev":19899.9,"var":396007328.0,"ent":3.2,"data": [67445,67472,269,44078,5271,1,49097,3,94,53,18571,10150,718,42370,0,12940,229,14297,2020,1,16083,2556,1,2570,25,64,1,0,22,4,8]},"pktlen": {"min":72,"avg":378.4,"max":1280,"stddev":464.3,"var":215557.6,"ent":4.1,"data": [80,80,72,589,72,1280,1280,72,72,572,72,136,164,350,72,652,72,103,72,103,72,72,521,1280,72,72,1280,1280,1280,72,72,72]},"bins": {"c_to_s": [13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,0,0,1,1,1,0,1,1,0,0,1,1,1,0,0,0],"entropies": [4.880388737,5.286173344,5.204868793,4.536604404,5.107836723,7.787920475,7.830109596,5.260424137,5.232646465,7.542898178,5.232646465,6.192057133,6.535644054,7.298229218,5.014019012,7.680838585,5.232646465,5.914041996,5.041796684,5.815946102,5.052281380,5.166606426,7.546278477,7.846930027,5.117859364,5.138828754,7.830280781,7.832926273,7.840851784,5.194384098,5.099461079,5.156121731]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+02168{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1093,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292122064463,"flow_src_last_pkt_time":1605292122281616,"flow_dst_last_pkt_time":1605292122282509,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":962,"flow_dst_tot_l4_payload_len":9011,"midstream":0,"thread_ts_usec":1605292122282509,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":14038.7,"max":83018,"stddev":20606.9,"var":424642560.0,"ent":3.6,"data": [30258,30298,226,70679,12575,2,1,83018,62,4,882,32413,0,31475,5911,16277,137,34580,1914,14156,7168,10659,16853,1,0,1,34679,24,2,2,942]},"pktlen": {"min":72,"avg":384.2,"max":1280,"stddev":474.8,"var":225406.5,"ent":4.1,"data": [80,80,72,589,72,1280,1280,311,72,72,72,136,72,652,72,164,103,330,72,103,72,72,72,985,1280,1280,1280,72,72,72,72,1280]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,0,0,0,1,1,0,1,1,1,1,1,1,0,0,0,0,1],"entropies": [4.836515903,5.311173439,5.222161770,4.516429901,5.097352028,7.813626766,7.833569527,7.238987446,5.249939442,5.211677551,5.222161770,6.183825970,5.163392067,7.648269653,5.182794571,6.507936478,5.802297115,7.243775845,5.097352028,5.700409889,5.249939919,5.097352028,5.163392067,7.756225586,7.832665920,7.840676308,7.826161861,5.222161770,5.222161770,5.166606426,5.183899403,7.820078373]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1199,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1605292122439986,"flow_dst_last_pkt_time":1605292121698552,"flow_idle_time":3285032704,"pkt_caplen":203,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":203,"pkt_l4_len":149,"thread_ts_usec":1605292122439986,"pkt":"qtsDr8lk5EKm5WPyht1gDKQRAJUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFwAAAAAAACAK2QgBu\/13v3+ZlfzugBgB9aL3AAABAQgKG7m5ccLd3lMXAwMAcFVxaXihuhejZCNpZ5nuv6bEN9Yj5XMBxAt2QHwyRgmT6ybDwC5C73DyglYgxmIhMzt282zpUtE5GphT7ONBXskP6qssi1eNQHysgmBFeTvR+6kSeL0yhYhtFPIEYfWd8KPo3wOHIQIgFNXMNqMrZ9Q="}
+00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1199,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1605292121674877,"flow_src_last_pkt_time":1605292122439986,"flow_dst_last_pkt_time":1605292121698552,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":117,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":117,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122439986,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1200,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1605292122440221,"flow_dst_last_pkt_time":1605292121698552,"flow_idle_time":3285032704,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_usec":1605292122440221,"pkt":"qtsDr8lk5EKm5WPyht1gDKQRAEcGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFwAAAAAAACAK2QgBu\/13v\/SZlfzugBgB9Z8fAAABAQgKG7m5csLd3lMXAwMAInk1I4nIPSajLKiA35EuKIlPm\/oqqHEG+SP9VTSkSQmA2P0="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1605292122440221,"flow_dst_last_pkt_time":1605292122468567,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122468567,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgXAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbvZCJmV\/O79d7\/0gBALpNeNAAABAQgKwt3hVRu5uXE="}
+00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1229,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1605292122501104,"flow_dst_last_pkt_time":1605292104716333,"flow_idle_time":3285032704,"pkt_caplen":149,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":149,"pkt_l4_len":95,"thread_ts_usec":1605292122501104,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMAF8GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MQoadXXNVgBgB9QaPAAABAQgKTYUvYcLdm\/0XAwMAOgAAAAAAAAAIvZM7k4G8cjK7Q9\/YrVI4eMbPvi74lWEwjtUtgcQJsZEKgX5x1KPe5+ARIWOSp6YRK8o="}
+00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1229,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1605292104650967,"flow_src_last_pkt_time":1605292122501104,"flow_dst_last_pkt_time":1605292104716333,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122501104,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1230,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1605292122501492,"flow_dst_last_pkt_time":1605292104716333,"flow_idle_time":3285032704,"pkt_caplen":132,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":132,"pkt_l4_len":78,"thread_ts_usec":1605292122501492,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMAE4GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MQsWdXXNVgBgB9YnNAAABAQgKTYUvYsLdm\/0XAwMAKQAAAAAAAAAJhfarTPFG\/0Gx5mBHg+oWjrQOzezO5YGM3qlkDtuEBJnw"}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1234,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1605292122501492,"flow_dst_last_pkt_time":1605292122537161,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122537161,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1dc1X\/jELFgBAMUD3EAAABAQgKwt3hmU2FL2E="}
+00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1251,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292122674024,"flow_src_last_pkt_time":1605292122674024,"flow_dst_last_pkt_time":1605292122674024,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292122674024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1605292122674024,"flow_dst_last_pkt_time":1605292122674024,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292122674024,"pkt":"qtsDr8lk5EKm5WPyht1gD3A1ACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPwBuzwV9u8AAAAAoAL9IJXTAAACBAWgBAIIChNnJ60AAAAAAQMDBw=="}
+00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1254,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1605292122674024,"flow_dst_last_pkt_time":1605292122697976,"flow_idle_time":3285032704,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292122697976,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY\/FghbGM8FfbwoBJXgNHxAAACBAV4AQMDAwQCCArC3eI6E2cnrQ=="}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1255,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1605292122698027,"flow_dst_last_pkt_time":1605292122697976,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122698027,"pkt":"qtsDr8lk5EKm5WPyht1gD3A1ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPwBuzwV9vBYIWxkgBAB+1XrAAABAQgKE2cnxcLd4jo="}
+01374{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1256,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1605292122698360,"flow_dst_last_pkt_time":1605292122697976,"flow_idle_time":3285032704,"pkt_caplen":706,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":706,"pkt_l4_len":652,"thread_ts_usec":1605292122698360,"pkt":"qtsDr8lk5EKm5WPyht1gD3A1AowGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPwBuzwV9vBYIWxkgBgB+5tKAAABAQgKE2cnxsLd4joWAwECZwEAAmMDAxcqM3SukIiua6aXUWl305akyrAbsQ8fC5QrHYGn8yAqIOfUpAFM2ex8Yzi\/Sen\/tnD95LkMo2l4V+QtyZhS\/smCACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAfqKigAAAAAAHQAbAAAYc2Iuc2NvcmVjYXJkcmVzZWFyY2guY29tABcAAP8BAAEAAAoACgAICgoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkKCgABAAAdACDK7MvCss9kPuP\/sGQIpNIgaBZPSr9Qiypf8B3tmZxOcgAtAAIBAQArAAsKiooDBAMDAwIDAQAbAAMCAAKamgABAAApASsA9gDwAAAiIJslU1lFpjTpi3lmNcM02Z66mKz\/ebRIkuOX18rpowH2yWfRzdOZHXike\/2DtKx+3unPfKAy7bV8y4oY0zmw0E1pgUb7btO6Vjk+uxl7qJDciqRgqzQMVKk21FI05k9Tj8+QijWSqapfQXpJZo9ZGd54w+gB1V2q8Nw7dtF2+eFiyJH2mXerNpN0ZE6fUqgXQsD4DbRpYQjZTIcPcs\/we2ogtL0JfR+e875ICH323jad+VODdi9WWJ93O+ld3DiE0YkFyo7kp5dxhnBMUode0ut+uFiEfQ9mADB5yJ2cgEQe3BR1tRHNJhSdnJ6lY4sULQAxMNVjiEV0UOkpjkSg09LdgE2p3Pne63LSoF7PSJBmSVGBkf3yxkp3tDTf\/lSBUFM44A=="}
+01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1256,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292122674024,"flow_src_last_pkt_time":1605292122698360,"flow_dst_last_pkt_time":1605292122697976,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":620,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":620,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292122698360,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":101,"category":"Advertisement","hostname":"sb.scorecardresearch.com","tls": {"version":"TLSv1.2","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1257,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292122698834,"flow_src_last_pkt_time":1605292122698834,"flow_dst_last_pkt_time":1605292122698834,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122698834,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1257,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1605292122698834,"flow_dst_last_pkt_time":1605292122698834,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122698834,"pkt":"qtsDr8lk5EKm5WPyht1gCuvGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoVprIBu3ASIMYXhL6qgBAB9S93AAABAQgKNSTnjcLdLMU="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1268,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1605292122698360,"flow_dst_last_pkt_time":1605292122740353,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122740353,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY\/FghbGQ8FflcgBALPUoSAAABAQgKwt3iZBNnJ8Y="}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1269,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1605292122698834,"flow_dst_last_pkt_time":1605292122741055,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122741055,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAEpymhUqAcsBIEmLB5kd7IUo3\/YpAbumsheEvqpwEiDHgBALdyXtAAABAQgKwt3iZjUkMfM="}
+01251{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1270,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292122674024,"flow_src_last_pkt_time":1605292122698360,"flow_dst_last_pkt_time":1605292122755298,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":620,"flow_dst_max_l4_payload_len":270,"flow_src_tot_l4_payload_len":620,"flow_dst_tot_l4_payload_len":270,"midstream":0,"thread_ts_usec":1605292122755298,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":101,"category":"Advertisement","hostname":"sb.scorecardresearch.com","tls": {"version":"TLSv1.3","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+02213{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1285,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605292105418417,"flow_src_last_pkt_time":1605292122813676,"flow_dst_last_pkt_time":1605292122725006,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":764,"flow_dst_max_l4_payload_len":1279,"flow_src_tot_l4_payload_len":4217,"flow_dst_tot_l4_payload_len":4676,"midstream":0,"thread_ts_usec":1605292122813676,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":98,"avg":1119414.5,"max":16588707,"stddev":4059258.8,"var":16477581213696.0,"ent":1.4,"data": [29466,29487,204,37942,9029,46759,696,98,30996,1834,7035,39073,52635,52694,371915,406395,20731,55185,2451,32929,9268,39721,16556740,16588707,11402,43353,16903,58413,9807,93158,46822]},"pktlen": {"min":72,"avg":350.4,"max":1351,"stddev":367.9,"var":135349.6,"ent":4.3,"data": [80,80,72,692,72,342,72,152,489,72,72,359,72,1259,72,824,72,855,72,836,72,342,72,500,72,1351,72,644,72,672,72,656]},"bins": {"c_to_s": [9,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,1,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,1,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0],"entropies": [4.797575951,5.229953289,5.190349579,7.030211926,4.972520828,6.811050892,5.091930866,6.334684849,7.516590118,5.055853844,5.055853844,7.313119888,5.190349579,7.806543827,5.218127251,7.745193005,5.000298500,7.694315910,5.134794235,7.706961155,5.028076172,7.266840458,5.190349579,7.564545631,4.972520828,7.854704857,5.162571907,7.655811310,5.000298500,7.622268677,5.134794235,7.624323368]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":101,"category":"Advertisement"}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1293,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292122874816,"flow_src_last_pkt_time":1605292122874816,"flow_dst_last_pkt_time":1605292122874816,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122874816,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1293,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1605292122874816,"flow_dst_last_pkt_time":1605292122874816,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122874816,"pkt":"qtsDr8lk5EKm5WPyht1gDJQ7ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnP4Bu4CgSN\/gvLosgBAB9qrlAAABAQgK1OQQnsLdMvM="}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1605292122874816,"flow_dst_last_pkt_time":1605292122899206,"flow_idle_time":3285032704,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122899206,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuc\/uC8uiyAoEjggBALQrp6AAABAQgKwt3jAtThR68="}
+00939{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292118714869,"flow_src_last_pkt_time":1605292118714869,"flow_dst_last_pkt_time":1605292118786493,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":48988,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292118714869,"flow_src_last_pkt_time":1605292118714869,"flow_dst_last_pkt_time":1605292118786493,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":48988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00939{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654893,"flow_src_last_pkt_time":1605292120654893,"flow_dst_last_pkt_time":1605292120853914,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654893,"flow_src_last_pkt_time":1605292120654893,"flow_dst_last_pkt_time":1605292120853914,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1605292103804319,"flow_src_last_pkt_time":1605292104013801,"flow_dst_last_pkt_time":1605292104013772,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":664,"flow_dst_max_l4_payload_len":400,"flow_src_tot_l4_payload_len":756,"flow_dst_tot_l4_payload_len":446,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:8c6e:cf2c:8d6:9fb5","src_port":41266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":38,"flow_dst_packets_processed":38,"flow_first_seen":1605292102602965,"flow_src_last_pkt_time":1605292122470330,"flow_dst_last_pkt_time":1605292122470323,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":130,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":34972,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00933{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292114506948,"flow_src_last_pkt_time":1605292114506948,"flow_dst_last_pkt_time":1605292114736576,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292114506948,"flow_src_last_pkt_time":1605292114506948,"flow_dst_last_pkt_time":1605292114736576,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00933{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292108746999,"flow_src_last_pkt_time":1605292108746999,"flow_dst_last_pkt_time":1605292108796001,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292108746999,"flow_src_last_pkt_time":1605292108746999,"flow_dst_last_pkt_time":1605292108796001,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00933{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292108747015,"flow_src_last_pkt_time":1605292108747015,"flow_dst_last_pkt_time":1605292108805587,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292108747015,"flow_src_last_pkt_time":1605292108747015,"flow_dst_last_pkt_time":1605292108805587,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00933{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292108746966,"flow_src_last_pkt_time":1605292108746966,"flow_dst_last_pkt_time":1605292108789015,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292108746966,"flow_src_last_pkt_time":1605292108746966,"flow_dst_last_pkt_time":1605292108789015,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00932{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292102219041,"flow_src_last_pkt_time":1605292102219041,"flow_dst_last_pkt_time":1605292102653473,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292102219041,"flow_src_last_pkt_time":1605292102219041,"flow_dst_last_pkt_time":1605292102653473,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00933{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292108747008,"flow_src_last_pkt_time":1605292108747008,"flow_dst_last_pkt_time":1605292108796448,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292108747008,"flow_src_last_pkt_time":1605292108747008,"flow_dst_last_pkt_time":1605292108796448,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":15,"flow_first_seen":1605292105433892,"flow_src_last_pkt_time":1605292105972592,"flow_dst_last_pkt_time":1605292106000954,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1166,"flow_dst_tot_l4_payload_len":6085,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Yahoo","proto_id":"91.70","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1605292121674877,"flow_src_last_pkt_time":1605292122484196,"flow_dst_last_pkt_time":1605292122517767,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":117,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":212,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00932{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292102603001,"flow_src_last_pkt_time":1605292102603001,"flow_dst_last_pkt_time":1605292102678719,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292102603001,"flow_src_last_pkt_time":1605292102603001,"flow_dst_last_pkt_time":1605292102678719,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00939{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554924,"flow_src_last_pkt_time":1605292116554924,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49462,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554924,"flow_src_last_pkt_time":1605292116554924,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00939{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554906,"flow_src_last_pkt_time":1605292116554906,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49464,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554906,"flow_src_last_pkt_time":1605292116554906,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49464,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00939{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554865,"flow_src_last_pkt_time":1605292116554865,"flow_dst_last_pkt_time":1605292116783930,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49496,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554865,"flow_src_last_pkt_time":1605292116554865,"flow_dst_last_pkt_time":1605292116783930,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49496,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00939{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554946,"flow_src_last_pkt_time":1605292116554946,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554946,"flow_src_last_pkt_time":1605292116554946,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":38,"flow_dst_packets_processed":69,"flow_first_seen":1605292122064463,"flow_src_last_pkt_time":1605292122413893,"flow_dst_last_pkt_time":1605292122440928,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6040,"flow_src_tot_l4_payload_len":1195,"flow_dst_tot_l4_payload_len":75024,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605292104650967,"flow_src_last_pkt_time":1605292122733019,"flow_dst_last_pkt_time":1605292122732998,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":287,"flow_src_tot_l4_payload_len":109,"flow_dst_tot_l4_payload_len":333,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00939{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292119370851,"flow_src_last_pkt_time":1605292119370851,"flow_dst_last_pkt_time":1605292119458269,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292119370851,"flow_src_last_pkt_time":1605292119370851,"flow_dst_last_pkt_time":1605292119458269,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":24,"flow_first_seen":1605292105669051,"flow_src_last_pkt_time":1605292105729122,"flow_dst_last_pkt_time":1605292105729386,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":254,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":1161,"flow_dst_tot_l4_payload_len":13925,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00939{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554935,"flow_src_last_pkt_time":1605292116554935,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554935,"flow_src_last_pkt_time":1605292116554935,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1605292108895208,"flow_src_last_pkt_time":1605292109034942,"flow_dst_last_pkt_time":1605292109043498,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":1335,"flow_dst_tot_l4_payload_len":5617,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00933{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292122698834,"flow_src_last_pkt_time":1605292122698834,"flow_dst_last_pkt_time":1605292122741055,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292122698834,"flow_src_last_pkt_time":1605292122698834,"flow_dst_last_pkt_time":1605292122741055,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00939{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554888,"flow_src_last_pkt_time":1605292116554888,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554888,"flow_src_last_pkt_time":1605292116554888,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00939{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654870,"flow_src_last_pkt_time":1605292120654870,"flow_dst_last_pkt_time":1605292120839721,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::200e","src_port":58004,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654870,"flow_src_last_pkt_time":1605292120654870,"flow_dst_last_pkt_time":1605292120839721,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::200e","src_port":58004,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00933{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292118602881,"flow_src_last_pkt_time":1605292118602881,"flow_dst_last_pkt_time":1605292118777753,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292118602881,"flow_src_last_pkt_time":1605292118602881,"flow_dst_last_pkt_time":1605292118777753,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":18,"flow_first_seen":1605292103810303,"flow_src_last_pkt_time":1605292105112205,"flow_dst_last_pkt_time":1605292105112263,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":382,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":607,"flow_dst_tot_l4_payload_len":14274,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1605292103804485,"flow_src_last_pkt_time":1605292104007252,"flow_dst_last_pkt_time":1605292104007225,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":644,"flow_dst_max_l4_payload_len":527,"flow_src_tot_l4_payload_len":722,"flow_dst_tot_l4_payload_len":566,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::8fcc:d927","src_port":57286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":29,"flow_first_seen":1605292105197307,"flow_src_last_pkt_time":1605292105351681,"flow_dst_last_pkt_time":1605292105378152,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":523,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1550,"flow_dst_tot_l4_payload_len":18160,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1605292105274861,"flow_src_last_pkt_time":1605292105347857,"flow_dst_last_pkt_time":1605292105347849,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00939{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554881,"flow_src_last_pkt_time":1605292116554881,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554881,"flow_src_last_pkt_time":1605292116554881,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00939{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554955,"flow_src_last_pkt_time":1605292116554955,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554955,"flow_src_last_pkt_time":1605292116554955,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1605292105418417,"flow_src_last_pkt_time":1605292122864867,"flow_dst_last_pkt_time":1605292122864791,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":764,"flow_dst_max_l4_payload_len":1279,"flow_src_tot_l4_payload_len":4217,"flow_dst_tot_l4_payload_len":4946,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":101,"category":"Advertisement"}}
+00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1605292122674024,"flow_src_last_pkt_time":1605292122861140,"flow_dst_last_pkt_time":1605292122861115,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":620,"flow_dst_max_l4_payload_len":600,"flow_src_tot_l4_payload_len":1856,"flow_dst_tot_l4_payload_len":1427,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00939{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554985,"flow_src_last_pkt_time":1605292116554985,"flow_dst_last_pkt_time":1605292116783932,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554985,"flow_src_last_pkt_time":1605292116554985,"flow_dst_last_pkt_time":1605292116783932,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00939{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554976,"flow_src_last_pkt_time":1605292116554976,"flow_dst_last_pkt_time":1605292116783951,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58616,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554976,"flow_src_last_pkt_time":1605292116554976,"flow_dst_last_pkt_time":1605292116783951,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58616,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00939{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554965,"flow_src_last_pkt_time":1605292116554965,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554965,"flow_src_last_pkt_time":1605292116554965,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00939{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292122874816,"flow_src_last_pkt_time":1605292122874816,"flow_dst_last_pkt_time":1605292122899206,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292122874816,"flow_src_last_pkt_time":1605292122874816,"flow_dst_last_pkt_time":1605292122899206,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":33,"flow_first_seen":1605292121486006,"flow_src_last_pkt_time":1605292122503493,"flow_dst_last_pkt_time":1605292122503481,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":1423,"flow_dst_tot_l4_payload_len":22629,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
+00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":125,"flow_dst_packets_processed":164,"flow_first_seen":1605292105170049,"flow_src_last_pkt_time":1605292122449520,"flow_dst_last_pkt_time":1605292122449418,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":251,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":1628,"flow_dst_tot_l4_payload_len":185560,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":157,"flow_dst_packets_processed":169,"flow_first_seen":1605292105171046,"flow_src_last_pkt_time":1605292122739889,"flow_dst_last_pkt_time":1605292122739878,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":807,"flow_dst_tot_l4_payload_len":184998,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00932{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554874,"flow_src_last_pkt_time":1605292116554874,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43602,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554874,"flow_src_last_pkt_time":1605292116554874,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43602,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":14,"flow_first_seen":1605292105726518,"flow_src_last_pkt_time":1605292122804785,"flow_dst_last_pkt_time":1605292122804743,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":119,"flow_src_tot_l4_payload_len":767,"flow_dst_tot_l4_payload_len":604,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":37,"flow_first_seen":1605292122095843,"flow_src_last_pkt_time":1605292122306980,"flow_dst_last_pkt_time":1605292122344801,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3141,"flow_src_tot_l4_payload_len":1021,"flow_dst_tot_l4_payload_len":38525,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00939{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654889,"flow_src_last_pkt_time":1605292120654889,"flow_dst_last_pkt_time":1605292120853149,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654889,"flow_src_last_pkt_time":1605292120654889,"flow_dst_last_pkt_time":1605292120853149,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00939{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554831,"flow_src_last_pkt_time":1605292116554831,"flow_dst_last_pkt_time":1605292116783801,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554831,"flow_src_last_pkt_time":1605292116554831,"flow_dst_last_pkt_time":1605292116783801,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1294,"source":"tumblr.pcap","alias":"nDPId-test","packets-captured":1294,"packets-processed":1294,"total-skipped-flows":0,"total-l4-payload-len":629696,"total-not-detected-flows":0,"total-guessed-flows":28,"total-detected-flows":19,"total-detection-updates":15,"total-updates":0,"current-active-flows":0,"total-active-flows":47,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":320,"global_ts_usec":1605292122899206}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
-~~ packets captured/processed: 24745/24745
+~~ packets captured/processed: 1294/1294
 ~~ skipped flows.............: 0
-~~ total layer4 data length..: 22196494 bytes
+~~ total layer4 data length..: 629696 bytes
 ~~ total detected protocols..: 19
 ~~ total active/idle flows...: 47/47
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 7739618 bytes
-~~ total memory freed........: 7739618 bytes
-~~ total allocations/frees...: 147813/147813
+~~ total memory allocated....: 7064812 bytes
+~~ total memory freed........: 7064812 bytes
+~~ total allocations/frees...: 124372/124372
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
-~~ json string max len.......: 2219 chars
-~~ json string avg len.......: 1355 chars
+~~ json string max len.......: 2218 chars
+~~ json string avg len.......: 1354 chars
diff --git a/test/results/tunnelbear.pcap.out b/test/results/tunnelbear.pcap.out
index 71516a86a..d80cc4df9 100644
--- a/test/results/tunnelbear.pcap.out
+++ b/test/results/tunnelbear.pcap.out
@@ -199,9 +199,9 @@
 ~~ total active/idle flows...: 21/21
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6581081 bytes
-~~ total memory freed........: 6581081 bytes
-~~ total allocations/frees...: 123198/123198
+~~ total memory allocated....: 6586146 bytes
+~~ total memory freed........: 6586146 bytes
+~~ total allocations/frees...: 123208/123208
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 495 chars
 ~~ json string max len.......: 2164 chars
diff --git a/test/results/tuya_lp.pcap.out b/test/results/tuya_lp.pcap.out
new file mode 100644
index 000000000..55e4b69bc
--- /dev/null
+++ b/test/results/tuya_lp.pcap.out
@@ -0,0 +1,122 @@
+00487{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tuya_lp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tuya_lp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1671220121927386}
+00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220121927386,"flow_src_last_pkt_time":1671220121927386,"flow_dst_last_pkt_time":1671220121927386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220121927386,"l3_proto":"ip4","src_ip":"192.168.242.181","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00741{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1671220121927386,"flow_dst_last_pkt_time":1671220121927386,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220121927386,"pkt":"\/\/\/\/\/\/\/\/3E8ivUChCABFAADYtTsAAP8RUnvAqPK1\/\/\/\/\/8ACGgsAxHNKAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSV1zhkjZl3eRdq2Gsnt4E\/2UVen4KqM+oJMgVFlInd6Y+HvB9m3ef+vX5p0fD+Q9k0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtjKZQQNXz+SzyWX\/vpkjRbCsiKyHA8wc5AKuAN2eCZhABN47Nf4GoVTyKXyTxy7HF3HJEEQAAqlU="}
+00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220121927386,"flow_src_last_pkt_time":1671220121927386,"flow_dst_last_pkt_time":1671220121927386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220121927386,"l3_proto":"ip4","src_ip":"192.168.242.181","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220122233112,"flow_src_last_pkt_time":1671220122233112,"flow_dst_last_pkt_time":1671220122233112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220122233112,"l3_proto":"ip4","src_ip":"192.168.242.174","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1671220122233112,"flow_dst_last_pkt_time":1671220122233112,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220122233112,"pkt":"\/\/\/\/\/\/\/\/zFDjfYg0CABFAADYnJoAAP8RayPAqPKu\/\/\/\/\/8ACGgsAxO3LAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSFfYlH1G2LN5ESu3iOsk3Ky7UyEtONdHDKfascQDozPDRq7Zt\/W\/LeDEdlP2+P7Qj0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFYYN9BwAAqlU="}
+00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220122233112,"flow_src_last_pkt_time":1671220122233112,"flow_dst_last_pkt_time":1671220122233112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220122233112,"l3_proto":"ip4","src_ip":"192.168.242.174","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220122307161,"flow_src_last_pkt_time":1671220122307161,"flow_dst_last_pkt_time":1671220122307161,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220122307161,"l3_proto":"ip4","src_ip":"192.168.242.202","dst_ip":"255.255.255.255","src_port":59727,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1671220122307161,"flow_dst_last_pkt_time":1671220122307161,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1671220122307161,"pkt":"\/\/\/\/\/\/\/\/OB+NRR61CABFAADIzFYAAP8RO1vAqPLK\/\/\/\/\/+lPGgsAtG\/gAABVqgAAAAAAAAATAAAAnAAAAACXuT\/uS2nJX+6z0zvaNSlSHMTqwNNUGA7czT6uCApv\/j\/6UO4h02KUhUvW2Kc+3RFFcPRfB2XTEl1kL5pb+8bHwtkf6mMrhVfrkYFiwfyWdE3H\/oI+MHkn+wpEsN+uLI3jFZnDFv9l1+FEnNJNLSgZCRRQ1Y+RMRau3w9r\/cpFEO7dXJU7uTd1YK6Q37xF2+LYVdtLAACqVQ=="}
+00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220122307161,"flow_src_last_pkt_time":1671220122307161,"flow_dst_last_pkt_time":1671220122307161,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220122307161,"l3_proto":"ip4","src_ip":"192.168.242.202","dst_ip":"255.255.255.255","src_port":59727,"dst_port":6667,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220122810608,"flow_src_last_pkt_time":1671220122810608,"flow_dst_last_pkt_time":1671220122810608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220122810608,"l3_proto":"ip4","src_ip":"192.168.242.177","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00741{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1671220122810608,"flow_dst_last_pkt_time":1671220122810608,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220122810608,"pkt":"\/\/\/\/\/\/\/\/LPQyZ9enCABFAADYm0IAAP8RbHjAqPKx\/\/\/\/\/8ACGgsAxA3AAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSZN\/+2hSLPnL3i67TdR2ZlXSsPu2Drr5rFuwR2z69yooeyyuMqkp1qxnc7BEUtu730k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFebDgEQAAqlU="}
+00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220122810608,"flow_src_last_pkt_time":1671220122810608,"flow_dst_last_pkt_time":1671220122810608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220122810608,"l3_proto":"ip4","src_ip":"192.168.242.177","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220122957955,"flow_src_last_pkt_time":1671220122957955,"flow_dst_last_pkt_time":1671220122957955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220122957955,"l3_proto":"ip4","src_ip":"192.168.242.170","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1671220122957955,"flow_dst_last_pkt_time":1671220122957955,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220122957955,"pkt":"\/\/\/\/\/\/\/\/zFDjfb0\/CABFAADYn9QAAP8RZ+3AqPKq\/\/\/\/\/8ACGgsAxKY2AABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlScWPfmUhMJB8\/IzAR2HkXGy7UyEtONdHDKfascQDozPBoGRRHfAHay6T39QsPG9vM0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFKltuyQAAqlU="}
+00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220122957955,"flow_src_last_pkt_time":1671220122957955,"flow_dst_last_pkt_time":1671220122957955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220122957955,"l3_proto":"ip4","src_ip":"192.168.242.170","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220123555105,"flow_src_last_pkt_time":1671220123555105,"flow_dst_last_pkt_time":1671220123555105,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220123555105,"l3_proto":"ip4","src_ip":"192.168.242.179","dst_ip":"255.255.255.255","src_port":49153,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1671220123555105,"flow_dst_last_pkt_time":1671220123555105,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1671220123555105,"pkt":"\/\/\/\/\/\/\/\/aFctaodfCABFAADIJfUAAP8R4dPAqPKz\/\/\/\/\/8ABGgsAtN67AABVqgAAAAAAAAATAAAAnAAAAACXuT\/uS2nJX+6z0zvaNSlSWqsh94TxQCPE1paVBdoPvO14rcejwUWFd0mqKWficRBfyC9NSZY96521nMivI1+9wtkf6mMrhVfrkYFiwfyWdE3H\/oI+MHkn+wpEsN+uLI2y6vCgACoD\/YfGxi3qvozZY6IGh1fbJUFZD+ebev593O7dXJU7uTd1YK6Q37xF2+Kvm+fmAACqVQ=="}
+00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220123555105,"flow_src_last_pkt_time":1671220123555105,"flow_dst_last_pkt_time":1671220123555105,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220123555105,"l3_proto":"ip4","src_ip":"192.168.242.179","dst_ip":"255.255.255.255","src_port":49153,"dst_port":6667,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220123572254,"flow_src_last_pkt_time":1671220123572254,"flow_dst_last_pkt_time":1671220123572254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220123572254,"l3_proto":"ip4","src_ip":"192.168.242.172","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1671220123572254,"flow_dst_last_pkt_time":1671220123572254,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220123572254,"pkt":"\/\/\/\/\/\/\/\/LPQyFCvqCABFAADYmPIAAP8Rbs3AqPKs\/\/\/\/\/8ACGgsAxPKHAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSasQDz6ANMC7nZ1HA08Q8hQuAfkOvcJ5WViXgTo3sWy7jTXpkXmI7TZgucF3sJ1v30k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFVkdexgAAqlU="}
+00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220123572254,"flow_src_last_pkt_time":1671220123572254,"flow_dst_last_pkt_time":1671220123572254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220123572254,"l3_proto":"ip4","src_ip":"192.168.242.172","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220123958992,"flow_src_last_pkt_time":1671220123958992,"flow_dst_last_pkt_time":1671220123958992,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220123958992,"l3_proto":"ip4","src_ip":"192.168.242.175","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1671220123958992,"flow_dst_last_pkt_time":1671220123958992,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220123958992,"pkt":"\/\/\/\/\/\/\/\/zFDjfYvwCABFAADYmmwAAP8RbVDAqPKv\/\/\/\/\/8ACGgsAxJ0aAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSd65euNtgIkn0OpgBT2EaRy7UyEtONdHDKfascQDozPB7xydBnRSS5snc0MXr0wQJ0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFDsLgSwAAqlU="}
+00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220123958992,"flow_src_last_pkt_time":1671220123958992,"flow_dst_last_pkt_time":1671220123958992,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220123958992,"l3_proto":"ip4","src_ip":"192.168.242.175","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220124174252,"flow_src_last_pkt_time":1671220124174252,"flow_dst_last_pkt_time":1671220124174252,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220124174252,"l3_proto":"ip4","src_ip":"192.168.242.178","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00741{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1671220124174252,"flow_dst_last_pkt_time":1671220124174252,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220124174252,"pkt":"\/\/\/\/\/\/\/\/7Pq8r4NBCABFAADYmrcAAP8RbQLAqPKy\/\/\/\/\/8ACGgsAxOsGAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSn+IvluB3D0uEFlifXiYobWUsSM1IwjwUskvGORvmDyNXiA\/HVygqIDZKxSEulA9C0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFVSoUCQAAqlU="}
+00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220124174252,"flow_src_last_pkt_time":1671220124174252,"flow_dst_last_pkt_time":1671220124174252,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220124174252,"l3_proto":"ip4","src_ip":"192.168.242.178","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220124892623,"flow_src_last_pkt_time":1671220124892623,"flow_dst_last_pkt_time":1671220124892623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220124892623,"l3_proto":"ip4","src_ip":"192.168.242.180","dst_ip":"255.255.255.255","src_port":49153,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1671220124892623,"flow_dst_last_pkt_time":1671220124892623,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1671220124892623,"pkt":"\/\/\/\/\/\/\/\/aFctalfnCABFAADI+oIAAP8RDUXAqPK0\/\/\/\/\/8ABGgsAtKRmAABVqgAAAAAAAAATAAAAnAAAAACXuT\/uS2nJX+6z0zvaNSlSeR5YG224uDhEYOrit03hWoptUHDYUy+P2ZSVn5HCciX4nTHq9ElqSa9o6AeoAPLKwtkf6mMrhVfrkYFiwfyWdE3H\/oI+MHkn+wpEsN+uLI2y6vCgACoD\/YfGxi3qvozZY6IGh1fbJUFZD+ebev593O7dXJU7uTd1YK6Q37xF2+KtA+YkAACqVQ=="}
+00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220124892623,"flow_src_last_pkt_time":1671220124892623,"flow_dst_last_pkt_time":1671220124892623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220124892623,"l3_proto":"ip4","src_ip":"192.168.242.180","dst_ip":"255.255.255.255","src_port":49153,"dst_port":6667,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220124943616,"flow_src_last_pkt_time":1671220124943616,"flow_dst_last_pkt_time":1671220124943616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220124943616,"l3_proto":"ip4","src_ip":"192.168.242.240","dst_ip":"255.255.255.255","src_port":59727,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1671220124943616,"flow_dst_last_pkt_time":1671220124943616,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1671220124943616,"pkt":"\/\/\/\/\/\/\/\/OB+NL1BPCABFAADIOiUAAP8RzWbAqPLw\/\/\/\/\/+lPGgsAtEETAABVqgAAAAAAAAATAAAAnAAAAACXuT\/uS2nJX+6z0zvaNSlSdTKOSe+KWgbLOnD7VGeayoEGWZoEsD4sca\/wwY3AjCiHvJYJj0iyFIY5AGkwfe8iwtkf6mMrhVfrkYFiwfyWdE3H\/oI+MHkn+wpEsN+uLI3jFZnDFv9l1+FEnNJNLSgZCRRQ1Y+RMRau3w9r\/cpFEO7dXJU7uTd1YK6Q37xF2+LOGTy3AACqVQ=="}
+00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220124943616,"flow_src_last_pkt_time":1671220124943616,"flow_dst_last_pkt_time":1671220124943616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220124943616,"l3_proto":"ip4","src_ip":"192.168.242.240","dst_ip":"255.255.255.255","src_port":59727,"dst_port":6667,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220125048168,"flow_src_last_pkt_time":1671220125048168,"flow_dst_last_pkt_time":1671220125048168,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220125048168,"l3_proto":"ip4","src_ip":"192.168.242.234","dst_ip":"255.255.255.255","src_port":59727,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1671220125048168,"flow_dst_last_pkt_time":1671220125048168,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1671220125048168,"pkt":"\/\/\/\/\/\/\/\/OB+NRKrQCABFAADIDqQAAP8R+O3AqPLq\/\/\/\/\/+lPGgsAtMFyAABVqgAAAAAAAAATAAAAnAAAAACXuT\/uS2nJX+6z0zvaNSlSjf5jI+ZahFOEpxIFCAf0A7bBstZyi6ash8hmTY3Vvs56j1ADie28crk5u\/i0EjOFwtkf6mMrhVfrkYFiwfyWdE3H\/oI+MHkn+wpEsN+uLI3jFZnDFv9l1+FEnNJNLSgZCRRQ1Y+RMRau3w9r\/cpFEO7dXJU7uTd1YK6Q37xF2+LYsq+nAACqVQ=="}
+00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220125048168,"flow_src_last_pkt_time":1671220125048168,"flow_dst_last_pkt_time":1671220125048168,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220125048168,"l3_proto":"ip4","src_ip":"192.168.242.234","dst_ip":"255.255.255.255","src_port":59727,"dst_port":6667,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220125975231,"flow_src_last_pkt_time":1671220125975231,"flow_dst_last_pkt_time":1671220125975231,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220125975231,"l3_proto":"ip4","src_ip":"192.168.242.176","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1671220125975231,"flow_dst_last_pkt_time":1671220125975231,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220125975231,"pkt":"\/\/\/\/\/\/\/\/zFDjfG95CABFAADYmwQAAP8RbLfAqPKw\/\/\/\/\/8ACGgsAxEVMAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlS8yDwMdWM1\/meOLgwsrh6O+PI8U9Y8I0Dz0fMDXMXU5rgkbjldgKF5RmAPdDV1ikx0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFQO\/LuwAAqlU="}
+00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220125975231,"flow_src_last_pkt_time":1671220125975231,"flow_dst_last_pkt_time":1671220125975231,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220125975231,"l3_proto":"ip4","src_ip":"192.168.242.176","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1671220126921339,"flow_dst_last_pkt_time":1671220121927386,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220126921339,"pkt":"\/\/\/\/\/\/\/\/3E8ivUChCABFAADYtTwAAP8RUnrAqPK1\/\/\/\/\/8ACGgsAxHNKAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSV1zhkjZl3eRdq2Gsnt4E\/2UVen4KqM+oJMgVFlInd6Y+HvB9m3ef+vX5p0fD+Q9k0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtjKZQQNXz+SzyWX\/vpkjRbCsiKyHA8wc5AKuAN2eCZhABN47Nf4GoVTyKXyTxy7HF3HJEEQAAqlU="}
+00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1671220127234084,"flow_dst_last_pkt_time":1671220122233112,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220127234084,"pkt":"\/\/\/\/\/\/\/\/zFDjfYg0CABFAADYnJsAAP8RayLAqPKu\/\/\/\/\/8ACGgsAxO3LAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSFfYlH1G2LN5ESu3iOsk3Ky7UyEtONdHDKfascQDozPDRq7Zt\/W\/LeDEdlP2+P7Qj0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFYYN9BwAAqlU="}
+00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1671220127306266,"flow_dst_last_pkt_time":1671220122307161,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1671220127306266,"pkt":"\/\/\/\/\/\/\/\/OB+NRR61CABFAADIzFcAAP8RO1rAqPLK\/\/\/\/\/+lPGgsAtG\/gAABVqgAAAAAAAAATAAAAnAAAAACXuT\/uS2nJX+6z0zvaNSlSHMTqwNNUGA7czT6uCApv\/j\/6UO4h02KUhUvW2Kc+3RFFcPRfB2XTEl1kL5pb+8bHwtkf6mMrhVfrkYFiwfyWdE3H\/oI+MHkn+wpEsN+uLI3jFZnDFv9l1+FEnNJNLSgZCRRQ1Y+RMRau3w9r\/cpFEO7dXJU7uTd1YK6Q37xF2+LYVdtLAACqVQ=="}
+00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1671220127810631,"flow_dst_last_pkt_time":1671220122810608,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220127810631,"pkt":"\/\/\/\/\/\/\/\/LPQyZ9enCABFAADYm0MAAP8RbHfAqPKx\/\/\/\/\/8ACGgsAxA3AAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSZN\/+2hSLPnL3i67TdR2ZlXSsPu2Drr5rFuwR2z69yooeyyuMqkp1qxnc7BEUtu730k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFebDgEQAAqlU="}
+00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1671220127958105,"flow_dst_last_pkt_time":1671220122957955,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220127958105,"pkt":"\/\/\/\/\/\/\/\/zFDjfb0\/CABFAADYn9UAAP8RZ+zAqPKq\/\/\/\/\/8ACGgsAxKY2AABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlScWPfmUhMJB8\/IzAR2HkXGy7UyEtONdHDKfascQDozPBoGRRHfAHay6T39QsPG9vM0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFKltuyQAAqlU="}
+00721{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1671220128555817,"flow_dst_last_pkt_time":1671220123555105,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1671220128555817,"pkt":"\/\/\/\/\/\/\/\/aFctaodfCABFAADIJfYAAP8R4dLAqPKz\/\/\/\/\/8ABGgsAtN67AABVqgAAAAAAAAATAAAAnAAAAACXuT\/uS2nJX+6z0zvaNSlSWqsh94TxQCPE1paVBdoPvO14rcejwUWFd0mqKWficRBfyC9NSZY96521nMivI1+9wtkf6mMrhVfrkYFiwfyWdE3H\/oI+MHkn+wpEsN+uLI2y6vCgACoD\/YfGxi3qvozZY6IGh1fbJUFZD+ebev593O7dXJU7uTd1YK6Q37xF2+Kvm+fmAACqVQ=="}
+00741{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1671220128572444,"flow_dst_last_pkt_time":1671220123572254,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220128572444,"pkt":"\/\/\/\/\/\/\/\/LPQyFCvqCABFAADYmPMAAP8RbszAqPKs\/\/\/\/\/8ACGgsAxPKHAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSasQDz6ANMC7nZ1HA08Q8hQuAfkOvcJ5WViXgTo3sWy7jTXpkXmI7TZgucF3sJ1v30k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFVkdexgAAqlU="}
+00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1671220128958061,"flow_dst_last_pkt_time":1671220123958992,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220128958061,"pkt":"\/\/\/\/\/\/\/\/zFDjfYvwCABFAADYmm0AAP8RbU\/AqPKv\/\/\/\/\/8ACGgsAxJ0aAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSd65euNtgIkn0OpgBT2EaRy7UyEtONdHDKfascQDozPB7xydBnRSS5snc0MXr0wQJ0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFDsLgSwAAqlU="}
+00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1671220129176545,"flow_dst_last_pkt_time":1671220124174252,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220129176545,"pkt":"\/\/\/\/\/\/\/\/7Pq8r4NBCABFAADYmroAAP8RbP\/AqPKy\/\/\/\/\/8ACGgsAxOsGAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSn+IvluB3D0uEFlifXiYobWUsSM1IwjwUskvGORvmDyNXiA\/HVygqIDZKxSEulA9C0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFVSoUCQAAqlU="}
+00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1671220129894054,"flow_dst_last_pkt_time":1671220124892623,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1671220129894054,"pkt":"\/\/\/\/\/\/\/\/aFctalfnCABFAADI+oMAAP8RDUTAqPK0\/\/\/\/\/8ABGgsAtKRmAABVqgAAAAAAAAATAAAAnAAAAACXuT\/uS2nJX+6z0zvaNSlSeR5YG224uDhEYOrit03hWoptUHDYUy+P2ZSVn5HCciX4nTHq9ElqSa9o6AeoAPLKwtkf6mMrhVfrkYFiwfyWdE3H\/oI+MHkn+wpEsN+uLI2y6vCgACoD\/YfGxi3qvozZY6IGh1fbJUFZD+ebev593O7dXJU7uTd1YK6Q37xF2+KtA+YkAACqVQ=="}
+00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1671220129947697,"flow_dst_last_pkt_time":1671220124943616,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1671220129947697,"pkt":"\/\/\/\/\/\/\/\/OB+NL1BPCABFAADIOiYAAP8RzWXAqPLw\/\/\/\/\/+lPGgsAtEETAABVqgAAAAAAAAATAAAAnAAAAACXuT\/uS2nJX+6z0zvaNSlSdTKOSe+KWgbLOnD7VGeayoEGWZoEsD4sca\/wwY3AjCiHvJYJj0iyFIY5AGkwfe8iwtkf6mMrhVfrkYFiwfyWdE3H\/oI+MHkn+wpEsN+uLI3jFZnDFv9l1+FEnNJNLSgZCRRQ1Y+RMRau3w9r\/cpFEO7dXJU7uTd1YK6Q37xF2+LOGTy3AACqVQ=="}
+00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1671220130049597,"flow_dst_last_pkt_time":1671220125048168,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1671220130049597,"pkt":"\/\/\/\/\/\/\/\/OB+NRKrQCABFAADIDqUAAP8R+OzAqPLq\/\/\/\/\/+lPGgsAtMFyAABVqgAAAAAAAAATAAAAnAAAAACXuT\/uS2nJX+6z0zvaNSlSjf5jI+ZahFOEpxIFCAf0A7bBstZyi6ash8hmTY3Vvs56j1ADie28crk5u\/i0EjOFwtkf6mMrhVfrkYFiwfyWdE3H\/oI+MHkn+wpEsN+uLI3jFZnDFv9l1+FEnNJNLSgZCRRQ1Y+RMRau3w9r\/cpFEO7dXJU7uTd1YK6Q37xF2+LYsq+nAACqVQ=="}
+00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1671220130973936,"flow_dst_last_pkt_time":1671220125975231,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220130973936,"pkt":"\/\/\/\/\/\/\/\/zFDjfG95CABFAADYmwcAAP8RbLTAqPKw\/\/\/\/\/8ACGgsAxEVMAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlS8yDwMdWM1\/meOLgwsrh6O+PI8U9Y8I0Dz0fMDXMXU5rgkbjldgKF5RmAPdDV1ikx0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFQO\/LuwAAqlU="}
+00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1671220131917224,"flow_dst_last_pkt_time":1671220121927386,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220131917224,"pkt":"\/\/\/\/\/\/\/\/3E8ivUChCABFAADYtT0AAP8RUnnAqPK1\/\/\/\/\/8ACGgsAxHNKAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSV1zhkjZl3eRdq2Gsnt4E\/2UVen4KqM+oJMgVFlInd6Y+HvB9m3ef+vX5p0fD+Q9k0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtjKZQQNXz+SzyWX\/vpkjRbCsiKyHA8wc5AKuAN2eCZhABN47Nf4GoVTyKXyTxy7HF3HJEEQAAqlU="}
+00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1671220132234122,"flow_dst_last_pkt_time":1671220122233112,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220132234122,"pkt":"\/\/\/\/\/\/\/\/zFDjfYg0CABFAADYnJwAAP8RayHAqPKu\/\/\/\/\/8ACGgsAxO3LAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSFfYlH1G2LN5ESu3iOsk3Ky7UyEtONdHDKfascQDozPDRq7Zt\/W\/LeDEdlP2+P7Qj0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFYYN9BwAAqlU="}
+00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1671220132313567,"flow_dst_last_pkt_time":1671220122307161,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1671220132313567,"pkt":"\/\/\/\/\/\/\/\/OB+NRR61CABFAADIzFgAAP8RO1nAqPLK\/\/\/\/\/+lPGgsAtG\/gAABVqgAAAAAAAAATAAAAnAAAAACXuT\/uS2nJX+6z0zvaNSlSHMTqwNNUGA7czT6uCApv\/j\/6UO4h02KUhUvW2Kc+3RFFcPRfB2XTEl1kL5pb+8bHwtkf6mMrhVfrkYFiwfyWdE3H\/oI+MHkn+wpEsN+uLI3jFZnDFv9l1+FEnNJNLSgZCRRQ1Y+RMRau3w9r\/cpFEO7dXJU7uTd1YK6Q37xF2+LYVdtLAACqVQ=="}
+00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1671220132812950,"flow_dst_last_pkt_time":1671220122810608,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220132812950,"pkt":"\/\/\/\/\/\/\/\/LPQyZ9enCABFAADYm0QAAP8RbHbAqPKx\/\/\/\/\/8ACGgsAxA3AAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSZN\/+2hSLPnL3i67TdR2ZlXSsPu2Drr5rFuwR2z69yooeyyuMqkp1qxnc7BEUtu730k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFebDgEQAAqlU="}
+00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1671220132959205,"flow_dst_last_pkt_time":1671220122957955,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220132959205,"pkt":"\/\/\/\/\/\/\/\/zFDjfb0\/CABFAADYn9YAAP8RZ+vAqPKq\/\/\/\/\/8ACGgsAxKY2AABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlScWPfmUhMJB8\/IzAR2HkXGy7UyEtONdHDKfascQDozPBoGRRHfAHay6T39QsPG9vM0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFKltuyQAAqlU="}
+00721{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1671220133556332,"flow_dst_last_pkt_time":1671220123555105,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1671220133556332,"pkt":"\/\/\/\/\/\/\/\/aFctaodfCABFAADIJfcAAP8R4dHAqPKz\/\/\/\/\/8ABGgsAtN67AABVqgAAAAAAAAATAAAAnAAAAACXuT\/uS2nJX+6z0zvaNSlSWqsh94TxQCPE1paVBdoPvO14rcejwUWFd0mqKWficRBfyC9NSZY96521nMivI1+9wtkf6mMrhVfrkYFiwfyWdE3H\/oI+MHkn+wpEsN+uLI2y6vCgACoD\/YfGxi3qvozZY6IGh1fbJUFZD+ebev593O7dXJU7uTd1YK6Q37xF2+Kvm+fmAACqVQ=="}
+00741{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1671220133573875,"flow_dst_last_pkt_time":1671220123572254,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220133573875,"pkt":"\/\/\/\/\/\/\/\/LPQyFCvqCABFAADYmPQAAP8RbsvAqPKs\/\/\/\/\/8ACGgsAxPKHAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSasQDz6ANMC7nZ1HA08Q8hQuAfkOvcJ5WViXgTo3sWy7jTXpkXmI7TZgucF3sJ1v30k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFVkdexgAAqlU="}
+00741{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1671220133958095,"flow_dst_last_pkt_time":1671220123958992,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220133958095,"pkt":"\/\/\/\/\/\/\/\/zFDjfYvwCABFAADYmm4AAP8RbU7AqPKv\/\/\/\/\/8ACGgsAxJ0aAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSd65euNtgIkn0OpgBT2EaRy7UyEtONdHDKfascQDozPB7xydBnRSS5snc0MXr0wQJ0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFDsLgSwAAqlU="}
+00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1671220134174772,"flow_dst_last_pkt_time":1671220124174252,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220134174772,"pkt":"\/\/\/\/\/\/\/\/7Pq8r4NBCABFAADYmrsAAP8RbP7AqPKy\/\/\/\/\/8ACGgsAxOsGAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSn+IvluB3D0uEFlifXiYobWUsSM1IwjwUskvGORvmDyNXiA\/HVygqIDZKxSEulA9C0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFVSoUCQAAqlU="}
+00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1671220134894731,"flow_dst_last_pkt_time":1671220124892623,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1671220134894731,"pkt":"\/\/\/\/\/\/\/\/aFctalfnCABFAADI+oQAAP8RDUPAqPK0\/\/\/\/\/8ABGgsAtKRmAABVqgAAAAAAAAATAAAAnAAAAACXuT\/uS2nJX+6z0zvaNSlSeR5YG224uDhEYOrit03hWoptUHDYUy+P2ZSVn5HCciX4nTHq9ElqSa9o6AeoAPLKwtkf6mMrhVfrkYFiwfyWdE3H\/oI+MHkn+wpEsN+uLI2y6vCgACoD\/YfGxi3qvozZY6IGh1fbJUFZD+ebev593O7dXJU7uTd1YK6Q37xF2+KtA+YkAACqVQ=="}
+00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1671220134946483,"flow_dst_last_pkt_time":1671220124943616,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1671220134946483,"pkt":"\/\/\/\/\/\/\/\/OB+NL1BPCABFAADIOicAAP8RzWTAqPLw\/\/\/\/\/+lPGgsAtEETAABVqgAAAAAAAAATAAAAnAAAAACXuT\/uS2nJX+6z0zvaNSlSdTKOSe+KWgbLOnD7VGeayoEGWZoEsD4sca\/wwY3AjCiHvJYJj0iyFIY5AGkwfe8iwtkf6mMrhVfrkYFiwfyWdE3H\/oI+MHkn+wpEsN+uLI3jFZnDFv9l1+FEnNJNLSgZCRRQ1Y+RMRau3w9r\/cpFEO7dXJU7uTd1YK6Q37xF2+LOGTy3AACqVQ=="}
+00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1671220135047985,"flow_dst_last_pkt_time":1671220125048168,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1671220135047985,"pkt":"\/\/\/\/\/\/\/\/OB+NRKrQCABFAADIDqYAAP8R+OvAqPLq\/\/\/\/\/+lPGgsAtMFyAABVqgAAAAAAAAATAAAAnAAAAACXuT\/uS2nJX+6z0zvaNSlSjf5jI+ZahFOEpxIFCAf0A7bBstZyi6ash8hmTY3Vvs56j1ADie28crk5u\/i0EjOFwtkf6mMrhVfrkYFiwfyWdE3H\/oI+MHkn+wpEsN+uLI3jFZnDFv9l1+FEnNJNLSgZCRRQ1Y+RMRau3w9r\/cpFEO7dXJU7uTd1YK6Q37xF2+LYsq+nAACqVQ=="}
+00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1671220135973798,"flow_dst_last_pkt_time":1671220125975231,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220135973798,"pkt":"\/\/\/\/\/\/\/\/zFDjfG95CABFAADYmwgAAP8RbLPAqPKw\/\/\/\/\/8ACGgsAxEVMAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlS8yDwMdWM1\/meOLgwsrh6O+PI8U9Y8I0Dz0fMDXMXU5rgkbjldgKF5RmAPdDV1ikx0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFQO\/LuwAAqlU="}
+00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1671220136917939,"flow_dst_last_pkt_time":1671220121927386,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220136917939,"pkt":"\/\/\/\/\/\/\/\/3E8ivUChCABFAADYtT4AAP8RUnjAqPK1\/\/\/\/\/8ACGgsAxHNKAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSV1zhkjZl3eRdq2Gsnt4E\/2UVen4KqM+oJMgVFlInd6Y+HvB9m3ef+vX5p0fD+Q9k0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtjKZQQNXz+SzyWX\/vpkjRbCsiKyHA8wc5AKuAN2eCZhABN47Nf4GoVTyKXyTxy7HF3HJEEQAAqlU="}
+00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1671220137234215,"flow_dst_last_pkt_time":1671220122233112,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220137234215,"pkt":"\/\/\/\/\/\/\/\/zFDjfYg0CABFAADYnJ0AAP8RayDAqPKu\/\/\/\/\/8ACGgsAxO3LAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSFfYlH1G2LN5ESu3iOsk3Ky7UyEtONdHDKfascQDozPDRq7Zt\/W\/LeDEdlP2+P7Qj0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFYYN9BwAAqlU="}
+00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1671220137316636,"flow_dst_last_pkt_time":1671220122307161,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1671220137316636,"pkt":"\/\/\/\/\/\/\/\/OB+NRR61CABFAADIzFsAAP8RO1bAqPLK\/\/\/\/\/+lPGgsAtG\/gAABVqgAAAAAAAAATAAAAnAAAAACXuT\/uS2nJX+6z0zvaNSlSHMTqwNNUGA7czT6uCApv\/j\/6UO4h02KUhUvW2Kc+3RFFcPRfB2XTEl1kL5pb+8bHwtkf6mMrhVfrkYFiwfyWdE3H\/oI+MHkn+wpEsN+uLI3jFZnDFv9l1+FEnNJNLSgZCRRQ1Y+RMRau3w9r\/cpFEO7dXJU7uTd1YK6Q37xF2+LYVdtLAACqVQ=="}
+00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1671220137814128,"flow_dst_last_pkt_time":1671220122810608,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220137814128,"pkt":"\/\/\/\/\/\/\/\/LPQyZ9enCABFAADYm0UAAP8RbHXAqPKx\/\/\/\/\/8ACGgsAxA3AAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSZN\/+2hSLPnL3i67TdR2ZlXSsPu2Drr5rFuwR2z69yooeyyuMqkp1qxnc7BEUtu730k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFebDgEQAAqlU="}
+00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1671220137958304,"flow_dst_last_pkt_time":1671220122957955,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220137958304,"pkt":"\/\/\/\/\/\/\/\/zFDjfb0\/CABFAADYn9cAAP8RZ+rAqPKq\/\/\/\/\/8ACGgsAxKY2AABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlScWPfmUhMJB8\/IzAR2HkXGy7UyEtONdHDKfascQDozPBoGRRHfAHay6T39QsPG9vM0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFKltuyQAAqlU="}
+00721{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1671220138557428,"flow_dst_last_pkt_time":1671220123555105,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1671220138557428,"pkt":"\/\/\/\/\/\/\/\/aFctaodfCABFAADIJfgAAP8R4dDAqPKz\/\/\/\/\/8ABGgsAtN67AABVqgAAAAAAAAATAAAAnAAAAACXuT\/uS2nJX+6z0zvaNSlSWqsh94TxQCPE1paVBdoPvO14rcejwUWFd0mqKWficRBfyC9NSZY96521nMivI1+9wtkf6mMrhVfrkYFiwfyWdE3H\/oI+MHkn+wpEsN+uLI2y6vCgACoD\/YfGxi3qvozZY6IGh1fbJUFZD+ebev593O7dXJU7uTd1YK6Q37xF2+Kvm+fmAACqVQ=="}
+00741{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1671220138575151,"flow_dst_last_pkt_time":1671220123572254,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220138575151,"pkt":"\/\/\/\/\/\/\/\/LPQyFCvqCABFAADYmPUAAP8RbsrAqPKs\/\/\/\/\/8ACGgsAxPKHAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSasQDz6ANMC7nZ1HA08Q8hQuAfkOvcJ5WViXgTo3sWy7jTXpkXmI7TZgucF3sJ1v30k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFVkdexgAAqlU="}
+00741{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1671220138958420,"flow_dst_last_pkt_time":1671220123958992,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220138958420,"pkt":"\/\/\/\/\/\/\/\/zFDjfYvwCABFAADYmm8AAP8RbU3AqPKv\/\/\/\/\/8ACGgsAxJ0aAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSd65euNtgIkn0OpgBT2EaRy7UyEtONdHDKfascQDozPB7xydBnRSS5snc0MXr0wQJ0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFDsLgSwAAqlU="}
+00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1671220139174786,"flow_dst_last_pkt_time":1671220124174252,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220139174786,"pkt":"\/\/\/\/\/\/\/\/7Pq8r4NBCABFAADYmrwAAP8RbP3AqPKy\/\/\/\/\/8ACGgsAxOsGAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSn+IvluB3D0uEFlifXiYobWUsSM1IwjwUskvGORvmDyNXiA\/HVygqIDZKxSEulA9C0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFVSoUCQAAqlU="}
+00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1671220139895835,"flow_dst_last_pkt_time":1671220124892623,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1671220139895835,"pkt":"\/\/\/\/\/\/\/\/aFctalfnCABFAADI+oUAAP8RDULAqPK0\/\/\/\/\/8ABGgsAtKRmAABVqgAAAAAAAAATAAAAnAAAAACXuT\/uS2nJX+6z0zvaNSlSeR5YG224uDhEYOrit03hWoptUHDYUy+P2ZSVn5HCciX4nTHq9ElqSa9o6AeoAPLKwtkf6mMrhVfrkYFiwfyWdE3H\/oI+MHkn+wpEsN+uLI2y6vCgACoD\/YfGxi3qvozZY6IGh1fbJUFZD+ebev593O7dXJU7uTd1YK6Q37xF2+KtA+YkAACqVQ=="}
+00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1671220139952921,"flow_dst_last_pkt_time":1671220124943616,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1671220139952921,"pkt":"\/\/\/\/\/\/\/\/OB+NL1BPCABFAADIOigAAP8RzWPAqPLw\/\/\/\/\/+lPGgsAtEETAABVqgAAAAAAAAATAAAAnAAAAACXuT\/uS2nJX+6z0zvaNSlSdTKOSe+KWgbLOnD7VGeayoEGWZoEsD4sca\/wwY3AjCiHvJYJj0iyFIY5AGkwfe8iwtkf6mMrhVfrkYFiwfyWdE3H\/oI+MHkn+wpEsN+uLI3jFZnDFv9l1+FEnNJNLSgZCRRQ1Y+RMRau3w9r\/cpFEO7dXJU7uTd1YK6Q37xF2+LOGTy3AACqVQ=="}
+00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1671220140056610,"flow_dst_last_pkt_time":1671220125048168,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1671220140056610,"pkt":"\/\/\/\/\/\/\/\/OB+NRKrQCABFAADIDqcAAP8R+OrAqPLq\/\/\/\/\/+lPGgsAtMFyAABVqgAAAAAAAAATAAAAnAAAAACXuT\/uS2nJX+6z0zvaNSlSjf5jI+ZahFOEpxIFCAf0A7bBstZyi6ash8hmTY3Vvs56j1ADie28crk5u\/i0EjOFwtkf6mMrhVfrkYFiwfyWdE3H\/oI+MHkn+wpEsN+uLI3jFZnDFv9l1+FEnNJNLSgZCRRQ1Y+RMRau3w9r\/cpFEO7dXJU7uTd1YK6Q37xF2+LYsq+nAACqVQ=="}
+00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1671220140975183,"flow_dst_last_pkt_time":1671220125975231,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220140975183,"pkt":"\/\/\/\/\/\/\/\/zFDjfG95CABFAADYmwkAAP8RbLLAqPKw\/\/\/\/\/8ACGgsAxEVMAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlS8yDwMdWM1\/meOLgwsrh6O+PI8U9Y8I0Dz0fMDXMXU5rgkbjldgKF5RmAPdDV1ikx0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFQO\/LuwAAqlU="}
+00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1671220141924160,"flow_dst_last_pkt_time":1671220121927386,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220141924160,"pkt":"\/\/\/\/\/\/\/\/3E8ivUChCABFAADYtT8AAP8RUnfAqPK1\/\/\/\/\/8ACGgsAxHNKAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSV1zhkjZl3eRdq2Gsnt4E\/2UVen4KqM+oJMgVFlInd6Y+HvB9m3ef+vX5p0fD+Q9k0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtjKZQQNXz+SzyWX\/vpkjRbCsiKyHA8wc5AKuAN2eCZhABN47Nf4GoVTyKXyTxy7HF3HJEEQAAqlU="}
+00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1671220142232781,"flow_dst_last_pkt_time":1671220122233112,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220142232781,"pkt":"\/\/\/\/\/\/\/\/zFDjfYg0CABFAADYnJ4AAP8Rax\/AqPKu\/\/\/\/\/8ACGgsAxO3LAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSFfYlH1G2LN5ESu3iOsk3Ky7UyEtONdHDKfascQDozPDRq7Zt\/W\/LeDEdlP2+P7Qj0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFYYN9BwAAqlU="}
+00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1671220142314814,"flow_dst_last_pkt_time":1671220122307161,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1671220142314814,"pkt":"\/\/\/\/\/\/\/\/OB+NRR61CABFAADIzFwAAP8RO1XAqPLK\/\/\/\/\/+lPGgsAtG\/gAABVqgAAAAAAAAATAAAAnAAAAACXuT\/uS2nJX+6z0zvaNSlSHMTqwNNUGA7czT6uCApv\/j\/6UO4h02KUhUvW2Kc+3RFFcPRfB2XTEl1kL5pb+8bHwtkf6mMrhVfrkYFiwfyWdE3H\/oI+MHkn+wpEsN+uLI3jFZnDFv9l1+FEnNJNLSgZCRRQ1Y+RMRau3w9r\/cpFEO7dXJU7uTd1YK6Q37xF2+LYVdtLAACqVQ=="}
+00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1671220142810985,"flow_dst_last_pkt_time":1671220122810608,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220142810985,"pkt":"\/\/\/\/\/\/\/\/LPQyZ9enCABFAADYm0YAAP8RbHTAqPKx\/\/\/\/\/8ACGgsAxA3AAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSZN\/+2hSLPnL3i67TdR2ZlXSsPu2Drr5rFuwR2z69yooeyyuMqkp1qxnc7BEUtu730k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFebDgEQAAqlU="}
+00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1671220142958849,"flow_dst_last_pkt_time":1671220122957955,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220142958849,"pkt":"\/\/\/\/\/\/\/\/zFDjfb0\/CABFAADYn9gAAP8RZ+nAqPKq\/\/\/\/\/8ACGgsAxKY2AABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlScWPfmUhMJB8\/IzAR2HkXGy7UyEtONdHDKfascQDozPBoGRRHfAHay6T39QsPG9vM0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFKltuyQAAqlU="}
+00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1671220143558496,"flow_dst_last_pkt_time":1671220123555105,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1671220143558496,"pkt":"\/\/\/\/\/\/\/\/aFctaodfCABFAADIJfkAAP8R4c\/AqPKz\/\/\/\/\/8ABGgsAtN67AABVqgAAAAAAAAATAAAAnAAAAACXuT\/uS2nJX+6z0zvaNSlSWqsh94TxQCPE1paVBdoPvO14rcejwUWFd0mqKWficRBfyC9NSZY96521nMivI1+9wtkf6mMrhVfrkYFiwfyWdE3H\/oI+MHkn+wpEsN+uLI2y6vCgACoD\/YfGxi3qvozZY6IGh1fbJUFZD+ebev593O7dXJU7uTd1YK6Q37xF2+Kvm+fmAACqVQ=="}
+00741{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1671220143572773,"flow_dst_last_pkt_time":1671220123572254,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220143572773,"pkt":"\/\/\/\/\/\/\/\/LPQyFCvqCABFAADYmPYAAP8RbsnAqPKs\/\/\/\/\/8ACGgsAxPKHAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSasQDz6ANMC7nZ1HA08Q8hQuAfkOvcJ5WViXgTo3sWy7jTXpkXmI7TZgucF3sJ1v30k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFVkdexgAAqlU="}
+00741{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1671220143959924,"flow_dst_last_pkt_time":1671220123958992,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220143959924,"pkt":"\/\/\/\/\/\/\/\/zFDjfYvwCABFAADYmnAAAP8RbUzAqPKv\/\/\/\/\/8ACGgsAxJ0aAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSd65euNtgIkn0OpgBT2EaRy7UyEtONdHDKfascQDozPB7xydBnRSS5snc0MXr0wQJ0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFDsLgSwAAqlU="}
+00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1671220144177286,"flow_dst_last_pkt_time":1671220124174252,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220144177286,"pkt":"\/\/\/\/\/\/\/\/7Pq8r4NBCABFAADYmr0AAP8RbPzAqPKy\/\/\/\/\/8ACGgsAxOsGAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSn+IvluB3D0uEFlifXiYobWUsSM1IwjwUskvGORvmDyNXiA\/HVygqIDZKxSEulA9C0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFVSoUCQAAqlU="}
+00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1671220144896909,"flow_dst_last_pkt_time":1671220124892623,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1671220144896909,"pkt":"\/\/\/\/\/\/\/\/aFctalfnCABFAADI+oYAAP8RDUHAqPK0\/\/\/\/\/8ABGgsAtKRmAABVqgAAAAAAAAATAAAAnAAAAACXuT\/uS2nJX+6z0zvaNSlSeR5YG224uDhEYOrit03hWoptUHDYUy+P2ZSVn5HCciX4nTHq9ElqSa9o6AeoAPLKwtkf6mMrhVfrkYFiwfyWdE3H\/oI+MHkn+wpEsN+uLI2y6vCgACoD\/YfGxi3qvozZY6IGh1fbJUFZD+ebev593O7dXJU7uTd1YK6Q37xF2+KtA+YkAACqVQ=="}
+00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1671220144960724,"flow_dst_last_pkt_time":1671220124943616,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1671220144960724,"pkt":"\/\/\/\/\/\/\/\/OB+NL1BPCABFAADIOikAAP8RzWLAqPLw\/\/\/\/\/+lPGgsAtEETAABVqgAAAAAAAAATAAAAnAAAAACXuT\/uS2nJX+6z0zvaNSlSdTKOSe+KWgbLOnD7VGeayoEGWZoEsD4sca\/wwY3AjCiHvJYJj0iyFIY5AGkwfe8iwtkf6mMrhVfrkYFiwfyWdE3H\/oI+MHkn+wpEsN+uLI3jFZnDFv9l1+FEnNJNLSgZCRRQ1Y+RMRau3w9r\/cpFEO7dXJU7uTd1YK6Q37xF2+LOGTy3AACqVQ=="}
+00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1671220145056715,"flow_dst_last_pkt_time":1671220125048168,"flow_idle_time":200000000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1671220145056715,"pkt":"\/\/\/\/\/\/\/\/OB+NRKrQCABFAADIDqgAAP8R+OnAqPLq\/\/\/\/\/+lPGgsAtMFyAABVqgAAAAAAAAATAAAAnAAAAACXuT\/uS2nJX+6z0zvaNSlSjf5jI+ZahFOEpxIFCAf0A7bBstZyi6ash8hmTY3Vvs56j1ADie28crk5u\/i0EjOFwtkf6mMrhVfrkYFiwfyWdE3H\/oI+MHkn+wpEsN+uLI3jFZnDFv9l1+FEnNJNLSgZCRRQ1Y+RMRau3w9r\/cpFEO7dXJU7uTd1YK6Q37xF2+LYsq+nAACqVQ=="}
+00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1671220145974258,"flow_dst_last_pkt_time":1671220125975231,"flow_idle_time":200000000,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220145974258,"pkt":"\/\/\/\/\/\/\/\/zFDjfG95CABFAADYmwoAAP8RbLHAqPKw\/\/\/\/\/8ACGgsAxEVMAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlS8yDwMdWM1\/meOLgwsrh6O+PI8U9Y8I0Dz0fMDXMXU5rgkbjldgKF5RmAPdDV1ikx0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtB8LBFSnE3IYADMWsFnE6WSnLbwzz+1\/946WHicqiaCkBN47Nf4GoVTyKXyTxy7HFQO\/LuwAAqlU="}
+00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1671220124892623,"flow_src_last_pkt_time":1671220154899052,"flow_dst_last_pkt_time":1671220124892623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220158572989,"l3_proto":"ip4","src_ip":"192.168.242.180","dst_ip":"255.255.255.255","src_port":49153,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1671220123555105,"flow_src_last_pkt_time":1671220158561528,"flow_dst_last_pkt_time":1671220123555105,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1376,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220158572989,"l3_proto":"ip4","src_ip":"192.168.242.179","dst_ip":"255.255.255.255","src_port":49153,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1671220124174252,"flow_src_last_pkt_time":1671220154176925,"flow_dst_last_pkt_time":1671220124174252,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1316,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220158572989,"l3_proto":"ip4","src_ip":"192.168.242.178","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1671220125975231,"flow_src_last_pkt_time":1671220155974612,"flow_dst_last_pkt_time":1671220125975231,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1316,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220158572989,"l3_proto":"ip4","src_ip":"192.168.242.176","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1671220123958992,"flow_src_last_pkt_time":1671220153962020,"flow_dst_last_pkt_time":1671220123958992,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1316,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220158572989,"l3_proto":"ip4","src_ip":"192.168.242.175","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1671220122810608,"flow_src_last_pkt_time":1671220157810801,"flow_dst_last_pkt_time":1671220122810608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220158572989,"l3_proto":"ip4","src_ip":"192.168.242.177","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1671220123572254,"flow_src_last_pkt_time":1671220158572989,"flow_dst_last_pkt_time":1671220123572254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220158572989,"l3_proto":"ip4","src_ip":"192.168.242.172","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1671220122957955,"flow_src_last_pkt_time":1671220157958842,"flow_dst_last_pkt_time":1671220122957955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220158572989,"l3_proto":"ip4","src_ip":"192.168.242.170","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1671220122233112,"flow_src_last_pkt_time":1671220157236172,"flow_dst_last_pkt_time":1671220122233112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220158572989,"l3_proto":"ip4","src_ip":"192.168.242.174","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1671220121927386,"flow_src_last_pkt_time":1671220156919361,"flow_dst_last_pkt_time":1671220121927386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220158572989,"l3_proto":"ip4","src_ip":"192.168.242.181","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1671220125048168,"flow_src_last_pkt_time":1671220155060818,"flow_dst_last_pkt_time":1671220125048168,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220158572989,"l3_proto":"ip4","src_ip":"192.168.242.234","dst_ip":"255.255.255.255","src_port":59727,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1671220124943616,"flow_src_last_pkt_time":1671220154967079,"flow_dst_last_pkt_time":1671220124943616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220158572989,"l3_proto":"ip4","src_ip":"192.168.242.240","dst_ip":"255.255.255.255","src_port":59727,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"tuya_lp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1671220122307161,"flow_src_last_pkt_time":1671220157322347,"flow_dst_last_pkt_time":1671220122307161,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1376,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220158572989,"l3_proto":"ip4","src_ip":"192.168.242.202","dst_ip":"255.255.255.255","src_port":59727,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"tuya_lp.pcap","alias":"nDPId-test","packets-captured":98,"packets-processed":98,"total-skipped-flows":0,"total-l4-payload-len":17832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":107,"global_ts_usec":1671220158572989}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 98/98
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 17832 bytes
+~~ total detected protocols..: 13
+~~ total active/idle flows...: 13/13
+~~ total timeout flows.......: 0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 6440825 bytes
+~~ total memory freed........: 6440825 bytes
+~~ total allocations/frees...: 122663/122663
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ json string min len.......: 492 chars
+~~ json string max len.......: 964 chars
+~~ json string avg len.......: 727 chars
diff --git a/test/results/ubntac2.pcap.out b/test/results/ubntac2.pcap.out
index 9003f71f1..d55dd04a0 100644
--- a/test/results/ubntac2.pcap.out
+++ b/test/results/ubntac2.pcap.out
@@ -43,9 +43,9 @@
 ~~ total active/idle flows...: 8/8
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6424354 bytes
-~~ total memory freed........: 6424354 bytes
-~~ total allocations/frees...: 122513/122513
+~~ total memory allocated....: 6429315 bytes
+~~ total memory freed........: 6429315 bytes
+~~ total allocations/frees...: 122523/122523
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 968 chars
diff --git a/test/results/ultrasurf.pcap.out b/test/results/ultrasurf.pcap.out
index 5407ce0ab..2334a42a4 100644
--- a/test/results/ultrasurf.pcap.out
+++ b/test/results/ultrasurf.pcap.out
@@ -38,9 +38,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6676415 bytes
-~~ total memory freed........: 6676415 bytes
-~~ total allocations/frees...: 130614/130614
+~~ total memory allocated....: 6681336 bytes
+~~ total memory freed........: 6681336 bytes
+~~ total allocations/frees...: 130624/130624
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 494 chars
 ~~ json string max len.......: 4011 chars
diff --git a/test/results/upnp.pcap.out b/test/results/upnp.pcap.out
index 181dadf76..4dac196ea 100644
--- a/test/results/upnp.pcap.out
+++ b/test/results/upnp.pcap.out
@@ -25,9 +25,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6413896 bytes
-~~ total memory freed........: 6413896 bytes
-~~ total allocations/frees...: 122459/122459
+~~ total memory allocated....: 6418809 bytes
+~~ total memory freed........: 6418809 bytes
+~~ total allocations/frees...: 122469/122469
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 1381 chars
diff --git a/test/results/viber.pcap.out b/test/results/viber.pcap.out
index 32d78321e..9ddde72d7 100644
--- a/test/results/viber.pcap.out
+++ b/test/results/viber.pcap.out
@@ -179,7 +179,7 @@
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1648952183458000,"flow_dst_last_pkt_time":1648952183563000,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648952183563000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0fqdAAOcGIX40APyRwKgCZBCUvjJ96pBf990TdoAQADWytAAAAQEICudWQAlvD1Fh"}
 00764{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155640080793,"flow_dst_last_pkt_time":1527155640252435,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":366,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":5690,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00943{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1527155640085923,"flow_src_last_pkt_time":1527155640836078,"flow_dst_last_pkt_time":1527155641008759,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":367,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":704,"flow_dst_tot_l4_payload_len":5441,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00847{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1527155644240774,"flow_src_last_pkt_time":1527155644243647,"flow_dst_last_pkt_time":1527155644244636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":22,"flow_src_tot_l4_payload_len":46,"flow_dst_tot_l4_payload_len":22,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Unrated"}}
+00924{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1527155644240774,"flow_src_last_pkt_time":1527155644243647,"flow_dst_last_pkt_time":1527155644244636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":22,"flow_src_tot_l4_payload_len":46,"flow_dst_tot_l4_payload_len":22,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}}
 00759{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1527155644240774,"flow_src_last_pkt_time":1527155644243647,"flow_dst_last_pkt_time":1527155644244636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":22,"flow_src_tot_l4_payload_len":46,"flow_dst_tot_l4_payload_len":22,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00947{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":22,"flow_first_seen":1527155670640484,"flow_src_last_pkt_time":1527155677861045,"flow_dst_last_pkt_time":1527155677861880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":4027,"flow_dst_tot_l4_payload_len":1378,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00940{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155670640566,"flow_src_last_pkt_time":1527155670640566,"flow_dst_last_pkt_time":1527155670672314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":20,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":20,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
@@ -206,7 +206,7 @@
 00900{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1527155679410348,"flow_src_last_pkt_time":1527155685132180,"flow_dst_last_pkt_time":1527155685130784,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00750{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1527155679410348,"flow_src_last_pkt_time":1527155685132180,"flow_dst_last_pkt_time":1527155685130784,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00945{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155641813689,"flow_src_last_pkt_time":1527155641813689,"flow_dst_last_pkt_time":1527155641840131,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":143,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Viber","proto_id":"5.144","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","packets-captured":440,"packets-processed":435,"total-skipped-flows":0,"total-l4-payload-len":125733,"total-not-detected-flows":1,"total-guessed-flows":3,"total-detected-flows":24,"total-detection-updates":20,"total-updates":4,"current-active-flows":1,"total-active-flows":27,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":209,"global_ts_usec":1648954023554000}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","packets-captured":440,"packets-processed":435,"total-skipped-flows":0,"total-l4-payload-len":125733,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":24,"total-detection-updates":20,"total-updates":4,"current-active-flows":1,"total-active-flows":27,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":209,"global_ts_usec":1648954023554000}
 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648954023554000,"flow_src_last_pkt_time":1648954023554000,"flow_dst_last_pkt_time":1648954023554000,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648954023554000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1648954023554000,"flow_dst_last_pkt_time":1648954023554000,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648954023554000,"pkt":"eJS0JASgYDjgxTWgCABFAAA86GpAAD8GYELAqAJkNAD8AqDgFHo59lPMAAAAAKAC\/\/81EwAAAgQFtAQCCArXUgVsAAAAAAEDAwk="}
 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1648954023554000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648954023662000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAOwGm6w0APwCwKgCZBR6oOA1qzY9OfZTzaASaN\/krwAAAgQFrAQCCApiDhmE11IFbAEDAwk="}
@@ -214,14 +214,14 @@
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1648954023697000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":3285032704,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1648954023697000,"pkt":"eJS0JASgYDjgxTWgCABFAABM6GxAAD8GYDDAqAJkNAD8AqDgFHo59lPNNas2PoAYAKwkewAAAQEICtdSBfpiDhmEGAAAAAAA\/P8FgAkAAAAAAAAAAAAzAAAA"}
 00895{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1648954023554000,"flow_src_last_pkt_time":1648954023697000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648954023697000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1648954023697000,"flow_dst_last_pkt_time":1648954023803000,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648954023803000,"pkt":"YDjgxTWgeJS0JASgCABFAAA07m1AAOwGrUY0APwCwKgCZBR6oOA1qzY+OfZT5YAQADV67AAAAQEICmIOGhLXUgX6"}
-00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","packets-captured":451,"packets-processed":446,"total-skipped-flows":0,"total-l4-payload-len":126273,"total-not-detected-flows":1,"total-guessed-flows":3,"total-detected-flows":25,"total-detection-updates":20,"total-updates":4,"current-active-flows":2,"total-active-flows":28,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":217,"global_ts_usec":1648968035683000}
+00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","packets-captured":451,"packets-processed":446,"total-skipped-flows":0,"total-l4-payload-len":126273,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":25,"total-detection-updates":20,"total-updates":4,"current-active-flows":2,"total-active-flows":28,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":217,"global_ts_usec":1648968035683000}
 00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648968035683000,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":3285032704,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1648968035683000,"pkt":"eJS0JASgYDjgxTWgCABFAACU2kpAAD8GpwLAqAJkLMDKSqeUEJTyP2Q6cEHfOoAYAVdrNwAAAQEICphN6aPkLWTjYAAuDuoU\/P8DgFkAGwAAAAAAAAAuDuoUyCWY+Eiv3vNvHuU8izmtmd1xLKgDGQAAAC4GaTctzm2TgBHTuz9kkBDO3BN0gtQM11m3wPtySAu5MwDtuOA\/BIT7TjIAAaAP"}
 00903{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648968035683000,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648968035683000,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00937{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1648954023554000,"flow_src_last_pkt_time":1648954024001000,"flow_dst_last_pkt_time":1648954024107000,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":516,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":516,"midstream":0,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1648952182644000,"flow_src_last_pkt_time":1648952183650000,"flow_dst_last_pkt_time":1648952183755000,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":3321,"midstream":0,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.145","src_port":48690,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","packets-captured":451,"packets-processed":447,"total-skipped-flows":0,"total-l4-payload-len":126369,"total-not-detected-flows":1,"total-guessed-flows":3,"total-detected-flows":26,"total-detection-updates":20,"total-updates":4,"current-active-flows":0,"total-active-flows":29,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":224,"global_ts_usec":1648968035683000}
+00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","packets-captured":451,"packets-processed":447,"total-skipped-flows":0,"total-l4-payload-len":126369,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":26,"total-detection-updates":20,"total-updates":4,"current-active-flows":0,"total-active-flows":29,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":224,"global_ts_usec":1648968035683000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 451/447
 ~~ skipped flows.............: 0
@@ -230,9 +230,9 @@
 ~~ total active/idle flows...: 29/29
 ~~ total timeout flows.......: 3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6635090 bytes
-~~ total memory freed........: 6635090 bytes
-~~ total allocations/frees...: 123250/123250
+~~ total memory allocated....: 6640219 bytes
+~~ total memory freed........: 6640219 bytes
+~~ total allocations/frees...: 123260/123260
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 2445 chars
diff --git a/test/results/vnc.pcap.out b/test/results/vnc.pcap.out
index 658f60955..567c112f4 100644
--- a/test/results/vnc.pcap.out
+++ b/test/results/vnc.pcap.out
@@ -27,9 +27,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6549641 bytes
-~~ total memory freed........: 6549641 bytes
-~~ total allocations/frees...: 127002/127002
+~~ total memory allocated....: 6554554 bytes
+~~ total memory freed........: 6554554 bytes
+~~ total allocations/frees...: 127012/127012
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 488 chars
 ~~ json string max len.......: 2368 chars
diff --git a/test/results/vrrp3.pcapng.out b/test/results/vrrp3.pcapng.out
index e93e6fcca..9907fbaba 100644
--- a/test/results/vrrp3.pcapng.out
+++ b/test/results/vrrp3.pcapng.out
@@ -21,9 +21,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6413780 bytes
-~~ total memory freed........: 6413780 bytes
-~~ total allocations/frees...: 122455/122455
+~~ total memory allocated....: 6418693 bytes
+~~ total memory freed........: 6418693 bytes
+~~ total allocations/frees...: 122465/122465
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 492 chars
 ~~ json string max len.......: 905 chars
diff --git a/test/results/vxlan.pcap.out b/test/results/vxlan.pcap.out
index 3eed415a4..ca869fc08 100644
--- a/test/results/vxlan.pcap.out
+++ b/test/results/vxlan.pcap.out
@@ -69,9 +69,9 @@
 ~~ total active/idle flows...: 9/9
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6429829 bytes
-~~ total memory freed........: 6429829 bytes
-~~ total allocations/frees...: 122651/122651
+~~ total memory allocated....: 6434798 bytes
+~~ total memory freed........: 6434798 bytes
+~~ total allocations/frees...: 122661/122661
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 2462 chars
diff --git a/test/results/wa_video.pcap.out b/test/results/wa_video.pcap.out
index 3e0111fc3..7f8eeb874 100644
--- a/test/results/wa_video.pcap.out
+++ b/test/results/wa_video.pcap.out
@@ -104,9 +104,9 @@
 ~~ total active/idle flows...: 14/14
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6482469 bytes
-~~ total memory freed........: 6482469 bytes
-~~ total allocations/frees...: 124141/124141
+~~ total memory allocated....: 6487478 bytes
+~~ total memory freed........: 6487478 bytes
+~~ total allocations/frees...: 124151/124151
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 493 chars
 ~~ json string max len.......: 2403 chars
diff --git a/test/results/wa_voice.pcap.out b/test/results/wa_voice.pcap.out
index 427451e0d..d2cf1af1f 100644
--- a/test/results/wa_voice.pcap.out
+++ b/test/results/wa_voice.pcap.out
@@ -213,9 +213,9 @@
 ~~ total active/idle flows...: 28/28
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6495840 bytes
-~~ total memory freed........: 6495840 bytes
-~~ total allocations/frees...: 123468/123468
+~~ total memory allocated....: 6500961 bytes
+~~ total memory freed........: 6500961 bytes
+~~ total allocations/frees...: 123478/123478
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 486 chars
 ~~ json string max len.......: 2463 chars
diff --git a/test/results/waze.pcap.out b/test/results/waze.pcap.out
index eafbf829f..53174a4c0 100644
--- a/test/results/waze.pcap.out
+++ b/test/results/waze.pcap.out
@@ -297,9 +297,9 @@
 ~~ total active/idle flows...: 33/33
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6779107 bytes
-~~ total memory freed........: 6779107 bytes
-~~ total allocations/frees...: 123532/123532
+~~ total memory allocated....: 6784286 bytes
+~~ total memory freed........: 6784286 bytes
+~~ total allocations/frees...: 123544/123544
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 489 chars
 ~~ json string max len.......: 2440 chars
diff --git a/test/results/webex.pcap.out b/test/results/webex.pcap.out
index 78880891a..82e3e2b91 100644
--- a/test/results/webex.pcap.out
+++ b/test/results/webex.pcap.out
@@ -506,9 +506,9 @@
 ~~ total active/idle flows...: 57/57
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6936206 bytes
-~~ total memory freed........: 6936206 bytes
-~~ total allocations/frees...: 124973/124973
+~~ total memory allocated....: 6941583 bytes
+~~ total memory freed........: 6941583 bytes
+~~ total allocations/frees...: 124985/124985
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 488 chars
 ~~ json string max len.......: 2441 chars
diff --git a/test/results/websocket.pcap.out b/test/results/websocket.pcap.out
index ed004eaee..bf6be97cb 100644
--- a/test/results/websocket.pcap.out
+++ b/test/results/websocket.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6413939 bytes
-~~ total memory freed........: 6413939 bytes
-~~ total allocations/frees...: 122442/122442
+~~ total memory allocated....: 6418844 bytes
+~~ total memory freed........: 6418844 bytes
+~~ total allocations/frees...: 122452/122452
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 494 chars
 ~~ json string max len.......: 957 chars
diff --git a/test/results/wechat.pcap.out b/test/results/wechat.pcap.out
index 70d03765d..0f627849e 100644
--- a/test/results/wechat.pcap.out
+++ b/test/results/wechat.pcap.out
@@ -891,9 +891,9 @@
 ~~ total active/idle flows...: 109/109
 ~~ total timeout flows.......: 1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 7112405 bytes
-~~ total memory freed........: 7112405 bytes
-~~ total allocations/frees...: 125915/125915
+~~ total memory allocated....: 7118174 bytes
+~~ total memory freed........: 7118174 bytes
+~~ total allocations/frees...: 125925/125925
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 488 chars
 ~~ json string max len.......: 2313 chars
diff --git a/test/results/weibo.pcap.out b/test/results/weibo.pcap.out
index efca478ad..f93f67078 100644
--- a/test/results/weibo.pcap.out
+++ b/test/results/weibo.pcap.out
@@ -68,7 +68,7 @@
 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1463089072333305,"flow_dst_last_pkt_time":1463089072333305,"flow_idle_time":200000000,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1463089072333305,"pkt":"kDVu60UQeJKcD6iOCABFAAA9J7BAAEARj0XAqAFpwKgBAdEnADUAKd+0rc0BAAABAAAAAAAAA2ltZwF0BnNpbmFqcwJjbgAAAQAB"}
 01043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089072333305,"flow_src_last_pkt_time":1463089072333305,"flow_dst_last_pkt_time":1463089072333305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089072333305,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"img.t.sinajs.cn","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1463089072333305,"flow_dst_last_pkt_time":1463089072444805,"flow_idle_time":200000000,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_usec":1463089072444805,"pkt":"eJKcD6iOkDVu60UQCABFAACxAABAAEARtoHAqAEBwKgBaQA10ScAnYbirc2BgAABAAUAAAAAA2ltZwF0BnNpbmFqcwJjbgAAAQABwAwABQABAAAAAAAHBHdjZG7AEsAtAAUAAQAAACoAFQZzaW5hanMFY3NnbGIFdHhjZG7AGcBAAAUAAQAABBMAFAhuNGNzd2hrMwVnY2NkbgNuZXQAwGEAAQABAAAABAAEXbyG9sBhAAEAAQAAAAQABF28hvE="}
-01189{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089072333305,"flow_src_last_pkt_time":1463089072333305,"flow_dst_last_pkt_time":1463089072444805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":149,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":149,"midstream":0,"thread_ts_usec":1463089072444805,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"img.t.sinajs.cn","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.246"}}}
+01062{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089072333305,"flow_src_last_pkt_time":1463089072333305,"flow_dst_last_pkt_time":1463089072444805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":149,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":149,"midstream":0,"thread_ts_usec":1463089072444805,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"img.t.sinajs.cn","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.246"}}}
 00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089072445019,"flow_src_last_pkt_time":1463089072445019,"flow_dst_last_pkt_time":1463089072445019,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089072445019,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1463089072445019,"flow_dst_last_pkt_time":1463089072445019,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1463089072445019,"pkt":"kDVu60UQeJKcD6iOCABFAAA8AXdAAEAGkoHAqAFpXbyG9ovbAFCLeghvAAAAAKACchAFvgAAAgQFtAQCCAoAQQkYAAAAAAEDAwc="}
 00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089072445053,"flow_src_last_pkt_time":1463089072445053,"flow_dst_last_pkt_time":1463089072445053,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089072445053,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -237,7 +237,7 @@
 00755{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073760724,"flow_src_last_pkt_time":1463089073760724,"flow_dst_last_pkt_time":1463089073760724,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52272,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00900{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073788865,"flow_src_last_pkt_time":1463089073788865,"flow_dst_last_pkt_time":1463089073788865,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00755{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073788865,"flow_src_last_pkt_time":1463089073788865,"flow_dst_last_pkt_time":1463089073788865,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01079{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089072333305,"flow_src_last_pkt_time":1463089072333305,"flow_dst_last_pkt_time":1463089072444805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":149,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":149,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
+00952{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089072333305,"flow_src_last_pkt_time":1463089072333305,"flow_dst_last_pkt_time":1463089072444805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":149,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":149,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
 00952{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089072885992,"flow_src_last_pkt_time":1463089072885992,"flow_dst_last_pkt_time":1463089073423772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":148,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
 00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073424254,"flow_src_last_pkt_time":1463089073424254,"flow_dst_last_pkt_time":1463089073424254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":16804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00901{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089072046092,"flow_src_last_pkt_time":1463089072046092,"flow_dst_last_pkt_time":1463089072070732,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.65","src_port":34699,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
@@ -250,7 +250,7 @@
 00755{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073537924,"flow_src_last_pkt_time":1463089073537924,"flow_dst_last_pkt_time":1463089073537924,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48356,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00951{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089071551377,"flow_src_last_pkt_time":1463089071551377,"flow_dst_last_pkt_time":1463089071612902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
 00943{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089073289058,"flow_src_last_pkt_time":1463089073289058,"flow_dst_last_pkt_time":1463089073763925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00850{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1463089067804779,"flow_src_last_pkt_time":1463089068490775,"flow_dst_last_pkt_time":1463089068491086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":618,"flow_src_tot_l4_payload_len":753,"flow_dst_tot_l4_payload_len":813,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Unrated"}}
+00927{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1463089067804779,"flow_src_last_pkt_time":1463089068490775,"flow_dst_last_pkt_time":1463089068491086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":618,"flow_src_tot_l4_payload_len":753,"flow_dst_tot_l4_payload_len":813,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}}
 00762{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1463089067804779,"flow_src_last_pkt_time":1463089068490775,"flow_dst_last_pkt_time":1463089068491086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":618,"flow_src_tot_l4_payload_len":753,"flow_dst_tot_l4_payload_len":813,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00942{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1463089070841932,"flow_src_last_pkt_time":1463089071547268,"flow_dst_last_pkt_time":1463089071891757,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":635,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":635,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59119,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00930{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1463089070841976,"flow_src_last_pkt_time":1463089071198637,"flow_dst_last_pkt_time":1463089071198585,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59120,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
@@ -259,13 +259,13 @@
 00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1463089071008468,"flow_src_last_pkt_time":1463089071348686,"flow_dst_last_pkt_time":1463089071348610,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59121,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00901{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089071046082,"flow_src_last_pkt_time":1463089071046082,"flow_dst_last_pkt_time":1463089071094149,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.206","src_port":35154,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00755{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089071046082,"flow_src_last_pkt_time":1463089071046082,"flow_dst_last_pkt_time":1463089071094149,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.206","src_port":35154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00851{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1463089070755684,"flow_src_last_pkt_time":1463089072356956,"flow_dst_last_pkt_time":1463089072331449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":364,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":965,"flow_dst_tot_l4_payload_len":621,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.227","src_port":53656,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Unrated"}}
+00928{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1463089070755684,"flow_src_last_pkt_time":1463089072356956,"flow_dst_last_pkt_time":1463089072331449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":364,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":965,"flow_dst_tot_l4_payload_len":621,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.227","src_port":53656,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}}
 00763{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1463089070755684,"flow_src_last_pkt_time":1463089072356956,"flow_dst_last_pkt_time":1463089072331449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":364,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":965,"flow_dst_tot_l4_payload_len":621,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.227","src_port":53656,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073479208,"flow_src_last_pkt_time":1463089073479208,"flow_dst_last_pkt_time":1463089073479208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50533,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":39,"flow_first_seen":1463089071613246,"flow_src_last_pkt_time":1463089072438109,"flow_dst_last_pkt_time":1463089072438075,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":450,"flow_dst_max_l4_payload_len":2872,"flow_src_tot_l4_payload_len":450,"flow_dst_tot_l4_payload_len":31448,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
 01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089073287324,"flow_src_last_pkt_time":1463089073287324,"flow_dst_last_pkt_time":1463089073760507,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":115,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":115,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073394448,"flow_src_last_pkt_time":1463089073394448,"flow_dst_last_pkt_time":1463089073394448,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","packets-captured":498,"packets-processed":498,"total-skipped-flows":0,"total-l4-payload-len":234875,"total-not-detected-flows":2,"total-guessed-flows":19,"total-detected-flows":23,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":44,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":268,"global_ts_usec":1463089073893914}
+00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","packets-captured":498,"packets-processed":498,"total-skipped-flows":0,"total-l4-payload-len":234875,"total-not-detected-flows":0,"total-guessed-flows":21,"total-detected-flows":23,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":44,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":268,"global_ts_usec":1463089073893914}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 498/498
 ~~ skipped flows.............: 0
@@ -274,9 +274,9 @@
 ~~ total active/idle flows...: 44/44
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6507862 bytes
-~~ total memory freed........: 6507862 bytes
-~~ total allocations/frees...: 123466/123466
+~~ total memory allocated....: 6513184 bytes
+~~ total memory freed........: 6513184 bytes
+~~ total allocations/frees...: 123483/123483
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 2201 chars
diff --git a/test/results/whatsapp.pcap.out b/test/results/whatsapp.pcap.out
index 3013e3d15..454e367d3 100644
--- a/test/results/whatsapp.pcap.out
+++ b/test/results/whatsapp.pcap.out
@@ -757,9 +757,9 @@
 ~~ total active/idle flows...: 86/86
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6760565 bytes
-~~ total memory freed........: 6760565 bytes
-~~ total allocations/frees...: 124136/124136
+~~ total memory allocated....: 6766150 bytes
+~~ total memory freed........: 6766150 bytes
+~~ total allocations/frees...: 124146/124146
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 493 chars
 ~~ json string max len.......: 2225 chars
diff --git a/test/results/whatsapp_login_call.pcap.out b/test/results/whatsapp_login_call.pcap.out
index 580677bbf..1cfb274c1 100644
--- a/test/results/whatsapp_login_call.pcap.out
+++ b/test/results/whatsapp_login_call.pcap.out
@@ -467,9 +467,9 @@
 ~~ total active/idle flows...: 57/57
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6583507 bytes
-~~ total memory freed........: 6583507 bytes
-~~ total allocations/frees...: 124317/124317
+~~ total memory allocated....: 6588860 bytes
+~~ total memory freed........: 6588860 bytes
+~~ total allocations/frees...: 124327/124327
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 504 chars
 ~~ json string max len.......: 2475 chars
diff --git a/test/results/whatsapp_login_chat.pcap.out b/test/results/whatsapp_login_chat.pcap.out
index 969fd7cdc..1a2e80784 100644
--- a/test/results/whatsapp_login_chat.pcap.out
+++ b/test/results/whatsapp_login_chat.pcap.out
@@ -65,9 +65,9 @@
 ~~ total active/idle flows...: 9/9
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6436895 bytes
-~~ total memory freed........: 6436895 bytes
-~~ total allocations/frees...: 122616/122616
+~~ total memory allocated....: 6441864 bytes
+~~ total memory freed........: 6441864 bytes
+~~ total allocations/frees...: 122626/122626
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 504 chars
 ~~ json string max len.......: 2458 chars
diff --git a/test/results/whatsapp_voice_and_message.pcap.out b/test/results/whatsapp_voice_and_message.pcap.out
index 8ae82461c..eaf7fafd3 100644
--- a/test/results/whatsapp_voice_and_message.pcap.out
+++ b/test/results/whatsapp_voice_and_message.pcap.out
@@ -132,9 +132,9 @@
 ~~ total active/idle flows...: 13/13
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6451155 bytes
-~~ total memory freed........: 6451155 bytes
-~~ total allocations/frees...: 122834/122834
+~~ total memory allocated....: 6456156 bytes
+~~ total memory freed........: 6456156 bytes
+~~ total allocations/frees...: 122844/122844
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 510 chars
 ~~ json string max len.......: 2194 chars
diff --git a/test/results/whatsappfiles.pcap.out b/test/results/whatsappfiles.pcap.out
index f8c3318d5..f296f7e40 100644
--- a/test/results/whatsappfiles.pcap.out
+++ b/test/results/whatsappfiles.pcap.out
@@ -30,9 +30,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6446173 bytes
-~~ total memory freed........: 6446173 bytes
-~~ total allocations/frees...: 123085/123085
+~~ total memory allocated....: 6451086 bytes
+~~ total memory freed........: 6451086 bytes
+~~ total allocations/frees...: 123095/123095
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 498 chars
 ~~ json string max len.......: 2185 chars
diff --git a/test/results/whois.pcapng.out b/test/results/whois.pcapng.out
index 0a2137250..ef4386d59 100644
--- a/test/results/whois.pcapng.out
+++ b/test/results/whois.pcapng.out
@@ -36,9 +36,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6422261 bytes
-~~ total memory freed........: 6422261 bytes
-~~ total allocations/frees...: 122489/122489
+~~ total memory allocated....: 6427182 bytes
+~~ total memory freed........: 6427182 bytes
+~~ total allocations/frees...: 122499/122499
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 2107 chars
diff --git a/test/results/windowsupdate_over_http.pcap.out b/test/results/windowsupdate_over_http.pcap.out
index e97588e4f..75d73c617 100644
--- a/test/results/windowsupdate_over_http.pcap.out
+++ b/test/results/windowsupdate_over_http.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6413219 bytes
-~~ total memory freed........: 6413219 bytes
-~~ total allocations/frees...: 122471/122471
+~~ total memory allocated....: 6418130 bytes
+~~ total memory freed........: 6418130 bytes
+~~ total allocations/frees...: 122482/122482
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 483 chars
 ~~ json string max len.......: 1582 chars
diff --git a/test/results/wireguard.pcap.out b/test/results/wireguard.pcap.out
index 15cdd016f..49870d0fb 100644
--- a/test/results/wireguard.pcap.out
+++ b/test/results/wireguard.pcap.out
@@ -25,9 +25,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6481317 bytes
-~~ total memory freed........: 6481317 bytes
-~~ total allocations/frees...: 124835/124835
+~~ total memory allocated....: 6486222 bytes
+~~ total memory freed........: 6486222 bytes
+~~ total allocations/frees...: 124845/124845
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 494 chars
 ~~ json string max len.......: 2199 chars
diff --git a/test/results/wow.pcap.out b/test/results/wow.pcap.out
index d2908d459..64480aed4 100644
--- a/test/results/wow.pcap.out
+++ b/test/results/wow.pcap.out
@@ -14,6 +14,8 @@
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"wow.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1437858769673368,"flow_dst_last_pkt_time":1437858769673283,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1437858769673368,"pkt":"JGUR0Ik6JGURQGHhCABFAAAoGJdAAIAGOf7AqLIUGGkdFZmQAFAEh98dl7X8nlAQQjCzjwAA"}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"wow.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1437858769673474,"flow_dst_last_pkt_time":1437858769673283,"flow_idle_time":3285032704,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1437858769673474,"pkt":"JGUR0Ik6JGURQGHhCABFAAAoGJdAAIAGOf7AqLIUGGkdFZmQAFAEh98dl7X8nlAQQjCzjwAA"}
 01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"wow.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1437858769451846,"flow_src_last_pkt_time":1437858769820537,"flow_dst_last_pkt_time":1437858769673283,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1437858769820537,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"24.105.29.21","src_port":39312,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.WorldOfWarcraft","proto_id":"7.76","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game","hostname":"launcher.worldofwarcraft.com","http": {"url":"launcher.worldofwarcraft.com\/alert","code":0,"content_type":"","user_agent":""}}}
+01216{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"wow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":3,"flow_first_seen":1437858769436349,"flow_src_last_pkt_time":1437858769651284,"flow_dst_last_pkt_time":1437858770247503,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":273,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":273,"midstream":0,"thread_ts_usec":1437858770247503,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.222.53","src_port":39309,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.WorldOfWarcraft","proto_id":"7.76","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game","hostname":"us.scan.worldofwarcraft.com","http": {"url":"us.scan.worldofwarcraft.com\/update\/Launcher.txt","code":200,"content_type":"text\/plain","user_agent":""}}}
+01206{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"wow.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":3,"flow_first_seen":1437858769451846,"flow_src_last_pkt_time":1437858769820629,"flow_dst_last_pkt_time":1437858771481584,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":544,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":544,"midstream":0,"thread_ts_usec":1437858771481584,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"24.105.29.21","src_port":39312,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.WorldOfWarcraft","proto_id":"7.76","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game","hostname":"launcher.worldofwarcraft.com","http": {"url":"launcher.worldofwarcraft.com\/alert","code":200,"content_type":"text\/plain","user_agent":""}}}
 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"wow.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437858780584251,"flow_src_last_pkt_time":1437858780584251,"flow_dst_last_pkt_time":1437858780584251,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1437858780584251,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39329,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"wow.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1437858780584251,"flow_dst_last_pkt_time":1437858780584251,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1437858780584251,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GOFAAIAGfgPAqLIUDIHkmZmhDoyszXMNAAAAAKACIAAeTgAAAgQFtAEDAwIEAggKACndrQAAAAA="}
 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"wow.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1437858780584629,"flow_dst_last_pkt_time":1437858780584251,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1437858780584629,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GOFAAIAGfgPAqLIUDIHkmZmhDoyszXMNAAAAAKACIAAeTgAAAgQFtAEDAwIEAggKACndrQAAAAA="}
@@ -28,7 +30,7 @@
 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"wow.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1437858849702632,"flow_dst_last_pkt_time":1437858849702534,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1437858849702632,"pkt":"JGUR0Ik6JGURQGHhCABFAAA0GWZAAIAGfYbAqLIUDIHkmZnEDowRX7J8ZKojs4AQEGhlVQAAAQEICgAp+K1Cum0N"}
 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"wow.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1437858849702756,"flow_dst_last_pkt_time":1437858849702534,"flow_idle_time":3285032704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1437858849702756,"pkt":"JGUR0Ik6JGURQGHhCABFAAA0GWZAAIAGfYbAqLIUDIHkmZnEDowRX7J8ZKojs4AQEGhlVQAAAQEICgAp+K1Cum0N"}
 00904{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"wow.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1437858849489494,"flow_src_last_pkt_time":1437858849702756,"flow_dst_last_pkt_time":1437858849924849,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":50,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":50,"midstream":0,"thread_ts_usec":1437858849924849,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39364,"dst_port":3724,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WorldOfWarcraft","proto_id":"76","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":83,"source":"wow.pcap","alias":"nDPId-test","packets-captured":83,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":4309,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1437859397750241}
+00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":83,"source":"wow.pcap","alias":"nDPId-test","packets-captured":83,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":4309,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":2,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1437859397750241}
 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"wow.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437859397750241,"flow_src_last_pkt_time":1437859397750241,"flow_dst_last_pkt_time":1437859397750241,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1437859397750241,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.152","src_port":39593,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"wow.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1437859397750241,"flow_dst_last_pkt_time":1437859397750241,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1437859397750241,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8KdNAAIAGbRLAqLIUDIHkmJqpDoyvdi+RAAAAAKACIABtBAAAAgQFtAEDAwIEAggKACrOwgAAAAA="}
 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"wow.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1437859397750308,"flow_dst_last_pkt_time":1437859397750241,"flow_idle_time":3285032704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1437859397750308,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8KdNAAIAGbRLAqLIUDIHkmJqpDoyvdi+RAAAAAKACIABtBAAAAgQFtAEDAwIEAggKACrOwgAAAAA="}
@@ -39,9 +41,9 @@
 00951{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1437858780584251,"flow_src_last_pkt_time":1437858781945900,"flow_dst_last_pkt_time":1437858782413909,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":401,"flow_src_tot_l4_payload_len":2112,"flow_dst_tot_l4_payload_len":494,"midstream":0,"thread_ts_usec":1437859398661830,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39329,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WorldOfWarcraft","proto_id":"76","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00947{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":5,"flow_first_seen":1437858849489494,"flow_src_last_pkt_time":1437858850365838,"flow_dst_last_pkt_time":1437858850365461,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":50,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":97,"midstream":0,"thread_ts_usec":1437859398661830,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39364,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WorldOfWarcraft","proto_id":"76","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1437859397750241,"flow_src_last_pkt_time":1437859398404065,"flow_dst_last_pkt_time":1437859398661830,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":50,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":93,"midstream":0,"thread_ts_usec":1437859398661830,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.152","src_port":39593,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WorldOfWarcraft","proto_id":"76","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00952{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":6,"flow_first_seen":1437858769436349,"flow_src_last_pkt_time":1437858780442418,"flow_dst_last_pkt_time":1437858780442307,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":273,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":546,"midstream":0,"thread_ts_usec":1437859398661830,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.222.53","src_port":39309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.WorldOfWarcraft","proto_id":"7.76","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00955{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":6,"flow_first_seen":1437858769451846,"flow_src_last_pkt_time":1437858780577538,"flow_dst_last_pkt_time":1437858780577426,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":544,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":544,"midstream":0,"thread_ts_usec":1437859398661830,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"24.105.29.21","src_port":39312,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.WorldOfWarcraft","proto_id":"7.76","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","packets-captured":95,"packets-processed":95,"total-skipped-flows":0,"total-l4-payload-len":4586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1437859398661830}
+01082{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":6,"flow_first_seen":1437858769436349,"flow_src_last_pkt_time":1437858780442418,"flow_dst_last_pkt_time":1437858780442307,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":273,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":546,"midstream":0,"thread_ts_usec":1437859398661830,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.222.53","src_port":39309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.WorldOfWarcraft","proto_id":"7.76","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
+01085{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":6,"flow_first_seen":1437858769451846,"flow_src_last_pkt_time":1437858780577538,"flow_dst_last_pkt_time":1437858780577426,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":544,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":544,"midstream":0,"thread_ts_usec":1437859398661830,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"24.105.29.21","src_port":39312,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.WorldOfWarcraft","proto_id":"7.76","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
+00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","packets-captured":95,"packets-processed":95,"total-skipped-flows":0,"total-l4-payload-len":4586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_usec":1437859398661830}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 95/95
 ~~ skipped flows.............: 0
@@ -50,10 +52,10 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6428119 bytes
-~~ total memory freed........: 6428119 bytes
-~~ total allocations/frees...: 122588/122588
+~~ total memory allocated....: 6433141 bytes
+~~ total memory freed........: 6433141 bytes
+~~ total allocations/frees...: 122602/122602
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 488 chars
-~~ json string max len.......: 1064 chars
-~~ json string avg len.......: 775 chars
+~~ json string max len.......: 1221 chars
+~~ json string avg len.......: 853 chars
diff --git a/test/results/xdmcp.pcap.out b/test/results/xdmcp.pcap.out
index a157c0c26..585c0c4c5 100644
--- a/test/results/xdmcp.pcap.out
+++ b/test/results/xdmcp.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6411920 bytes
-~~ total memory freed........: 6411920 bytes
-~~ total allocations/frees...: 122442/122442
+~~ total memory allocated....: 6416825 bytes
+~~ total memory freed........: 6416825 bytes
+~~ total allocations/frees...: 122452/122452
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 945 chars
diff --git a/test/results/xiaomi.pcap.out b/test/results/xiaomi.pcap.out
index 42c102454..456d515b8 100644
--- a/test/results/xiaomi.pcap.out
+++ b/test/results/xiaomi.pcap.out
@@ -64,9 +64,9 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6436989 bytes
-~~ total memory freed........: 6436989 bytes
-~~ total allocations/frees...: 122576/122576
+~~ total memory allocated....: 6441942 bytes
+~~ total memory freed........: 6441942 bytes
+~~ total allocations/frees...: 122586/122586
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 1797 chars
diff --git a/test/results/xss.pcap.out b/test/results/xss.pcap.out
index 77c17de63..b016e5112 100644
--- a/test/results/xss.pcap.out
+++ b/test/results/xss.pcap.out
@@ -23,9 +23,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6414203 bytes
-~~ total memory freed........: 6414203 bytes
-~~ total allocations/frees...: 122465/122465
+~~ total memory allocated....: 6419139 bytes
+~~ total memory freed........: 6419139 bytes
+~~ total allocations/frees...: 122476/122476
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 488 chars
 ~~ json string max len.......: 1351 chars
diff --git a/test/results/youtube_quic.pcap.out b/test/results/youtube_quic.pcap.out
index 62747e60f..c7fc80d76 100644
--- a/test/results/youtube_quic.pcap.out
+++ b/test/results/youtube_quic.pcap.out
@@ -34,9 +34,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6423871 bytes
-~~ total memory freed........: 6423871 bytes
-~~ total allocations/frees...: 122750/122750
+~~ total memory allocated....: 6428792 bytes
+~~ total memory freed........: 6428792 bytes
+~~ total allocations/frees...: 122760/122760
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 497 chars
 ~~ json string max len.......: 2312 chars
diff --git a/test/results/youtubeupload.pcap.out b/test/results/youtubeupload.pcap.out
index 4b4aebcc3..c0fffcf46 100644
--- a/test/results/youtubeupload.pcap.out
+++ b/test/results/youtubeupload.pcap.out
@@ -36,9 +36,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6431778 bytes
-~~ total memory freed........: 6431778 bytes
-~~ total allocations/frees...: 122618/122618
+~~ total memory allocated....: 6436699 bytes
+~~ total memory freed........: 6436699 bytes
+~~ total allocations/frees...: 122628/122628
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 498 chars
 ~~ json string max len.......: 2317 chars
diff --git a/test/results/z3950.pcapng.out b/test/results/z3950.pcapng.out
index 1d1085e83..510ce2065 100644
--- a/test/results/z3950.pcapng.out
+++ b/test/results/z3950.pcapng.out
@@ -26,9 +26,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6418541 bytes
-~~ total memory freed........: 6418541 bytes
-~~ total allocations/frees...: 122480/122480
+~~ total memory allocated....: 6423454 bytes
+~~ total memory freed........: 6423454 bytes
+~~ total allocations/frees...: 122490/122490
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 1089 chars
diff --git a/test/results/zabbix.pcap.out b/test/results/zabbix.pcap.out
index 4644a39bf..267e61970 100644
--- a/test/results/zabbix.pcap.out
+++ b/test/results/zabbix.pcap.out
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6412036 bytes
-~~ total memory freed........: 6412036 bytes
-~~ total allocations/frees...: 122446/122446
+~~ total memory allocated....: 6416941 bytes
+~~ total memory freed........: 6416941 bytes
+~~ total allocations/frees...: 122456/122456
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 954 chars
diff --git a/test/results/zattoo.pcap.out b/test/results/zattoo.pcap.out
index 35a9a3e0b..388158bd0 100644
--- a/test/results/zattoo.pcap.out
+++ b/test/results/zattoo.pcap.out
@@ -26,9 +26,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6418953 bytes
-~~ total memory freed........: 6418953 bytes
-~~ total allocations/frees...: 122489/122489
+~~ total memory allocated....: 6423866 bytes
+~~ total memory freed........: 6423866 bytes
+~~ total allocations/frees...: 122499/122499
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 491 chars
 ~~ json string max len.......: 1944 chars
diff --git a/test/results/zcash.pcap.out b/test/results/zcash.pcap.out
index 3f878a907..22f9df587 100644
--- a/test/results/zcash.pcap.out
+++ b/test/results/zcash.pcap.out
@@ -19,9 +19,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6417999 bytes
-~~ total memory freed........: 6417999 bytes
-~~ total allocations/frees...: 122582/122582
+~~ total memory allocated....: 6422904 bytes
+~~ total memory freed........: 6422904 bytes
+~~ total allocations/frees...: 122592/122592
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 2451 chars
diff --git a/test/results/zoom.pcap.out b/test/results/zoom.pcap.out
index e96d30440..3cee7308d 100644
--- a/test/results/zoom.pcap.out
+++ b/test/results/zoom.pcap.out
@@ -52,22 +52,22 @@
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469116573,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1569520469116573,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoaEVAAO8G\/tUN4VS2wKgBdQG71g5UB27VAAAAAFAEAADwhQAAAAAAAAAA"}
 00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469189810,"flow_src_last_pkt_time":1569520469189810,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469189810,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1569520469189810,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469189810,"pkt":"EBMx8Tl2KDc3AG3ICABFAABICu4AAEAR5YzAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
+00995{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469189810,"flow_src_last_pkt_time":1569520469189810,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469189810,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":0}}}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469198772,"flow_idle_time":3285032704,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1569520469198772,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAomZxAAO4GvV00yj7uwKgBdQG71lCVbT6Vn9byIVAQAAc78QAAAAAAAAAA"}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469200030,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469200030,"pkt":"EBMx8Tl2KDc3AG3ICABFAABISukAAEARpZHAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
 01158{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469200490,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520469200490,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","tls": {"version":"TLSv1.2","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1"}}}
 01482{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469200897,"flow_dst_last_pkt_time":1569520469201006,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5608,"midstream":0,"thread_ts_usec":1569520469201006,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","advertised_alpns":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1569520469210161,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469210161,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIjkkAAEARYjHAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
-00989{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1569520469189810,"flow_src_last_pkt_time":1569520469210161,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469210161,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":3,"num_processed_pkts":3}}}
 00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469221116,"flow_src_last_pkt_time":1569520469221116,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469221116,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1569520469221116,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469221116,"pkt":"EBMx8Tl2KDc3AG3ICABFAABI9l0AAEAR+RzAqAF1ov8mDl1fDZYANPpTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
+00995{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469221116,"flow_src_last_pkt_time":1569520469221116,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469221116,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469231500,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469231500,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIQ9kAAEARq6HAqAF1ov8mDl1fDZYANPpTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1569520469242043,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469242043,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIKAsAAEARx2\/AqAF1ov8mDl1fDZYANPpTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
-00989{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1569520469221116,"flow_src_last_pkt_time":1569520469242043,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469242043,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":3,"num_processed_pkts":3}}}
 00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469253995,"flow_src_last_pkt_time":1569520469253995,"flow_dst_last_pkt_time":1569520469253995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469253995,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1569520469253995,"flow_dst_last_pkt_time":1569520469253995,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469253995,"pkt":"EBMx8Tl2KDc3AG3ICABFAABI+hMAAEAR9WbAqAF1ov8mDl1fDZcANPpSAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
+01127{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469253995,"flow_src_last_pkt_time":1569520469253995,"flow_dst_last_pkt_time":1569520469253995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469253995,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469264582,"flow_dst_last_pkt_time":1569520469253995,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469264582,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIADMAAEAR70fAqAF1ov8mDl1fDZcANPpSAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1569520469274880,"flow_dst_last_pkt_time":1569520469253995,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469274880,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIzF0AAEARIx3AqAF1ov8mDl1fDZcANPpSAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
-01121{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1569520469253995,"flow_src_last_pkt_time":1569520469274880,"flow_dst_last_pkt_time":1569520469253995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469274880,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":3,"num_processed_pkts":3}}}
 00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469340783,"flow_src_last_pkt_time":1569520469340783,"flow_dst_last_pkt_time":1569520469340783,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":263,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520469340783,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00863{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1569520469340783,"flow_dst_last_pkt_time":1569520469340783,"flow_idle_time":3285032704,"pkt_caplen":329,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":329,"pkt_l4_len":295,"thread_ts_usec":1569520469340783,"pkt":"EBMx8Tl2KDc3AG3ICABFAAE7AABAAEAGza7AqAF1aMdBKtJrAFCnuOoZVolcQYAYEADYHwAAAQEICiWc2yOz1c0BjkVSpFLY1xT06OSrjoriJgcfK\/\/jFeJ0MBFnTs\/gjSBBTilLonupmCKu9pPH3O3kr0WdmS15RGnoT780kKdV0pI3Sc4BmoL3SDuD+4AKh61lYz9\/Fy+NoN7yg5wYBt1EyrpPMLbLqHBNHL\/bSEl7ELs0VVSBp\/yK5KmmCJ9NxlFB5OhyVsIKKMN16tHZjCMzvfXD8zzASLDMp2Jgo7P\/WwPcHOM+42RSXjbuLZ5ok2AmF+hLRIKzRuPPREeQ7vQwmpDzjOHW9Sf++k9YwzgVZySXAtDkgpGRg+YDLvXpKGuHNj5xgws4SOHXAFvt3QGUXS4yo6IYy8o0BGkEyJuTk1MEHV6JN74="}
 00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469341987,"flow_src_last_pkt_time":1569520469341987,"flow_dst_last_pkt_time":1569520469341987,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":1368,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1368,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1368,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520469341987,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -227,9 +227,9 @@
 00765{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469430881,"flow_dst_last_pkt_time":1569520469430777,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":758,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1466,"flow_dst_tot_l4_payload_len":5833,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00768{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470454378,"flow_dst_last_pkt_time":1569520470449389,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":633,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1614,"flow_dst_tot_l4_payload_len":15671,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":17,"flow_first_seen":1569520470022260,"flow_src_last_pkt_time":1569520470628076,"flow_dst_last_pkt_time":1569520470618526,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":810,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2209,"flow_dst_tot_l4_payload_len":17680,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
-00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520469221116,"flow_src_last_pkt_time":1569520469242043,"flow_dst_last_pkt_time":1569520469399008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520469189810,"flow_src_last_pkt_time":1569520469210161,"flow_dst_last_pkt_time":1569520469375868,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01078{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520469253995,"flow_src_last_pkt_time":1569520469274880,"flow_dst_last_pkt_time":1569520469433682,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00953{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520469221116,"flow_src_last_pkt_time":1569520469242043,"flow_dst_last_pkt_time":1569520469399008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00953{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520469189810,"flow_src_last_pkt_time":1569520469210161,"flow_dst_last_pkt_time":1569520469375868,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
+01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520469253995,"flow_src_last_pkt_time":1569520469274880,"flow_dst_last_pkt_time":1569520469433682,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520466209429,"flow_src_last_pkt_time":1569520466209429,"flow_dst_last_pkt_time":1569520466209429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00940{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520470666966,"flow_src_last_pkt_time":1569520470666966,"flow_dst_last_pkt_time":1569520470666966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}}
 01208{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1569520466316930,"flow_src_last_pkt_time":1569520471535462,"flow_dst_last_pkt_time":1569520471572328,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":866,"flow_dst_max_l4_payload_len":1226,"flow_src_tot_l4_payload_len":1526,"flow_dst_tot_l4_payload_len":1399,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -256,9 +256,9 @@
 ~~ total active/idle flows...: 33/33
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6724816 bytes
-~~ total memory freed........: 6724816 bytes
-~~ total allocations/frees...: 123581/123581
+~~ total memory allocated....: 6729977 bytes
+~~ total memory freed........: 6729977 bytes
+~~ total allocations/frees...: 123591/123591
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 290 chars
 ~~ json string max len.......: 2366 chars
diff --git a/test/results/zoom2.pcap.out b/test/results/zoom2.pcap.out
index a16a0c09b..f5e08f855 100644
--- a/test/results/zoom2.pcap.out
+++ b/test/results/zoom2.pcap.out
@@ -16,9 +16,8 @@
 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1642965459696999,"flow_dst_last_pkt_time":1642965459762205,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1642965459762205,"pkt":"KDc3AG3IEBMx8Tl2CABFAABIvJFAADER8FuQw0mawKgBsiJh7O0ANHLoAgADyErEUocYzaK4R3obiZ8zgwBPg3gAb2E\/AAAAAAAAAAAAQABAAAPgAwA="}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1642965459696999,"flow_dst_last_pkt_time":1642965459762232,"flow_idle_time":200000000,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_usec":1642965459762232,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAqvJJAADER8HiQw0mawKgBsiJh7O0AFmLaAwAAAAFc+wAqAE+DeAAAAAAA"}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1642965459769989,"flow_dst_last_pkt_time":1642965459762232,"flow_idle_time":200000000,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1642965459769989,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcd0QAAEARZlXAqAGykMNJmuztImEAiG5YBQAAAE+DeAAMAQ2nookzBUj9tVbF0Qt46QgBAAgBAwAAAAAAAAADAAAAFmRhdGFfYmluZF9yZXBsYWNlX2ZsYWcCAAAAAQAAAARtYzM1AQAgWgPeedk60Fm5ZdBE\/G0z\/60aAFtvh69s2u5YncBkBAwAAAAEbWMzNgMAAAAAAAE="}
-01998{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":172,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":27,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965459884168,"flow_dst_last_pkt_time":1642965460094905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":21016,"midstream":0,"thread_ts_usec":1642965460094905,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":21,"avg":25414.0,"max":166585,"stddev":40490.2,"var":1639456256.0,"ent":3.6,"data": [101379,166585,27,72990,12330,100439,29,101849,72959,11921,4860,10860,10480,10129,246,9160,10351,10320,11352,21,292,9440,8565,5418,4862,82,10799,10006,10476,9401,205]},"pktlen": {"min":46,"avg":704.7,"max":1064,"stddev":464.6,"var":215864.3,"ent":4.6,"data": [151,151,72,46,156,156,72,46,156,88,88,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,88,1064,1064,1064,1064,1064,1064,1064]},"bins": {"c_to_s": [0,0,0,2,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [5.840515137,5.848702431,4.861306667,4.234366894,5.447824001,5.554306984,4.833528996,4.321323395,5.629264832,4.681292534,4.672410965,0.559972763,0.556576610,0.564253807,0.560080409,0.590531707,0.561960101,0.563839793,0.561959982,0.563839793,0.597341061,0.588497758,0.561959982,0.561959982,4.750781059,0.551231861,0.590992451,0.553111553,0.553111553,0.561959982,0.561959982,0.599220753]}}
-00930{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":172,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":27,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965459884168,"flow_dst_last_pkt_time":1642965460094905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":21016,"midstream":0,"thread_ts_usec":1642965460094905,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
-00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":27,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965459884168,"flow_dst_last_pkt_time":1642965460094905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":21016,"midstream":0,"thread_ts_usec":1642965460094905,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965459769989,"flow_dst_last_pkt_time":1642965459762232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":374,"flow_dst_tot_l4_payload_len":58,"midstream":0,"thread_ts_usec":1642965459769989,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP.Zoom","proto_id":"87.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
+02190{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":172,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":27,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965459884168,"flow_dst_last_pkt_time":1642965460094905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":21016,"midstream":0,"thread_ts_usec":1642965460094905,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":21,"avg":25414.0,"max":166585,"stddev":40490.2,"var":1639456256.0,"ent":3.6,"data": [101379,166585,27,72990,12330,100439,29,101849,72959,11921,4860,10860,10480,10129,246,9160,10351,10320,11352,21,292,9440,8565,5418,4862,82,10799,10006,10476,9401,205]},"pktlen": {"min":46,"avg":704.7,"max":1064,"stddev":464.6,"var":215864.3,"ent":4.6,"data": [151,151,72,46,156,156,72,46,156,88,88,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,88,1064,1064,1064,1064,1064,1064,1064]},"bins": {"c_to_s": [0,0,0,2,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [5.840515137,5.848702431,4.861306667,4.234366894,5.447824001,5.554306984,4.833528996,4.321323395,5.629264832,4.681292534,4.672410965,0.559972763,0.556576610,0.564253807,0.560080409,0.590531707,0.561960101,0.563839793,0.561959982,0.563839793,0.597341061,0.588497758,0.561959982,0.561959982,4.750781059,0.551231861,0.590992451,0.553111553,0.553111553,0.561959982,0.561959982,0.599220753]},"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP.Zoom","proto_id":"87.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
 00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":207,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642965460219455,"flow_src_last_pkt_time":1642965460219455,"flow_dst_last_pkt_time":1642965460219455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965460219455,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1642965460219455,"flow_dst_last_pkt_time":1642965460219455,"flow_idle_time":200000000,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_usec":1642965460219455,"pkt":"EBMx8Tl2KDc3AG3ICABFAACXHkIAAEARv1zAqAGykMNJmuMFImEAg0sbAQADlUCX4nL8uBw5x1bMJMqfpQAAAAAAAAACAG9jrwBvY68AAABAl22YpdImmjxXhx5z1M7uHC\/xx4xLX\/xo6rKtN3WTuu3glztmqi13Dg3+OBrijJCCvcHGEhZr6j9A\/GzgvpreMAAAAAAAQABAAAB1MAABAAMAAiAA"}
 00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1642965460317924,"flow_dst_last_pkt_time":1642965460219455,"flow_idle_time":200000000,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_usec":1642965460317924,"pkt":"EBMx8Tl2KDc3AG3ICABFAACXuuwAAEARIrLAqAGykMNJmuMFImEAg\/g7AQADlUCX4nL8uBw5x1bMJMqfpQAAAAAAAAACAG9kEQBvZBEAAABAYCF6J0n\/WNesLuhly3GilJRpD8dJ+KbseJYiXUvXdBy1BvwwVV6C\/wnkDo4q0xg18raEv1VcZUiYfPp+4+eDYQAAAAAAQABAAAB1MAABAAMAAiAA"}
@@ -27,40 +26,38 @@
 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1642965460317924,"flow_dst_last_pkt_time":1642965460395901,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1642965460395901,"pkt":"KDc3AG3IEBMx8Tl2CABFAABIvbFAADER7zuQw0mawKgBsiJh4wUANKrxAgADlUCX4nL8uBw5x1bMJMqfpQBPg3kAb2OvAAAAAAAAAAAAQABAAAPgAwA="}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1642965460317924,"flow_dst_last_pkt_time":1642965460396025,"flow_idle_time":200000000,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_usec":1642965460396025,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAqvbJAADER71iQw0mawKgBsiJh4wUAFv+\/AwAAAAFc+wKWAE+DeQAAAAAA"}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1642965460403415,"flow_dst_last_pkt_time":1642965460396025,"flow_idle_time":200000000,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1642965460403415,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcY2IAAEARejfAqAGykMNJmuMFImEAiGKdBQAAAE+DeQAMAQ2nookzBUj9tVbF0Qt46QgBAAgCAQAAAAAAAAADAAAAFmRhdGFfYmluZF9yZXBsYWNlX2ZsYWcCAAAAAQAAAARtYzM1AQAgS7PT15CKVj6sghKYJ4Yp6vjpqRtMArsP8PTUh\/0sgAYAAAAEbWMzNgMAAAAAAAE="}
+00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1642965460219455,"flow_src_last_pkt_time":1642965460403415,"flow_dst_last_pkt_time":1642965460396025,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":374,"flow_dst_tot_l4_payload_len":58,"midstream":0,"thread_ts_usec":1642965460403415,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP.Zoom","proto_id":"87.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1642965460461401,"flow_dst_last_pkt_time":1642965460359314,"flow_idle_time":200000000,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_usec":1642965460461401,"pkt":"EBMx8Tl2KDc3AG3ICABFAACZ6kAAAEAR81vAqAGykMNJmuJhImEAhaEiAQADwkJYttycXaTnsMPEsai0ugAAAAAAAAACAG9koQBvZKEAAABA6DEQatkP0ZiaMugg0SFSq6JqmaXOleBRM3eRUGv0uLvPr6CL4g3oVryKRdoOzve7SJqEd+2jwB1vjsn7k5LMNv\/\/\/\/8AQABAAAB1MAABAAMAAiAACgA="}
 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1642965460461401,"flow_dst_last_pkt_time":1642965460546911,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1642965460546911,"pkt":"KDc3AG3IEBMx8Tl2CABFAABIvg1AAC8R8N+Qw0mawKgBsiJh4mEANErbAgADwkJYttycXaTnsMPEsai0ugBPg3oAb2Q7AAAAAAAAAAAAQABAAAPgAwA="}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1642965460461401,"flow_dst_last_pkt_time":1642965460546926,"flow_idle_time":200000000,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_usec":1642965460546926,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAqvg5AAC8R8PyQw0mawKgBsiJh4mEAFnNjAwAAAAFc+wMiAE+DegAAAAAA"}
 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1642965460567026,"flow_dst_last_pkt_time":1642965460546926,"flow_idle_time":200000000,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"thread_ts_usec":1642965460567026,"pkt":"EBMx8Tl2KDc3AG3ICABFAACjoFwAAEARPTbAqAGykMNJmuJhImEAj+FABQAAAE+DegANZQoAAAAADAENp6KJMwVI\/bVWxdELeOkIAQAIAwIAAAAAAAAAAwAAABZkYXRhX2JpbmRfcmVwbGFjZV9mbGFnAgAAAAEAAAAEbWMzNQEAIPW3GYRDi3fwUfr3WI1YaYPp9IcrWmfjSUJkbCEay3abAAAABG1jMzYDAAAAAAAB"}
-01984{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":497,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1642965460219455,"flow_src_last_pkt_time":1642965460877104,"flow_dst_last_pkt_time":1642965460887928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":161,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":1490,"flow_dst_tot_l4_payload_len":1734,"midstream":0,"thread_ts_usec":1642965460887928,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":12,"avg":42778.1,"max":176446,"stddev":48878.6,"var":2389121792.0,"ent":4.1,"data": [98469,176446,124,85491,9538,94754,12,99878,94166,12337,1946,12440,20627,16992,20131,168367,18000,3631,10879,10252,19350,32137,20903,115345,15,17844,18745,20098,20216,21487,85502]},"pktlen": {"min":46,"avg":129.0,"max":189,"stddev":35.8,"var":1279.8,"ent":4.9,"data": [151,151,72,46,156,156,72,46,156,88,88,161,164,154,149,145,116,88,149,92,143,144,134,135,166,189,116,150,148,143,144,116]},"bins": {"c_to_s": [0,0,1,6,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,5,3,8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,0,0,1,0,0,0,0,1],"entropies": [5.774950981,5.795780182,4.871791363,4.390829086,5.589504242,5.647461891,4.816236019,4.390829086,5.513776779,4.672714233,4.717865467,5.984676361,5.988471985,5.890224934,5.750802994,5.721282959,5.103803158,4.742203236,5.809841633,4.711098671,5.716365814,5.704583168,5.625706196,5.615069389,6.022024632,6.167570114,5.279437542,5.717482567,5.684329510,5.700431347,5.688298225,5.216770172]}}
-00929{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":497,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1642965460219455,"flow_src_last_pkt_time":1642965460877104,"flow_dst_last_pkt_time":1642965460887928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":161,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":1490,"flow_dst_tot_l4_payload_len":1734,"midstream":0,"thread_ts_usec":1642965460887928,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
-00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1642965460219455,"flow_src_last_pkt_time":1642965460877104,"flow_dst_last_pkt_time":1642965460887928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":161,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":1490,"flow_dst_tot_l4_payload_len":1734,"midstream":0,"thread_ts_usec":1642965460887928,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
-01953{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":575,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1642965460359314,"flow_src_last_pkt_time":1642965461085374,"flow_dst_last_pkt_time":1642965461081424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":1257,"flow_dst_tot_l4_payload_len":755,"midstream":0,"thread_ts_usec":1642965461085374,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":46715.2,"max":187597,"stddev":42950.9,"var":1844783744.0,"ent":4.3,"data": [102087,187597,15,105625,59,93505,28,87640,70667,56,105994,30,21517,32815,58979,18,48377,5541,49496,50209,26,8,55223,45719,56325,52361,22,59786,52118,47745,58582]},"pktlen": {"min":46,"avg":91.1,"max":171,"stddev":44.6,"var":1993.4,"ent":4.8,"data": [153,153,72,46,163,163,72,46,163,163,163,103,103,55,55,171,55,55,103,55,103,103,55,55,55,55,103,55,55,55,55,55]},"bins": {"c_to_s": [7,0,0,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,1,1,0,0,0,1,1,0,1,0,0,1,1,0,1,1,1,0,1,0,1,1,0,1,1,0],"entropies": [5.810314178,5.912507057,4.833528996,4.303872585,5.517835140,5.506913185,4.805751324,4.390829086,5.576398373,5.539088726,5.561493397,4.442456245,4.487634182,3.597789288,3.852133274,5.482311726,3.597789288,3.888496876,4.520360470,3.744285822,4.494622231,4.547106743,3.853325367,3.707922220,3.961224079,3.671558619,4.547106743,3.924860477,3.671558380,3.888496876,3.924860477,3.707922220]}}
-00927{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":575,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1642965460359314,"flow_src_last_pkt_time":1642965461085374,"flow_dst_last_pkt_time":1642965461081424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":1257,"flow_dst_tot_l4_payload_len":755,"midstream":0,"thread_ts_usec":1642965461085374,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
-00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1642965460359314,"flow_src_last_pkt_time":1642965461085374,"flow_dst_last_pkt_time":1642965461081424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":1257,"flow_dst_tot_l4_payload_len":755,"midstream":0,"thread_ts_usec":1642965461085374,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
-00727{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11804,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642965500049643,"flow_src_last_pkt_time":1642965500049643,"flow_dst_last_pkt_time":1642965500049643,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965500049643,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5}
-00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11804,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1642965500049643,"flow_dst_last_pkt_time":1642965500049643,"flow_idle_time":140000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1642965500049643,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4064AAEABCl\/AqAGykMNJmgMD9zUAAAAARQAAdCt\/QAAxEYFCkMNJmsCoAbIiYeMFAGAAAA=="}
-00894{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11804,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642965500049643,"flow_src_last_pkt_time":1642965500049643,"flow_dst_last_pkt_time":1642965500049643,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965500049643,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":4.253434}}
-00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11812,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1642965500053376,"flow_dst_last_pkt_time":1642965500049643,"flow_idle_time":140000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1642965500053376,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA48ZAAAEAB7HzAqAGykMNJmgMD6XYAAAAARQAESyuFQAAxEX1lkMNJmsCoAbIiYeztBDcAAA=="}
-00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11815,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1642965500054265,"flow_dst_last_pkt_time":1642965500049643,"flow_idle_time":140000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1642965500054265,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4fvIAAEABXxvAqAGykMNJmgMD6XYAAAAARQAESyuHQAAxEX1jkMNJmsCoAbIiYeztBDcAAA=="}
-00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11817,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1642965500063291,"flow_dst_last_pkt_time":1642965500049643,"flow_idle_time":140000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1642965500063291,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4dTYAAEABaNfAqAGykMNJmgMD6XcAAAAARQAESiuPQAAxEX1ckMNJmsCoAbIiYeztBDYAAA=="}
-00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11819,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1642965500063363,"flow_dst_last_pkt_time":1642965500049643,"flow_idle_time":140000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1642965500063363,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4\/\/AAAEAB3hzAqAGykMNJmgMD6XcAAAAARQAESiuQQAAxEX1bkMNJmsCoAbIiYeztBDYAAA=="}
-00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":44,"flow_first_seen":1642965460359314,"flow_src_last_pkt_time":1642965500043016,"flow_dst_last_pkt_time":1642965498034804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":3423,"flow_dst_tot_l4_payload_len":2664,"midstream":0,"thread_ts_usec":1642965502810488,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
-01102{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":491,"flow_dst_packets_processed":411,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965502810385,"flow_dst_last_pkt_time":1642965502810488,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":76227,"flow_dst_tot_l4_payload_len":31503,"midstream":0,"thread_ts_usec":1642965502810488,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
-00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1283,"flow_dst_packets_processed":947,"flow_first_seen":1642965460219455,"flow_src_last_pkt_time":1642965500042137,"flow_dst_last_pkt_time":1642965500203618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":334,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":248698,"flow_dst_tot_l4_payload_len":119844,"midstream":0,"thread_ts_usec":1642965502810488,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
-00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3824,"flow_dst_packets_processed":4907,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965500043662,"flow_dst_last_pkt_time":1642965500185977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1297,"flow_dst_max_l4_payload_len":1297,"flow_src_tot_l4_payload_len":4001782,"flow_dst_tot_l4_payload_len":3997349,"midstream":0,"thread_ts_usec":1642965502810488,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
-00916{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":0,"flow_first_seen":1642965500049643,"flow_src_last_pkt_time":1642965500203663,"flow_dst_last_pkt_time":1642965500049643,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":972,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965502810488,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","packets-captured":11977,"packets-processed":11977,"total-skipped-flows":0,"total-l4-payload-len":8482462,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":5,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1642965502810488}
+00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1642965460359314,"flow_src_last_pkt_time":1642965460567026,"flow_dst_last_pkt_time":1642965460546926,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":125,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":385,"flow_dst_tot_l4_payload_len":58,"midstream":0,"thread_ts_usec":1642965460567026,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP.Zoom","proto_id":"87.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
+02176{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":497,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1642965460219455,"flow_src_last_pkt_time":1642965460877104,"flow_dst_last_pkt_time":1642965460887928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":161,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":1490,"flow_dst_tot_l4_payload_len":1734,"midstream":0,"thread_ts_usec":1642965460887928,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":12,"avg":42778.1,"max":176446,"stddev":48878.6,"var":2389121792.0,"ent":4.1,"data": [98469,176446,124,85491,9538,94754,12,99878,94166,12337,1946,12440,20627,16992,20131,168367,18000,3631,10879,10252,19350,32137,20903,115345,15,17844,18745,20098,20216,21487,85502]},"pktlen": {"min":46,"avg":129.0,"max":189,"stddev":35.8,"var":1279.8,"ent":4.9,"data": [151,151,72,46,156,156,72,46,156,88,88,161,164,154,149,145,116,88,149,92,143,144,134,135,166,189,116,150,148,143,144,116]},"bins": {"c_to_s": [0,0,1,6,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,5,3,8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,0,0,1,0,0,0,0,1],"entropies": [5.774950981,5.795780182,4.871791363,4.390829086,5.589504242,5.647461891,4.816236019,4.390829086,5.513776779,4.672714233,4.717865467,5.984676361,5.988471985,5.890224934,5.750802994,5.721282959,5.103803158,4.742203236,5.809841633,4.711098671,5.716365814,5.704583168,5.625706196,5.615069389,6.022024632,6.167570114,5.279437542,5.717482567,5.684329510,5.700431347,5.688298225,5.216770172]},"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP.Zoom","proto_id":"87.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
+02145{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":541,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1642965460359314,"flow_src_last_pkt_time":1642965461085374,"flow_dst_last_pkt_time":1642965461081424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":1257,"flow_dst_tot_l4_payload_len":755,"midstream":0,"thread_ts_usec":1642965461085374,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":46715.2,"max":187597,"stddev":42950.9,"var":1844783744.0,"ent":4.3,"data": [102087,187597,15,105625,59,93505,28,87640,70667,56,105994,30,21517,32815,58979,18,48377,5541,49496,50209,26,8,55223,45719,56325,52361,22,59786,52118,47745,58582]},"pktlen": {"min":46,"avg":91.1,"max":171,"stddev":44.6,"var":1993.4,"ent":4.8,"data": [153,153,72,46,163,163,72,46,163,163,163,103,103,55,55,171,55,55,103,55,103,103,55,55,55,55,103,55,55,55,55,55]},"bins": {"c_to_s": [7,0,0,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,1,1,0,0,0,1,1,0,1,0,0,1,1,0,1,1,1,0,1,0,1,1,0,1,1,0],"entropies": [5.810314178,5.912507057,4.833528996,4.303872585,5.517835140,5.506913185,4.805751324,4.390829086,5.576398373,5.539088726,5.561493397,4.442456245,4.487634182,3.597789288,3.852133274,5.482311726,3.597789288,3.888496876,4.520360470,3.744285822,4.494622231,4.547106743,3.853325367,3.707922220,3.961224079,3.671558619,4.547106743,3.924860477,3.671558380,3.888496876,3.924860477,3.707922220]},"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP.Zoom","proto_id":"87.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00726{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3265,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642965500049643,"flow_src_last_pkt_time":1642965500049643,"flow_dst_last_pkt_time":1642965500049643,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965500049643,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5}
+00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3265,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1642965500049643,"flow_dst_last_pkt_time":1642965500049643,"flow_idle_time":140000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1642965500049643,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4064AAEABCl\/AqAGykMNJmgMD9zUAAAAARQAAdCt\/QAAxEYFCkMNJmsCoAbIiYeMFAGAAAA=="}
+00893{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3265,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642965500049643,"flow_src_last_pkt_time":1642965500049643,"flow_dst_last_pkt_time":1642965500049643,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965500049643,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":4.253434}}
+00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3280,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1642965500122905,"flow_dst_last_pkt_time":1642965500049643,"flow_idle_time":140000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1642965500122905,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4LGAAAEABsa3AqAGykMNJmgMD9v4AAAAARQAAqyu6QAAxEYDQkMNJmsCoAbIiYeMFAJcAAA=="}
+00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3282,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1642965500142650,"flow_dst_last_pkt_time":1642965500049643,"flow_idle_time":140000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1642965500142650,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4FhoAAEABx\/PAqAGykMNJmgMD9vsAAAAARQAArivCQAAxEYDFkMNJmsCoAbIiYeMFAJoAAA=="}
+00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3286,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1642965500163013,"flow_dst_last_pkt_time":1642965500049643,"flow_idle_time":140000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1642965500163013,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA40jgAAEABC9XAqAGykMNJmgMD9vMAAAAARQAAtivQQAAxEYCvkMNJmsCoAbIiYeMFAKIAAA=="}
+00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3289,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1642965500183367,"flow_dst_last_pkt_time":1642965500049643,"flow_idle_time":140000000,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1642965500183367,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4vE0AAEABIcDAqAGykMNJmgMD9m8AAAAARQABOivdQAAxEYAekMNJmsCoAbIiYeMFASYAAA=="}
+00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3396,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":44,"flow_first_seen":1642965460359314,"flow_src_last_pkt_time":1642965500043016,"flow_dst_last_pkt_time":1642965498034804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":3423,"flow_dst_tot_l4_payload_len":2664,"midstream":0,"thread_ts_usec":1642965502810488,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP.Zoom","proto_id":"87.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
+01101{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3396,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":491,"flow_dst_packets_processed":411,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965502810385,"flow_dst_last_pkt_time":1642965502810488,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":76227,"flow_dst_tot_l4_payload_len":31503,"midstream":0,"thread_ts_usec":1642965502810488,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3396,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1283,"flow_dst_packets_processed":947,"flow_first_seen":1642965460219455,"flow_src_last_pkt_time":1642965500042137,"flow_dst_last_pkt_time":1642965500203618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":334,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":248698,"flow_dst_tot_l4_payload_len":119844,"midstream":0,"thread_ts_usec":1642965502810488,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP.Zoom","proto_id":"87.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3396,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":128,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965460910859,"flow_dst_last_pkt_time":1642965460909060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1036,"flow_dst_max_l4_payload_len":1237,"flow_src_tot_l4_payload_len":39998,"flow_dst_tot_l4_payload_len":124385,"midstream":0,"thread_ts_usec":1642965502810488,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP.Zoom","proto_id":"87.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00914{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3396,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1642965500049643,"flow_src_last_pkt_time":1642965500203663,"flow_dst_last_pkt_time":1642965500049643,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965502810488,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3396,"source":"zoom2.pcap","alias":"nDPId-test","packets-captured":3396,"packets-processed":3396,"total-skipped-flows":0,"total-l4-payload-len":646958,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":49,"global_ts_usec":1642965502810488}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
-~~ packets captured/processed: 11977/11977
+~~ packets captured/processed: 3396/3396
 ~~ skipped flows.............: 0
-~~ total layer4 data length..: 8482462 bytes
+~~ total layer4 data length..: 646958 bytes
 ~~ total detected protocols..: 5
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6779564 bytes
-~~ total memory freed........: 6779564 bytes
-~~ total allocations/frees...: 134467/134467
+~~ total memory allocated....: 6535652 bytes
+~~ total memory freed........: 6535652 bytes
+~~ total allocations/frees...: 125896/125896
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 490 chars
 ~~ json string max len.......: 2288 chars
diff --git a/test/results/zoom_p2p.pcapng.out b/test/results/zoom_p2p.pcapng.out
new file mode 100644
index 000000000..06e8a3654
--- /dev/null
+++ b/test/results/zoom_p2p.pcapng.out
@@ -0,0 +1,149 @@
+00490{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zoom_p2p.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"zoom_p2p.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1666892468833699}
+00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892468833699,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1666892468833699,"pkt":"\/\/\/\/\/\/\/\/CL6sCxduCABFAACgYTNAAEARPsnAqAwBwKgM\/0RcRFwAjEIMeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMjY2OTI4NTUzNTE0MjEyNTAyMDcwOTgyNTg4NDgzOTQ4ODczODcsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFs5MjQ0NjQxN119"}
+00914{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892468833699,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1666892498843228,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1666892498843228,"pkt":"\/\/\/\/\/\/\/\/CL6sCxduCABFAACgfUNAAEARIrnAqAwBwKgM\/0RcRFwAjEIMeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMjY2OTI4NTUzNTE0MjEyNTAyMDcwOTgyNTg4NDgzOTQ4ODczODcsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFs5MjQ0NjQxN119"}
+00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892508718573,"flow_src_last_pkt_time":1666892508718573,"flow_dst_last_pkt_time":1666892508718573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":141,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892508718573,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1666892508718573,"flow_dst_last_pkt_time":1666892508718573,"flow_idle_time":200000000,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"thread_ts_usec":1666892508718573,"pkt":"AQBeAAD7CL6sCxduCABFAACp0bJAAP8R++vAqAwB4AAA+xTpFOkAlZuwAAAAAAAJAAAAAAAABV9pcHBzBF90Y3AFbG9jYWwAAAwAAQRfZnRwwBIADAABB193ZWJkYXbAEgAMAAEIX3dlYmRhdnPAEgAMAAEJX3NmdHAtc3NowBIADAABBF9zbWLAEgAMAAELX2FmcG92ZXJ0Y3DAEgAMAAEEX25mc8ASAAwAAQRfaXBwwBIADAAB"}
+00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892508718573,"flow_src_last_pkt_time":1666892508718573,"flow_dst_last_pkt_time":1666892508718573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":141,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892508718573,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","mdns": {}}}
+00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1666892528852605,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1666892528852605,"pkt":"\/\/\/\/\/\/\/\/CL6sCxduCABFAACgjQpAAEAREvLAqAwBwKgM\/0RcRFwAjEIMeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMjY2OTI4NTUzNTE0MjEyNTAyMDcwOTgyNTg4NDgzOTQ4ODczODcsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFs5MjQ0NjQxN119"}
+00955{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892528852605,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":396,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892528852605,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1666892558863230,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1666892558863230,"pkt":"\/\/\/\/\/\/\/\/CL6sCxduCABFAACglepAAEARChLAqAwBwKgM\/0RcRFwAjEIMeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMjY2OTI4NTUzNTE0MjEyNTAyMDcwOTgyNTg4NDgzOTQ4ODczODcsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFs5MjQ0NjQxN119"}
+00761{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892508718573,"flow_src_last_pkt_time":1666892508718573,"flow_dst_last_pkt_time":1666892508718573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":141,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892558863230,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1666892588871798,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1666892588871798,"pkt":"\/\/\/\/\/\/\/\/CL6sCxduCABFAACgstxAAEAR7R\/AqAwBwKgM\/0RcRFwAjEIMeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMjY2OTI4NTUzNTE0MjEyNTAyMDcwOTgyNTg4NDgzOTQ4ODczODcsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFs5MjQ0NjQxN119"}
+00955{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":7,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892588871798,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892588871798,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+00761{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":8,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892508718573,"flow_src_last_pkt_time":1666892508718573,"flow_dst_last_pkt_time":1666892508718573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":141,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892618882757,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892633743872,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633743872,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1666892633743872,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892633743872,"pkt":"CL6sCxduJjb1W8R1CABFAABIOSEAAEARTXPAqAyczvdX1ZiZDZYANLFQAAEAGPylwjKz2lsgZSGfQY6bPhoBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
+01001{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892633743872,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633743872,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":0}}}
+00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633744357,"flow_src_last_pkt_time":1666892633744357,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633744357,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":38453,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1666892633744357,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892633744357,"pkt":"CL6sCxduJjb1W8R1CABFAABIOSIAAEARTXLAqAyczvdX1ZY1DZYANGmLAAEAGNROrGuDSSg3DJfkQhb6tQYBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
+01001{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633744357,"flow_src_last_pkt_time":1666892633744357,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633744357,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":38453,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
+00730{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633842799,"flow_src_last_pkt_time":1666892633842799,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633842799,"l3_proto":"ip4","src_ip":"206.247.87.213","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5}
+00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1666892633842799,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892633842799,"pkt":"Jjb1W8R1CL6sCxduCABFAABkWM0AACoBQ7vO91fVwKgMnAMK8UwAAAAARQAASDkhAAAvEV5zwKgMnM73V9WYmQ2WADSxUAABABj8pcIys9pbIGUhn0GOmz4aAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"}
+00897{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633842799,"flow_src_last_pkt_time":1666892633842799,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633842799,"l3_proto":"ip4","src_ip":"206.247.87.213","dst_ip":"192.168.12.156","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.315078}}
+00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1666892633842855,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892633842855,"pkt":"Jjb1W8R1CL6sCxduCABFAABkWM4AACoBQ7rO91fVwKgMnAMK8UwAAAAARQAASDkiAAAvEV5ywKgMnM73V9WWNQ2WADRpiwABABjUTqxrg0koNwyX5EIW+rUGAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"}
+00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1666892635753795,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892635753795,"pkt":"CL6sCxduJjb1W8R1CABFAABIOTUAAEARTV\/AqAyczvdX1ZiZDZYANLFQAAEAGPylwjKz2lsgZSGfQY6bPhoBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1666892635753953,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892635753953,"pkt":"CL6sCxduJjb1W8R1CABFAABIOTYAAEARTV7AqAyczvdX1ZY1DZYANGmLAAEAGNROrGuDSSg3DJfkQhb6tQYBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
+00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1666892635852576,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892635852576,"pkt":"Jjb1W8R1CL6sCxduCABFAABkWqYAACoBQeLO91fVwKgMnAMK8UwAAAAARQAASDk1AAAvEV5fwKgMnM73V9WYmQ2WADSxUAABABj8pcIys9pbIGUhn0GOmz4aAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"}
+00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1666892635852609,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892635852609,"pkt":"Jjb1W8R1CL6sCxduCABFAABkWqcAACoBQeHO91fVwKgMnAMK8UwAAAAARQAASDk2AAAvEV5ewKgMnM73V9WWNQ2WADRpiwABABjUTqxrg0koNwyX5EIW+rUGAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"}
+00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1666892636812000,"flow_dst_last_pkt_time":1666892508718573,"flow_idle_time":200000000,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"thread_ts_usec":1666892636812000,"pkt":"AQBeAAD7CL6sCxduCABFAACp7TxAAP8R4GHAqAwB4AAA+xTpFOkAlZuwAAAAAAAJAAAAAAAABV9pcHBzBF90Y3AFbG9jYWwAAAwAAQRfZnRwwBIADAABB193ZWJkYXbAEgAMAAEIX3dlYmRhdnPAEgAMAAEJX3NmdHAtc3NowBIADAABBF9zbWLAEgAMAAELX2FmcG92ZXJ0Y3DAEgAMAAEEX25mc8ASAAwAAQRfaXBwwBIADAAB"}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1666892637730612,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892637730612,"pkt":"CL6sCxduJjb1W8R1CABFAABIOYoAAEARTQrAqAyczvdX1ZiZDZYANLFQAAEAGPylwjKz2lsgZSGfQY6bPhoBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1666892637730829,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892637730829,"pkt":"CL6sCxduJjb1W8R1CABFAABIOYsAAEARTQnAqAyczvdX1ZY1DZYANGmLAAEAGNROrGuDSSg3DJfkQhb6tQYBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1666892639751068,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892639751068,"pkt":"CL6sCxduJjb1W8R1CABFAABIOgcAAEARTI3AqAyczvdX1ZiZDZYANLFQAAEAGPylwjKz2lsgZSGfQY6bPhoBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1666892639751265,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892639751265,"pkt":"CL6sCxduJjb1W8R1CABFAABIOggAAEARTIzAqAyczvdX1ZY1DZYANGmLAAEAGNROrGuDSSg3DJfkQhb6tQYBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1666892641776721,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892641776721,"pkt":"CL6sCxduJjb1W8R1CABFAABIOn0AAEARTBfAqAyczvdX1ZiZDZYANLFQAAEAGPylwjKz2lsgZSGfQY6bPhoBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
+00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1666892641781090,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892641781090,"pkt":"CL6sCxduJjb1W8R1CABFAABIOn4AAEARTBbAqAyczvdX1ZY1DZYANGmLAAEAGNROrGuDSSg3DJfkQhb6tQYBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
+00956{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":23,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892618882757,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892641781090,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1666892657972027,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892657972027,"pkt":"Jjb1W8R1CL6sCxduCABFAABkhkgAACoBFkDO91fVwKgMnAMK8UwAAAAARQAASD6zAAAvEVjhwKgMnM73V9WYmQ2WADSxUAABABj8pcIys9pbIGUhn0GOmz4aAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"}
+00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892673725028,"flow_src_last_pkt_time":1666892673725028,"flow_dst_last_pkt_time":1666892673725028,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":85,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892673725028,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.1.226","src_port":38453,"dst_port":41036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1666892673725028,"flow_dst_last_pkt_time":1666892673725028,"flow_idle_time":200000000,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1666892673725028,"pkt":"CL6sCxduJjb1W8R1CABFAABxyIgAAEARIiXAqAycwKgB4pY1oEwAXRyMHwIBAAgAAQAEAFybY3sAAABkAAAAYqBMAAAADTE5Mi4xNjguMS4yMjYAAAAkQUYwNjVEODgtQUE5Qi00QTgxLTgwQTQtQjg1Q0QzNDFCOTIxAAAAAA=="}
+00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1666892673725248,"flow_dst_last_pkt_time":1666892673725028,"flow_idle_time":200000000,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1666892673725248,"pkt":"CL6sCxduJjb1W8R1CABFAABxyIkAAEARIiTAqAycwKgB4pY1oEwAXadLHwIBAAgAAQAEANjXXNwAAAAHAAAAYqBMAAAADTE5Mi4xNjguMS4yMjYAAAAkQUYwNjVEODgtQUE5Qi00QTgxLTgwQTQtQjg1Q0QzNDFCOTIxAAAAAA=="}
+00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1666892673725547,"flow_dst_last_pkt_time":1666892673725028,"flow_idle_time":200000000,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1666892673725547,"pkt":"CL6sCxduJjb1W8R1CABFAABxyIoAAEARIiPAqAycwKgB4pY1oEwAXYkzHwIBAAgAAQAEAIBz0vsAAABkAAAAYqBMAAAADTE5Mi4xNjguMS4yMjYAAAAkQUYwNjVEODgtQUE5Qi00QTgxLTgwQTQtQjg1Q0QzNDFCOTIxAAAAAA=="}
+00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1666892673757876,"flow_dst_last_pkt_time":1666892673725028,"flow_idle_time":200000000,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1666892673757876,"pkt":"CL6sCxduJjb1W8R1CABFAABxyIsAAEARIiLAqAycwKgB4pY1oEwAXXrZHwIBAAgAAQAEAFzqBN8AAABkAAAAYqBMAAAADTE5Mi4xNjguMS4yMjYAAAAkQUYwNjVEODgtQUE5Qi00QTgxLTgwQTQtQjg1Q0QzNDFCOTIxAAAAAA=="}
+00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1666892673789642,"flow_dst_last_pkt_time":1666892673725028,"flow_idle_time":200000000,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1666892673789642,"pkt":"CL6sCxduJjb1W8R1CABFAABxyIwAAEARIiHAqAycwKgB4pY1oEwAXVN0HwIBAAgAAQAEAEyhPI0AAABkAAAAYqBMAAAADTE5Mi4xNjguMS4yMjYAAAAkQUYwNjVEODgtQUE5Qi00QTgxLTgwQTQtQjg1Q0QzNDFCOTIxAAAAAA=="}
+00922{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":68,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1666892633842799,"flow_src_last_pkt_time":1666892672143395,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892673789642,"l3_proto":"ip4","src_ip":"206.247.87.213","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00762{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":68,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1666892508718573,"flow_src_last_pkt_time":1666892636812000,"flow_dst_last_pkt_time":1666892508718573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892673789642,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892675237560,"flow_src_last_pkt_time":1666892675237560,"flow_dst_last_pkt_time":1666892675237560,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":85,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892675237560,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.1.226","src_port":39065,"dst_port":46757,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1666892675237560,"flow_dst_last_pkt_time":1666892675237560,"flow_idle_time":200000000,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1666892675237560,"pkt":"CL6sCxduJjb1W8R1CABFAABxyQcAAEARIabAqAycwKgB4piZtqUAXVDbHwIBAAgAAQAEAE4VDvgAAAAHAAAAY7alAAAADTE5Mi4xNjguMS4yMjYAAAAkQUYwNjVEODgtQUE5Qi00QTgxLTgwQTQtQjg1Q0QzNDFCOTIxAAAAAA=="}
+00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1666892675237560,"flow_dst_last_pkt_time":1666892675245954,"flow_idle_time":200000000,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1666892675245954,"pkt":"Jjb1W8R1CL6sCxduCABFAABxEcUAAD8R2ejAqAHiwKgMnLalmJkAXSbfHwIBAAQAAQAIAOKlwW4AAAAIAAAAY5iZAAAADTE5Mi4xNjguMS4xMjgAAAAkQUYwNjVEODgtQUE5Qi00QTgxLTgwQTQtQjg1Q0QzNDFCOTIxAAAAAA=="}
+00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1666892675247719,"flow_dst_last_pkt_time":1666892675245954,"flow_idle_time":200000000,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1666892675247719,"pkt":"CL6sCxduJjb1W8R1CABFAABxyQgAAEARIaXAqAycwKgB4piZtqUAXcEmHwIBAAgAAQAEAKU0R4MAAAARAAAAY7alAAAADTE5Mi4xNjguMS4yMjYAAAAkQUYwNjVEODgtQUE5Qi00QTgxLTgwQTQtQjg1Q0QzNDFCOTIxAAAAAA=="}
+00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1666892675247719,"flow_dst_last_pkt_time":1666892675257992,"flow_idle_time":200000000,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1666892675257992,"pkt":"Jjb1W8R1CL6sCxduCABFAABxEcYAAD8R2efAqAHiwKgMnLalmJkAXdfvHwIBAAQAAQAIAJS5XkAAAAASAAAAY5iZAAAADTE5Mi4xNjguMS4xMjgAAAAkQUYwNjVEODgtQUE5Qi00QTgxLTgwQTQtQjg1Q0QzNDFCOTIxAAAAAA=="}
+00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1666892675247719,"flow_dst_last_pkt_time":1666892675258045,"flow_idle_time":200000000,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1666892675258045,"pkt":"Jjb1W8R1CL6sCxduCABFAABxEccAAD8R2ebAqAHiwKgMnLalmJkAXdfvHwIBAAQAAQAIAJS5XkAAAAASAAAAY5iZAAAADTE5Mi4xNjguMS4xMjgAAAAkQUYwNjVEODgtQUE5Qi00QTgxLTgwQTQtQjg1Q0QzNDFCOTIxAAAAAA=="}
+02012{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":99,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1666892675237560,"flow_src_last_pkt_time":1666892675646012,"flow_dst_last_pkt_time":1666892675643750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1028,"flow_dst_max_l4_payload_len":1249,"flow_src_tot_l4_payload_len":10188,"flow_dst_tot_l4_payload_len":10473,"midstream":0,"thread_ts_usec":1666892675646012,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.1.226","src_port":39065,"dst_port":46757,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":50,"avg":26278.8,"max":88605,"stddev":20740.6,"var":430173408.0,"ent":4.5,"data": [8394,10159,12038,53,14255,4983,17542,37266,28360,52475,28978,88605,223,71337,10758,22416,50,28514,48671,32496,39006,13417,192,30154,24517,22794,31770,53366,31819,40077,9957]},"pktlen": {"min":113,"avg":673.7,"max":1277,"stddev":485.6,"var":235788.4,"ent":4.5,"data": [113,113,113,113,113,113,113,113,113,113,113,1246,1056,1056,1246,800,1245,119,1245,800,800,1245,800,799,118,831,1245,1277,1043,1043,1257,1043]},"bins": {"c_to_s": [0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,1,0,0,0,0,0,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,1,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,1,0,1,1,0,1,0,0,1,0,1,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0],"entropies": [4.879871845,4.806567192,4.780356884,4.859664917,4.859664917,4.837792873,4.824266434,4.879871845,4.824266434,4.806567192,4.815755367,7.809407711,0.496801347,0.516033888,7.832608223,7.657176495,7.832114697,5.751297951,7.815535069,7.718434811,7.700232506,7.835743904,7.666582108,7.693008900,5.751585960,7.688401699,7.843828678,7.832822323,7.774564743,7.788288593,7.829477787,7.789775848]}}
+00939{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":99,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1666892675237560,"flow_src_last_pkt_time":1666892675646012,"flow_dst_last_pkt_time":1666892675643750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1028,"flow_dst_max_l4_payload_len":1249,"flow_src_tot_l4_payload_len":10188,"flow_dst_tot_l4_payload_len":10473,"midstream":0,"thread_ts_usec":1666892675646012,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.1.226","src_port":39065,"dst_port":46757,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1666892675237560,"flow_src_last_pkt_time":1666892675646012,"flow_dst_last_pkt_time":1666892675643750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1028,"flow_dst_max_l4_payload_len":1249,"flow_src_tot_l4_payload_len":10188,"flow_dst_tot_l4_payload_len":10473,"midstream":0,"thread_ts_usec":1666892675646012,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.1.226","src_port":39065,"dst_port":46757,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":391,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892633744357,"flow_src_last_pkt_time":1666892672045159,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892678903561,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":38453,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":391,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892672044867,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892678903561,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00923{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":392,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1666892633842799,"flow_src_last_pkt_time":1666892672143395,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892708913171,"l3_proto":"ip4","src_ip":"206.247.87.213","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00958{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":392,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892708913171,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892708913171,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+00767{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":393,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1666892673725028,"flow_src_last_pkt_time":1666892673789642,"flow_dst_last_pkt_time":1666892673725028,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":425,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892738926234,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.1.226","src_port":38453,"dst_port":41036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00923{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":393,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1666892633842799,"flow_src_last_pkt_time":1666892672143395,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892738926234,"l3_proto":"ip4","src_ip":"206.247.87.213","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":393,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":148,"flow_dst_packets_processed":174,"flow_first_seen":1666892675237560,"flow_src_last_pkt_time":1666892676884711,"flow_dst_last_pkt_time":1666892676905769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1227,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":102457,"flow_dst_tot_l4_payload_len":103149,"midstream":0,"thread_ts_usec":1666892738926234,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.1.226","src_port":39065,"dst_port":46757,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00763{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":393,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1666892508718573,"flow_src_last_pkt_time":1666892636812000,"flow_dst_last_pkt_time":1666892508718573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892738926234,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":393,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892633744357,"flow_src_last_pkt_time":1666892672045159,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892738926234,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":38453,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":393,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892672044867,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892738926234,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00923{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":394,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1666892633842799,"flow_src_last_pkt_time":1666892672143395,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892768936597,"l3_proto":"ip4","src_ip":"206.247.87.213","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00959{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":394,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892768936597,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892768936597,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+00921{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":395,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1666892633842799,"flow_src_last_pkt_time":1666892672143395,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892798948041,"l3_proto":"ip4","src_ip":"206.247.87.213","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00767{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1666892673725028,"flow_src_last_pkt_time":1666892673789642,"flow_dst_last_pkt_time":1666892673725028,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":425,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892798948041,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.1.226","src_port":38453,"dst_port":41036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":148,"flow_dst_packets_processed":174,"flow_first_seen":1666892675237560,"flow_src_last_pkt_time":1666892676884711,"flow_dst_last_pkt_time":1666892676905769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1227,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":102457,"flow_dst_tot_l4_payload_len":103149,"midstream":0,"thread_ts_usec":1666892798948041,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.1.226","src_port":39065,"dst_port":46757,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00763{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1666892508718573,"flow_src_last_pkt_time":1666892636812000,"flow_dst_last_pkt_time":1666892508718573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892798948041,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892633744357,"flow_src_last_pkt_time":1666892672045159,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892798948041,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":38453,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892672044867,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892798948041,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00761{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":396,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1666892508718573,"flow_src_last_pkt_time":1666892636812000,"flow_dst_last_pkt_time":1666892508718573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892828955061,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00959{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":396,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892828955061,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1716,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892828955061,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+00927{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":397,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1666892673725028,"flow_src_last_pkt_time":1666892673789642,"flow_dst_last_pkt_time":1666892673725028,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":425,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892858965490,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.1.226","src_port":38453,"dst_port":41036,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00765{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":397,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1666892673725028,"flow_src_last_pkt_time":1666892673789642,"flow_dst_last_pkt_time":1666892673725028,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":425,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892858965490,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.1.226","src_port":38453,"dst_port":41036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":397,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":148,"flow_dst_packets_processed":174,"flow_first_seen":1666892675237560,"flow_src_last_pkt_time":1666892676884711,"flow_dst_last_pkt_time":1666892676905769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1227,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":102457,"flow_dst_tot_l4_payload_len":103149,"midstream":0,"thread_ts_usec":1666892858965490,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"192.168.1.226","src_port":39065,"dst_port":46757,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":397,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892633744357,"flow_src_last_pkt_time":1666892672045159,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892858965490,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":38453,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":397,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892672044867,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892858965490,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892883463041,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463041,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1666892883463041,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892883463041,"pkt":"CL6sCxduJjb1W8R1CABFAABInAUAAEARN2fAqAyczvcK\/cGrDZYAND6kAAEAGHYXPCtl23wOrVMBeFlUmRIBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
+01003{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892883463041,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463041,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":0}}}
+00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463255,"flow_src_last_pkt_time":1666892883463255,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463255,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":42208,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1666892883463255,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892883463255,"pkt":"CL6sCxduJjb1W8R1CABFAABInAYAAEARN2bAqAyczvcK\/aTgDZYANPrWAAEAGLBQbSBUGckYObqWWsHyyUwBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
+01003{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463255,"flow_src_last_pkt_time":1666892883463255,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463255,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":42208,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}}
+00732{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883560468,"flow_src_last_pkt_time":1666892883560468,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883560468,"l3_proto":"ip4","src_ip":"206.247.10.253","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5}
+00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1666892883560468,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892883560468,"pkt":"Jjb1W8R1CL6sCxduCABFAABkE1oAACoB1gbO9wr9wKgMnAMKpHQAAAAARQAASJwFAAAvEUhnwKgMnM73Cv3Bqw2WADQ+pAABABh2FzwrZdt8Dq1TAXhZVJkSAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"}
+00899{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883560468,"flow_src_last_pkt_time":1666892883560468,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883560468,"l3_proto":"ip4","src_ip":"206.247.10.253","dst_ip":"192.168.12.156","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.318754}}
+00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1666892883560509,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892883560509,"pkt":"Jjb1W8R1CL6sCxduCABFAABkE1sAACoB1gXO9wr9wKgMnAMKpHQAAAAARQAASJwGAAAvEUhmwKgMnM73Cv2k4A2WADT61gABABiwUG0gVBnJGDm6llrB8slMAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1666892885486853,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892885486853,"pkt":"CL6sCxduJjb1W8R1CABFAABInKwAAEARNsDAqAyczvcK\/cGrDZYAND6kAAEAGHYXPCtl23wOrVMBeFlUmRIBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
+00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1666892885487101,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892885487101,"pkt":"CL6sCxduJjb1W8R1CABFAABInK0AAEARNr\/AqAyczvcK\/aTgDZYANPrWAAEAGLBQbSBUGckYObqWWsHyyUwBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
+00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1666892885583770,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892885583770,"pkt":"Jjb1W8R1CL6sCxduCABFAABkGzEAACoBzi\/O9wr9wKgMnAMKpHQAAAAARQAASJytAAAvEUe\/wKgMnM73Cv2k4A2WADT61gABABiwUG0gVBnJGDm6llrB8slMAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"}
+00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1666892885583814,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892885583814,"pkt":"Jjb1W8R1CL6sCxduCABFAABkGzIAACoBzi7O9wr9wKgMnAMKpHQAAAAARQAASJysAAAvEUfAwKgMnM73Cv3Bqw2WADQ+pAABABh2FzwrZdt8Dq1TAXhZVJkSAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1666892887508490,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892887508490,"pkt":"CL6sCxduJjb1W8R1CABFAABInUcAAEARNiXAqAyczvcK\/cGrDZYAND6kAAEAGHYXPCtl23wOrVMBeFlUmRIBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1666892887510737,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892887510737,"pkt":"CL6sCxduJjb1W8R1CABFAABInUgAAEARNiTAqAyczvcK\/aTgDZYANPrWAAEAGLBQbSBUGckYObqWWsHyyUwBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
+00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1666892887605358,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892887605358,"pkt":"Jjb1W8R1CL6sCxduCABFAABkIpcAACoBxsnO9wr9wKgMnAMKpHQAAAAARQAASJ1HAAAvEUclwKgMnM73Cv3Bqw2WADQ+pAABABh2FzwrZdt8Dq1TAXhZVJkSAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1666892889516492,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892889516492,"pkt":"CL6sCxduJjb1W8R1CABFAABInb8AAEARNa3AqAyczvcK\/cGrDZYAND6kAAEAGHYXPCtl23wOrVMBeFlUmRIBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1666892889516733,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892889516733,"pkt":"CL6sCxduJjb1W8R1CABFAABIncAAAEARNazAqAyczvcK\/aTgDZYANPrWAAEAGLBQbSBUGckYObqWWsHyyUwBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1666892891530509,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892891530509,"pkt":"CL6sCxduJjb1W8R1CABFAABInkQAAEARNSjAqAyczvcK\/cGrDZYAND6kAAEAGHYXPCtl23wOrVMBeFlUmRIBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
+00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1666892891530651,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892891530651,"pkt":"CL6sCxduJjb1W8R1CABFAABInkUAAEARNSfAqAyczvcK\/aTgDZYANPrWAAEAGLBQbSBUGckYObqWWsHyyUwBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
+00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892892848004,"flow_src_last_pkt_time":1666892892848004,"flow_dst_last_pkt_time":1666892892848004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":141,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892892848004,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1666892892848004,"flow_dst_last_pkt_time":1666892892848004,"flow_idle_time":200000000,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"thread_ts_usec":1666892892848004,"pkt":"AQBeAAD7CL6sCxduCABFAACp79dAAP8R3cbAqAwB4AAA+xTpFOkAlZuwAAAAAAAJAAAAAAAABV9pcHBzBF90Y3AFbG9jYWwAAAwAAQRfZnRwwBIADAABB193ZWJkYXbAEgAMAAEIX3dlYmRhdnPAEgAMAAEJX3NmdHAtc3NowBIADAABBF9zbWLAEgAMAAELX2FmcG92ZXJ0Y3DAEgAMAAEEX25mc8ASAAwAAQRfaXBwwBIADAAB"}
+00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892892848004,"flow_src_last_pkt_time":1666892892848004,"flow_dst_last_pkt_time":1666892892848004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":141,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892892848004,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","mdns": {}}}
+00959{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":419,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892888976960,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1980,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892892848004,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+02145{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":462,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1666892883560468,"flow_src_last_pkt_time":1666892913745701,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892913745701,"l3_proto":"ip4","src_ip":"206.247.10.253","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":12,"avg":973717.2,"max":2030871,"stddev":1005257.0,"var":1010541658112.0,"ent":3.9,"data": [41,2023261,44,2021544,37,2008437,21,2013453,36,1994813,23,2022454,40,1990669,67,2022201,30,2021984,58,1995365,12,2020200,29,2002242,3110,1996909,3099,2014147,17,2030871,19]},"pktlen": {"min":100,"avg":100.0,"max":100,"stddev":0.0,"var":0.0,"ent":5.0,"data": [100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100]},"bins": {"c_to_s": [0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.350244999,5.278791904,5.243694782,5.287598610,5.377793789,5.326340675,5.377793789,5.318793297,5.397793770,5.262695789,5.298792839,5.370244980,5.291243553,5.322695732,5.318792820,5.350244999,5.318792820,5.377793789,5.278791904,5.330244541,5.317793369,5.286341190,5.271244049,5.322696686,5.377794266,5.326341152,5.318791866,5.357794285,5.377793789,5.326341152,5.397794247,5.346340656]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":480,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892923321165,"flow_src_last_pkt_time":1666892923321165,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892923321165,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":42208,"dst_port":47312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1666892923321165,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1666892923321165,"pkt":"CL6sCxduJjb1W8R1CABFAABwlmcAAEAR\/dHAqAycCk4OsqTguNAAXGjlHwIBAAgAAQAEAFN4+RkAAAAHAAAAYrjQAAAADDEwLjc4LjE0LjE3OAAAACRDNUVBREZBMS1FMkQwLTQxN0UtODdGMi03QjBCRkY0MzkzNjIAAAAA"}
+00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1666892923321371,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1666892923321371,"pkt":"CL6sCxduJjb1W8R1CABFAABwlmgAAEAR\/dDAqAycCk4OsqTguNAAXKRQHwIBAAgAAQAEAPdVGXQAAABkAAAAYrjQAAAADDEwLjc4LjE0LjE3OAAAACRDNUVBREZBMS1FMkQwLTQxN0UtODdGMi03QjBCRkY0MzkzNjIAAAAA"}
+00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1666892923348636,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1666892923348636,"pkt":"CL6sCxduJjb1W8R1CABFAABwlmsAAEAR\/c3AqAycCk4OsqTguNAAXPn3HwIBAAgAAQAEACPKl1gAAABkAAAAYrjQAAAADDEwLjc4LjE0LjE3OAAAACRDNUVBREZBMS1FMkQwLTQxN0UtODdGMi03QjBCRkY0MzkzNjIAAAAA"}
+00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1666892923359882,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1666892923359882,"pkt":"CL6sCxduJjb1W8R1CABFAABwlmwAAEAR\/czAqAycCk4OsqTguNAAXGjlHwIBAAgAAQAEAFN4+RkAAAAHAAAAYrjQAAAADDEwLjc4LjE0LjE3OAAAACRDNUVBREZBMS1FMkQwLTQxN0UtODdGMi03QjBCRkY0MzkzNjIAAAAA"}
+00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1666892923367589,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1666892923367589,"pkt":"CL6sCxduJjb1W8R1CABFAABwlm0AAEAR\/cvAqAycCk4OsqTguNAAXKRQHwIBAAgAAQAEAPdVGXQAAABkAAAAYrjQAAAADDEwLjc4LjE0LjE3OAAAACRDNUVBREZBMS1FMkQwLTQxN0UtODdGMi03QjBCRkY0MzkzNjIAAAAA"}
+00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":504,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892923611662,"flow_src_last_pkt_time":1666892923611662,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892923611662,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":49579,"dst_port":49586,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1666892923611662,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1666892923611662,"pkt":"CL6sCxduJjb1W8R1CABFAABwlosAAEAR\/a3AqAycCk4OssGrwbIAXN0SHwIBAAgAAQAEAEz0XOAAAAAHAAAAY8GyAAAADDEwLjc4LjE0LjE3OAAAACRDNUVBREZBMS1FMkQwLTQxN0UtODdGMi03QjBCRkY0MzkzNjIAAAAA"}
+00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1666892923635445,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1666892923635445,"pkt":"CL6sCxduJjb1W8R1CABFAABwlo8AAEAR\/anAqAycCk4OssGrwbIAXAueHwIBAAgAAQAEAMtPr\/kAAAAHAAAAY8GyAAAADDEwLjc4LjE0LjE3OAAAACRDNUVBREZBMS1FMkQwLTQxN0UtODdGMi03QjBCRkY0MzkzNjIAAAAA"}
+00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1666892923635783,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1666892923635783,"pkt":"CL6sCxduJjb1W8R1CABFAABwlpAAAEAR\/ajAqAycCk4OssGrwbIAXN0SHwIBAAgAAQAEAEz0XOAAAAAHAAAAY8GyAAAADDEwLjc4LjE0LjE3OAAAACRDNUVBREZBMS1FMkQwLTQxN0UtODdGMi03QjBCRkY0MzkzNjIAAAAA"}
+00924{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":510,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":0,"flow_first_seen":1666892883560468,"flow_src_last_pkt_time":1666892921796330,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892923636261,"l3_proto":"ip4","src_ip":"206.247.10.253","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1666892923665584,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1666892923665584,"pkt":"CL6sCxduJjb1W8R1CABFAABwlpMAAEAR\/aXAqAycCk4OssGrwbIAXLY+HwIBAAgAAQAEAJJ1PjMAAAAHAAAAY8GyAAAADDEwLjc4LjE0LjE3OAAAACRDNUVBREZBMS1FMkQwLTQxN0UtODdGMi03QjBCRkY0MzkzNjIAAAAA"}
+00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1666892923667149,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1666892923667149,"pkt":"CL6sCxduJjb1W8R1CABFAABwlpQAAEAR\/aTAqAycCk4OssGrwbIAXN0SHwIBAAgAAQAEAEz0XOAAAAAHAAAAY8GyAAAADDEwLjc4LjE0LjE3OAAAACRDNUVBREZBMS1FMkQwLTQxN0UtODdGMi03QjBCRkY0MzkzNjIAAAAA"}
+01967{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":519,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1666892923321165,"flow_src_last_pkt_time":1666892923731059,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2688,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892923731059,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":42208,"dst_port":47312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":149,"avg":13222.4,"max":52278,"stddev":15933.9,"var":253890336.0,"ent":4.0,"data": [206,27265,11246,7707,6831,1534,149,13289,6864,1707,40450,203,15506,643,33328,247,50821,420,5857,5665,52278,379,7223,2326,22718,234,30994,178,40889,183,22554]},"pktlen": {"min":112,"avg":112.0,"max":112,"stddev":0.0,"var":0.0,"ent":5.0,"data": [112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112]},"bins": {"c_to_s": [0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.994051456,4.951597214,4.994051933,4.994051456,4.976194382,4.976194382,4.994051456,4.958336830,4.976194382,4.994051456,4.958336830,4.994051456,4.958336830,4.994051456,4.976194382,4.994051456,4.976194382,4.994051456,4.951597214,4.994051456,4.976194382,4.994051456,4.958336830,4.994051456,4.976194382,4.994051456,4.976194382,4.994051456,4.958336830,4.994051456,4.976194382,4.994051456]}}
+00929{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":519,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1666892923321165,"flow_src_last_pkt_time":1666892923731059,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2688,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892923731059,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":42208,"dst_port":47312,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1666892923321165,"flow_src_last_pkt_time":1666892923731059,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2688,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892923731059,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":42208,"dst_port":47312,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
+01989{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":590,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1666892923611662,"flow_src_last_pkt_time":1666892924448503,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2688,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892924448503,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":49579,"dst_port":49586,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":338,"avg":26994.9,"max":54779,"stddev":14468.3,"var":209331424.0,"ent":4.7,"data": [23783,338,29801,1565,40495,506,22699,46435,8735,38102,43592,20546,19277,34040,24361,41537,21146,25008,31087,47211,23803,22874,54779,5988,45050,14923,26821,31551,48347,23766,18675]},"pktlen": {"min":112,"avg":112.0,"max":112,"stddev":0.0,"var":0.0,"ent":5.0,"data": [112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112]},"bins": {"c_to_s": [0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.927000046,4.944857121,4.909142494,4.902402878,4.927000046,4.912628174,4.927000046,4.927000046,4.909142494,4.927000046,4.909142494,4.927000046,4.927000046,4.927000046,4.927000046,4.898025990,4.927000046,4.927000046,4.927000046,4.927000046,4.927000046,4.902402401,4.909142494,4.927000046,4.927000046,4.909142494,4.927000046,4.894771099,4.902402401,4.927000046,4.909142494,4.909142494]}}
+00929{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":590,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1666892923611662,"flow_src_last_pkt_time":1666892924448503,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2688,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892924448503,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":49579,"dst_port":49586,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1666892923611662,"flow_src_last_pkt_time":1666892924448503,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2688,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892924448503,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":49579,"dst_port":49586,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00922{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":0,"flow_first_seen":1666892883560468,"flow_src_last_pkt_time":1666892921796330,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"206.247.10.253","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":154,"flow_dst_packets_processed":0,"flow_first_seen":1666892923611662,"flow_src_last_pkt_time":1666892928125663,"flow_dst_last_pkt_time":1666892923611662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12936,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":49579,"dst_port":49586,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892918986914,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463255,"flow_src_last_pkt_time":1666892921699835,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":42208,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00762{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892892848004,"flow_src_last_pkt_time":1666892892848004,"flow_dst_last_pkt_time":1666892892848004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":141,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":130,"flow_dst_packets_processed":0,"flow_first_seen":1666892923321165,"flow_src_last_pkt_time":1666892925565422,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10920,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":42208,"dst_port":47312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892921699571,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
+00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":763,"source":"zoom_p2p.pcapng","alias":"nDPId-test","packets-captured":763,"packets-processed":763,"total-skipped-flows":0,"total-l4-payload-len":240182,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":12,"total-detection-updates":0,"total-updates":27,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":134,"global_ts_usec":1666892928125663}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 763/763
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 240182 bytes
+~~ total detected protocols..: 12
+~~ total active/idle flows...: 13/13
+~~ total timeout flows.......: 0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 6460390 bytes
+~~ total memory freed........: 6460390 bytes
+~~ total allocations/frees...: 123338/123338
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ json string min len.......: 495 chars
+~~ json string max len.......: 2150 chars
+~~ json string avg len.......: 1321 chars
diff --git a/test/run_tests.sh b/test/run_tests.sh
index f0e1d7a17..93526418d 100755
--- a/test/run_tests.sh
+++ b/test/run_tests.sh
@@ -280,7 +280,6 @@ if [ -x "${NDPISRVD_ANALYSED}" ]; then
             test ${IS_GIT} -eq 1 && \
                 mv -v "/tmp/nDPId-test-stdout/${result_file}.csv.new" \
                       "${MYDIR}/results/flow-analyse/${result_file}"
-            cat "/tmp/nDPId-test-stderr/${result_file}"
             TESTS_FAILED=$((TESTS_FAILED + 1))
         fi
     done
@@ -332,7 +331,6 @@ if [ -x "${NDPISRVD_COLLECTD}" ]; then
             test ${IS_GIT} -eq 1 && \
                 mv -v "/tmp/nDPId-test-stdout/${result_file}.stats.new" \
                       "${MYDIR}/results/collectd-stats/${result_file}"
-            cat "/tmp/nDPId-test-stderr/${result_file}"
             TESTS_FAILED=$((TESTS_FAILED + 1))
         fi
     done